Welcome to Cyber Threats 101! This is the fourth chapter in our A Busy College Student’s Guide to Online Security.  We’ll begin by defining what are swatting attacks and share expert tips on how to avoid becoming a victim to these attacks.

What is swatting?

Swatting is an attack in which someone calls authorities about a fake crime, like homicide or terrorism, and prompts them to dispatch a swat team to raid the victim’s home. While the attacker’s ultimate goal is to frighten his/her victim, in this extremely dangerous situation, there’s a chance the victim could also be tackled, pepper sprayed, tasered, or shot during the raid.

Are swatting attempts common?

Based on “local law enforcement calls received about once a month, interviews of individuals arrested, and a review of social media with perpetrators bragging about it” the US Federal Bureau of Investigations (FBI) told The Verge that there are about 400 swatting attacks a year.

How do attackers find personal information to swat someone?

There are a few ways attackers can find your home address and other personal information:

  • Using third-party information sites, like PeopleSmart, Spokeo, or Whitepages to search for your full name, phone number, email addresses, the names of your relatives, and your social media accounts.
  • The domain registration from a website you own.
  • Services that share the geolocation of your IP address
  • Malware installed on your device that can be used to remotely take over your computer or track any information you type.

Moreover, attackers also use several different methods to mask their phone calls. For instance, attackers can use an app like Burner, a magicJack, or something called a “spoof card” to hide their phone number. Alternatively, attacks have also used programs designed for hearing-impaired individuals to type their emergency and have their message ready by an operator. Unfortunately, these services do not keep track of their personal information because of privacy laws.

What should I do to avoid being swatted?

Similar to our tips for preventing phishing and social engineering attacks, the key to avoid being swatted is taking the right steps to protect your privacy both on and offline.

  • Be careful about posting personal information. Avoid posting information on public profiles or sharing information with someone you’ve met online, including your full name, your phone number, your address, and where you work.
  • Use a virtual private network (VPN) to protect your IP address.
  • Beware of emails containing suspicious links or attachments.
  • Consider using a username that does not contain any personally identifiable information. Better yet, use different usernames on different online accounts and forums.
  • Use strong passwords on all of your accounts, and also enable two-factor authentication (2FA) whenever possible. Not sure if one of your online accounts has a 2FA feature, click here.

Did you enjoy reading this guide? Go back to read Chapter 1: Social Engineering & Phishing AttacksChapter 2: Ransomware, and Chapter 3: Doxxing