The two most important things when conducting undercover contact is obtaining sensitive data and, yes, not blowing your cover. If a subject were to examine the source code (header) of an email I sent them, it may reveal my IP address. If I were to access a subject’s website, my IP address will be revealed. Without a subpoena, anyone can use your IP address to determine the name of your Internet Service Provider and the general region of the terminal that connected to the web during your contact. This is why it is important to use a service that specializes in masking IP addresses. I use a pay service that is completely legal, inexpensive, fast and convenient. The service I use allows me to choose IP addresses from all over the world at the drop of a dime.
If the subject is offering fashion goods, I am sure not to use an IP address from NY, CA, UK, France or Italy because the legal departments for many of these brands are located in these regions. If I am investigating a software counterfeiter I will steer clear from IP address located in CA, WA or MA. A paranoid counterfeiter will block customers from those regions, or at least notice that they are being monitored. So My first advice is to choose an IP address that is not in a state/country your client’s industry or headquarters is based. Then you must discipline yourself to never check these emails from your phone or an unfamiliar computer terminal. No matter how curious you are, the email can wait until you are at your PC with the ability to mask the same, consistent IP address region you have previously used. Just as we are watching for bad guys to make mistakes, they are waiting for us to do the same.
Now I’m going to finish my coffee.