When people want to know who owns a phone number, the first move is almost always the same open GetContact or check Truecaller.
Easy, yes. But is it real OSINT? In my opinion—no. Here’s why, those apps rely on user-submitted labels. Anyone can name a contact “Boss” or “Debt Collector”, and it shows up. It’s passive, noisy, and highly manipulable.
My OSINT Method
If I’m trying to trace an Indonesian number, I take a more reliable approach.
I go after e-wallets. Here’s why:
- DANA: Requires national ID verification. The name you see is (usually) the real one.
- OVO: Same deal. The registered name is linked to a verified identity.
- GoPay: Trickier. Some users can set custom names, and identity checks aren’t always enforced.
- ShopeePay, LinkAja, etc.: Depends, but most regulated services require real ID at some point.
These platforms act like semi-official sources. You’re not guessing who they are, you’re seeing the name tied to their verified e-wallet account. That’s a massive upgrade from hoping someone labeled them correctly in Truecaller.
The Data Breach Angle
When all else fails, I dig into data breaches. Not manually, though i use Telegram bots that search leaked databases for you (some free, some paid with crypto/telegram wallets). Drop a phone number or email, and if it ever appeared in a leak, you’ll get:
- Real names breach
- Usernames + password breach
- Emails breach
- Past logins breach
- National ID breach
- Marketplace credentials breach
It works and sometimes, it’s the only thing that works.
Final Thoughts
“GetContact is a sh_t. E-wallet is gold.“
If you’re serious about phone number OSINT in Indonesia, you can’t rely on apps that show public tags. Use breach data wisely, and you’ll be ahead of 90% of OSINT amateurs out there.
