Options

IP Address Locations

Dep209Dep209 Member Posts: 3 ■□□□□□□□□□
in Cybersecurity
Hi, I'm not an IT professional, clearly. I'm a police officer looking for tips for a fraud investigation I'm conducting.  The suspect sent the victim emails, only minutes apart, and the IP address locations for these emails are hundreds of miles apart.  Can someone shed light as to how this would happen? Is it IP spoofing? Is that a thing?  Thanks in advance.
· Share on FacebookShare on Twitter

Comments

  • Options
    JDMurrayJDMurray Admin Posts: 13,029 Admin
    edited May 2022
    Someone sending an email typically has no control over the IP address the email originates from. Instead, the source IP address in the email header is determined by the email service used. You can trace an email back to the email server's IP address, but typically not to the actual IP address of the computer used by the person sending the email.
    Also, geo-location via IP address is very inaccurate. The WHOIS database indicates the owner (registrant) of the IP address and not the geo-location of the computer that is actually using the IP address. For example, the IP address you posted from points to Optimum Online of Hicksville, NY, which is the registered owner of the IP address, but you as the actual user of that IP address may not be anywhere near that geo-location. Also, the use of an anonymizing VPN service can make your Internet presence appear to originate from any one of hundreds of locations worldwide.

    Forum Admin at www.techexams.net
    --
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    · Share on FacebookShare on Twitter
  • Options
    Dep209Dep209 Member Posts: 3 ■□□□□□□□□□
    Thank you for the detailed response. This was very helpful.  
    · Share on FacebookShare on Twitter
  • Options
    JDMurrayJDMurray Admin Posts: 13,029 Admin
    No problem! :)

    Forum Admin at www.techexams.net
    --
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    · Share on FacebookShare on Twitter
  • Options
    CaseyWalkerCaseyWalker Member Posts: 5 ■□□□□□□□□□
    In this case, it's possible that the suspect is using a technique called "geo-spoofing" to make it seem like their emails are coming from different locations. They could be using a VPN or a proxy server to route their emails through different IP addresses that are located hundreds of miles apart. One way to potentially track down the suspect would be to look at the email headers and try to trace the route the email took to get to the victim's inbox. This could help you identify the suspect's true location, even if they are using IP spoofing.
    · Share on FacebookShare on Twitter
  • Options
    nighasnighas Member Posts: 7 ■■■□□□□□□□
    just like JDMurray said, it's important to note that IP geolocation is not always accurate and can be spoofed. therefore, it's recommended to use multiple sources and methods to verify the geolocation information.

    · Share on FacebookShare on Twitter
Sign In or Register to comment.