Attribution in cyber attacks remain a challenge as incidents continue to rise. Network and computer forensics enable pattern recognition and identify leads that could help point to a perpetrator. However, several attackers use false flag campaigns – a concerted effort to throw off an investigation that may lead to an actor who did not in fact carry out the attack. The real perpetrator uses false flag campaigns to escape taking responsibility of the attack or hide their real intention behind the attack. The paper explores the different mechanisms through which false flag campaigns are conducted and how they can potentially be identified.