IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Scam Alert: Impersonating Law Enforcement, Doxxing and Swatting

Criminals are using stolen information to imitate the police and scam both companies and individuals. Here’s what you need to know.

Smartphone receiving a call from unknown number
Shutterstock/Tero Vesalainen
Even the top technology companies in the world are not exempt from falling for online scams. One of the hottest current scams making the rounds all over the U.S. is the imitation of law enforcement agencies in order to get sensitive information from companies or individuals.

A recent Yahoo headline read "Tech Giants Duped Into Giving Up Data Used to Sexually Extort Minors." The article explained: “Major technology companies have been duped into providing sensitive personal information about their customers in response to fraudulent legal requests, and the data has been used to harass and even sexually extort minors, according to four federal law enforcement officials and two industry investigators.”

The articles goes on to describe how criminals obtain someone's name, IP address, email address and physical address and other data from unsuspecting companies by acting like the police.

A recent blog post by Krebs on Security described it this way: “There is a terrifying and highly effective 'method' that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. It involves compromising email accounts and websites tied to police departments and government agencies, and then sending unauthorized demands for subscriber data while claiming the information being requested can’t wait for a court order because it relates to an urgent matter of life and death.”

LOW-TECH SCAMS


But not all incidents use high-tech means to accomplish their illegal goals. Consider these headline situations:

AJC.comSCAM ALERT: Callers pretending to be police, faking arrest warrant for money: “Atlanta police are warning the public about phone scammers who defrauded at least two people out of thousands of dollars by posing as high-ranking officers and threatening them with arrest if they did not make immediate payments over the phone. …”

WNDU.comSCAM ALERT: Callers pretending to be police, faking arrest warrant for money: “We have information on a scam out of St. Joseph County, Michigan. Police say scammers have created a fake name and number which makes it appear they are calling from a local police department. The scammer may say there is a warrant out for your arrest, but that you can pay a fine in order to avoid criminal charges.”

WHAT ARE SWATTING AND DOXXING?


So what happens to this data once the criminals obtain it? Two of the most common actions are known as "swatting" and "doxxing."

According to US News.com: “To dox someone means to release their personal or private information that may prove harmful or embarrassing. This can happen in the real world, but the Internet has made it easier both to find and release this information to a wide audience. Doxxing may reveal someone's personal information like their home address or workplace, social security or phone number, private correspondence or pictures, criminal history, IP address, or other details. Some people fail to realize that information they share on social media or other sites may be 'scraped' and used against them, potentially opening themselves up to unwelcome public disclosure, identity theft, cyberbullying, stalking, or threats to their personal safety. …

“The term doxxing (sometimes spelled doxing) is a longtime hacker term derived from 'dropping dox' or documents about an adversary. Motivations range from personal revenge to political ends. Some doxers act with the intent of exposing criminals or perpetrators of heinous acts. However, there are plenty of examples of people who have been wrongly doxxed and harmed as a result.”

According to CSO Online: “Swatting is a form of harassment in which attackers try to trick police forces into sending a heavily armed strike force — often a SWAT team, which gives the technique its name — to a victim's home or business. The Los Angeles Police Department, in a press release about a specific swatting attack that occurred in August of 2020, provided this definition of swatting: 'The term "swatting" refers to someone who places a false emergency call for service, generally of a nature which causes a large police response.'

“The LAPD goes on to add that 'the "swatting" practice is dangerous and places the community and first responders in harm's way.' For some attackers, this is the thrill and the purpose of swatting: to cause the victims to fear for their lives as armed police charge into their homes, often with little warning. The police often believe that they themselves are facing an armed and dangerous adversary, producing a volatile scenario that can result in property destruction, injury, and death.”

WHAT CAN YOU DO TO HELP?



I like these tips from WLTX.com to help you from falling victim to such crimes:
  • Make your social media accounts private and only accept requests and messages from people you know.
  • Be wary of answering phone calls from unrecognizable numbers.
  • Call, on another phone, the number that you were called from to confirm the legitimacy of the caller and reason for the call.
  • Know that a police department or law enforcement officer will never solicit money — particularly through gift cards — from the public.
  • Never give your personal information, including banking information, to someone over the phone.
  • Do not send money to people or organizations that you do not personally know and trust.
  • If you receive a call that appears to be government impersonation fraud, disconnect without providing any personal information and without adhering to the caller’s instructions.
  • Contact your local police department immediately to report the fraud by calling 911.
  • Submit complaints to the FBI at ic3.gov and the Federal Trade Commission, which collects fraud reports nationwide, at reportfraud.ftc.gov.
  • Warn family, friends and associates about the scam so they can be on high alert.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.