Example of a Good Application: Establishing a Real Identity

Subject Email: [email protected]

This example demonstrates a legitimate application that passes identity verification using SpyCloud Investigations Module with AI Insights.

The subject’s identity exhibits clear continuity across multiple digital touch points, historical data, and corroborating evidence.

👇 EXAMPLE RESUME

Example shown for demonstration purposes only. No assumptions should be made about individual behavior or intent.

👇 USE IDLINK ➡️ START WITH_"EMAIL"_ ASSET TYPE

IDLink Analysis Summary

Attribute	SpyCloud Finding
Primary Email	`[email protected]` — confirmed in multiple historical breaches
Employment History	Previous corporate email(s) at `@ebxtech.com` recovered from historical datasets
LinkedIn Presence	Recovered LinkedIn profile (breached metadata) consistent with resume details
Phone Number	Validated Canadian number found in credential recovery flows and breach data
Geolocation	Canada-based IPs (Toronto, Montreal, Vancouver) observed since 2017
Breach Timeline	Records tied to this identity date back to at least 2017

Why This is a Good Identity

Temporal Depth: Identity shows digital presence over 8+ years

Example shown for demonstration purposes only. No assumptions should be made about individual behavior or intent.

Data Consistency: Email, phone, employment, and social metadata all align
Low Risk Indicators: No evidence of geo-fraud, mismatches, or obfuscation
Rich Identity Graph: Connected emails, aliases, logins, and profiles over time

👍

This profile serves as a baseline for what a real, traceable identity should look like during screening workflows. It sharply contrasts with synthetic or manipulated identities that lack historical continuity or corroboration.

Example of a Suspicious Application: Potential Synthetic Identity

Subject Email: [email protected]

This identity was submitted as part of a resume for a job application.
When processed through SpyCloud’s IDLink with AI Insights, multiple inconsistencies and risk indicators emerged — suggesting synthetic identity behavior.

IDLink Analysis Summary

Attribute	SpyCloud Finding
Primary Email	`[email protected]` — no long-term history prior to 2023
Employment History	No prior corporate emails; no tie to claimed work history
LinkedIn Presence	No linked or breached LinkedIn data
Phone Number	Not found in breach or credential recovery flows
Geolocation	IP data inconsistent with stated location
Breach Timeline	No breach records associated before 2023

Example shown for demonstration purposes only. No assumptions should be made about individual behavior or intent.

Red Flags Identified

Lack of History: No exposure before 2023 — likely a newly created identity
Missing Digital Footprint: No supporting social, work, or breach data
No Phone Confirmation: Phone number cannot be validated in SpyCloud dataset
Geo Inconsistency: Location data doesn’t match claimed residence
No Cross-Linkage: Identity graph is sparse or nonexistent

Assessment

This case demonstrates common traits of synthetic or fraudulent identities:

Minimal digital history
No corroborated employment or profile metadata
Region-hopping or masked geolocation behavior

⚠️

Such identities represent high risk and may require deeper investigation, secondary verification, or outright rejection depending on your organization’s risk appetite.

The examples featured in this guide are drawn from real-world breach data to showcase how SpyCloud AI Insights enhances identity investigations. They are intended to demonstrate product capabilities and reflect common patterns our platform uncovers in compromised identity ecosystems.

While based on actual breach intelligence, these case studies are provided for illustrative purposes only. SpyCloud does not make determinations about individual intent or behavior, and the inclusion of specific data points does not imply malicious activity.