Bad actors hide behind pixelated avatars and disposable handles. Here is how the chain unravels.
- Scams starting on social media accounted for the highest total losses at $1.4 billion in 2023.
- Trust and safety teams rely on IP bans or device fingerprinting, but operators rotate hardware and VPNs.
- Our agents can automate a reverse username search, tracking handle reuse across forgotten forums, dormant Discord servers, and old data to surface real names, locations, and emails in minutes.
On platforms like Roblox, which has 78 million daily active users, more than 40 percent of the user base consists of preteens. Because of strict compliance rules, gaming platforms cannot ask children for their real name, email, or phone number at signup. Every user is an anonymous username and a pixelated avatar.
Since 2018, only 24 people have been arrested for abusing children they met on that specific platform. The reason predators evade capture is simple. Trust and safety teams ban the IP address. The operator boots up a residential proxy. The platform bans the account. The operator registers a new one.
But a username is rarely single-use. The internet is sticky. An operator spinning up a burner account on a gaming platform in 2024 shares behavioral DNA with an account they created on a defunct forum in 2018. They reuse passwords. They leak their own aliases.
This behavior scales across organized fraud rings. Account takeover attacks jumped 354% year-over-year in Q2 2023 across Sift's global network.
A manual reverse username search relies on an analyst plugging that handle into search engines, deep web databases, and known operator registries. The analyst hopes for a match. It works, but it takes days or weeks of cross-referencing. By the time the analyst links a gaming handle to a known fraud ring, the operator has already extracted the funds or moved to a new target.
Finding a real name is only the first phase. The final step of a reverse username search is resolving that identity to a physical jurisdiction and mapping the associated corporate entities.
This is highly relevant in marketplace fraud and intellectual property theft. In 2022, federal authorities cracked a massive counterfeit hardware ring. Onur Aksoy, who used the alias “Dave Durden,” ran a massive scheme trafficking over $1 billion in counterfeit Cisco gear through at least 19 companies and dozens of online storefronts.
Tracing an alias like “Dave Durden” manually through Amazon seller pages and eBay profiles yields fragmented data. The operator registers storefronts under synthetic identities.
Check out social media, Telegram and everywhere else. The proliferation of advertisements that lure consumers into this rabbit hole of fraud is just getting started. Buckle up. — Frank McKenna, Chief Fraud Strategist, Point Predictive
Our agents follow that trail to surface a real name, location, email, and full digital profile from a handle alone. They automate the exact methodology a forensic accountant or federal investigator uses, executing the queries in parallel across thousands of disparate data sources.
Instead of a trust and safety team waiting 31 days for a subpoena response to identify a seller, they see the operator's real name and associated shell companies the moment the account flags for suspicious volume. They identify the operator before the funds leave the platform.
If our agents can find a predator hiding behind a Roblox username, imagine what the graph can do when you need to research a syndicate targeting your onboarding flow.
Full integration docs at docs.sixtyfour.ai.