Cyber Bytes: The Dangers of Swatting and ways to safeguard yourself
Swatting is when a criminal uses false information to make baseless calls to law enforcement (the intention is to dispatch SWAT teams to a specific location, hence the term “swatting”).
A swatter might claim a bomb threat, a murder, a kidnapping or hostage situation or another counterfeit emergency. Swatters use personal information, spoofed phone numbers and IP addresses, and voice cloning or deepfake technology to sound credible. This is a rising concern for the FBI and local law enforcement agencies.
Swatting often happens in conjunction with “doxxing,” when someone uses social engineering tactics to gather personal information and then shares that information publicly in order to generate disruptions or harassment.
Anyone can be a swatting victim. Celebrities and high-profile individuals have always been targets, but schools and private individuals are increasingly targeted as well. Swatting puts innocent people at risk, wastes law enforcement resources and escalates situations that could end tragically.
Swatting in the news
AP News has reported real-life swatting incidents that are disruptive and sometimes deadly:
In Wichita, Kansas, police officers responded to an emergency call, resulting in a man’s death. Later, the originating call was determined to be a hoax. It was a dispute between online gamers who targeted a player. The home address reported to the police was an old address for the target player. The man who was killed was not involved in the gamer group or the dispute. The prank callers were sentenced to prison.
In a different incident, police shot a Maryland man in the face with rubber bullets while responding to a hostage situation call at his home. The call was a hoax.
In Claycomo, Missouri, an auto manufacturer received a call from a man claiming to be barricaded inside the auto plant with explosives. The caller said he was a disgruntled employee who intended to blow up the plant. The security team called the police, who responded with a special tactics team. Despite indications that it might be a fake alarm, police were compelled to search the entire plant to rule out any threats.
A man from Bremerton, Washington, placed over 20 swatting calls across the U.S. and Canada. The calls prompted emergency responses to his fake reports of bombs, shootings and other threats. He used voice cloning technology to conceal his identity and broadcast the calls as entertainment on a social media platform. He was charged with 10 federal felonies.
And according to NBC News, a Tennessee man died of a heart attack as police raided his home. Someone had falsely reported an active shooter.
Swatting is illegal. Perpetrators can face significant criminal charges like filing a false report, mischief or manslaughter. Some states have introduced laws and penalties related to swatting.
Reasons for swatting
Swatting can be motivated by politics, retaliation or differences of opinion. Some people swat just to exert power and control over others. Swatting is a form of bullying, harassment and stalking that can have immediate and deadly consequences.
Anyone can carry out a swat attack against anyone from anywhere. According to AP News, hundreds of schools and colleges have seen an uptick in false bomb threats and active shooter incidents. The FBI has determined many of the swatting reports originated from emails and phone numbers overseas.
Things you can do to protect yourself
You can take steps to minimize your private information exposure. Nothing is fail-safe on the internet, so stay vigilant.
Keep personal information private. Gaming chats, online team gameplay or virtual reality interactions are high-risk targets for swatting and nefarious behavior. Don’t reveal personal information about your location or identity. Gaming competition can get fierce, making it easier to let your guard down. Threat actors count on this.
Avoid using screen names that make it easy for strangers to identify you. Scammers are adept at amassing irrelevant information from you to reconstruct your identity and access your accounts. They might use personal tidbits like pet names to try to crack passwords or figure out where you live based on your mention of a local coffee shop. They can even use background information on video streams to piece together personal information and locations.
Secure your smartphones and other devices. Criminals can access your devices and hijack features, including cameras and speakers. They use spoofing technology to hide their real location. When they place an emergency call, it looks like it’s coming from your smartphone number, effectively tricking dispatchers.
Use complex passwords for your accounts. Change your passwords regularly. Use multifactor authentication to alert you when someone tries to access your accounts. Secure your device with PIN codes or biometric data like fingerprint and face scans. Encrypt your phone’s data.
Reset or refresh your internet protocol (IP) address. An IP address is a string of numbers and decimals that identifies your device and location. If you’re connected to the internet, you have an IP address. To find your IP address, type “What’s my IP address?’ into your search engine.
Your internet service provider (ISP) assigns you an IP address to provide an internet connection. You can’t hide your IP from your ISP for this reason. But your IP address is also visible to everyone on the internet, making it easy to track. Marketers, advertisers, browsers, geolocators, agencies and content providers all use IPs to identify and follow (or block) you on the internet.
Unfortunately, this technology allows threat actors to find you, too.
You can request an IP address reset or reassignment from your ISP. Unplugging your modem for a few minutes (or overnight) can also reset your IP. But it’s temporary. Your refreshed IP address will eventually be discoverable once you’re back online.
Use a virtual private network (VPN). VPNs mask your existing IP address with one of their own so other computers and servers can’t see you. If a criminal tries to use your IP to see your location, they’ll see the location of the VPN’s data center, not yours. Use a reputable VPN provider with advanced features like private domain name system (DNS) servers, leak protection, a kill or cutoff switch, and a no-logs policy.
Connect to a different network. When you change the network you use to connect to the internet, your IP address also changes. You can switch to a new network if you think you’ve been compromised or tracked. You can use your smartphone’s mobile data connection to create a password-protected hotspot. You can also use a public network, but remember, public networks aren’t secure. Connecting to another network isn’t a permanent solution but a temporary technique to throw off a threat actor.
These are just a few techniques to protect your privacy and stay hidden from would-be swatters. But if you are a victim of swatting, file a police report and file a complaint with the FBI’s Internet Crime Complaint Center. Stay cybersafe out there!
This content is for informational purposes only and not for the purpose of providing professional, financial, medical or legal advice. You should contact your licensed professional to obtain advice with respect to any particular issue or problem.
Copyright © 2023 Applied Systems, Inc. All rights reserved.