2) agree I can do it. I have no won this battle and just need to explain it to my accountant such that he can sanity check it; I’m drawing pictures!
So I check all the usual boxes to start: run the email through breach data tools, https://haveibeenpwned.com, https://emailrep.io, Google, check the username portion in https://whatsmyname.app, etc etc etc. If you’ve spent any time doing OSINT work, you know those angles quite ...