01
What it is
Source verification is the practice of independently confirming that a contact is who they claim to be, using open-source methods that do not rely on the source's own account. It is distinct from content verification, which asks whether the information is accurate. Both are necessary. Neither substitutes for the other.
Source verification is distinct from content verification. Content verification asks whether a claim, document, or piece of footage is accurate. Source verification asks whether the person behind the claim is who they say they are. Both are necessary, but they require different workflows. A source can provide accurate information while misrepresenting their identity, or can hold genuine credentials while providing false information. The two checks must be run independently.
OSINT-based source verification focuses on what is publicly verifiable: does the claimed identity have a digital footprint consistent with the claimed role and history? Does the contact method the source used match identifiers linked to that identity? Are there signs that the identity was constructed recently or artificially? None of these checks replace direct corroboration, but they establish a baseline of digital depth that distinguishes a genuine long-standing identity from a purpose-built persona.
There is a third check that sits between the two, which most source verification guides do not address: what happens when a source passes all identity checks but their information does not corroborate independently? A verified identity with non-corroborating information is still a problem. This guide covers all three layers.
When to use this guide
- Verifying the identity of an unsolicited contact or whistleblower before engaging further.
- Checking whether a claimed employer, role, or credential is verifiable through public records.
- Assessing whether a profile photo, email address, or social media account is authentic or purpose-built.
- Determining whether a source who passes identity checks is providing information that holds up under independent corroboration.
02
How to verify a source: the OSINT workflow
A five-step workflow from initial digital footprint assessment through employer verification, cross-platform identity mapping, photo analysis, and information corroboration.
The following tools are used across the steps below. All are free unless noted.
LinkedIn: Professional network. The primary platform for verifying claimed employment history, role, employer, and professional tenure. Profile existence, connection count, endorsements, and post history all contribute to digital depth assessment. Free to view public profiles.
Wayback Machine: Internet Archive's web capture service. Used to confirm whether a claimed employer's website, staff page, or publication byline existed at the point the source claims to have held the role. Free.
WhatsMyName: Cross-platform username search tool. Used to map the source's claimed username or handle across platforms and assess consistency and age of accounts. Free.
Have I Been Pwned: Breach notification service. Used to assess the age and digital depth of a contact email address, and to identify which platforms the address has been registered on over time. Free.
Google Reverse Image Search: Checks whether a profile photo has appeared elsewhere online under a different name, or is sourced from a stock image library. A key tool for detecting fabricated personas. Free.
Before you begin
Run identity checks and information checks separately
Confirming a source's identity does not confirm their information is accurate. A sophisticated deception may use a genuine identity to deliver false information. Complete the identity verification workflow in this guide, then run an independent corroboration check on the information itself before proceeding to publication.
Do not alert the source
Verification queries using the tools in this guide are passive and do not alert the source. Direct contact with a claimed employer (to confirm employment) should only be made through the employer's published main switchboard number, not through contact details provided by the source.


