Over the last four months, there has been a significant increase in “swatting” attacks targeting high-ranking U.S. corporate executives.
These are coordinated precision attacks specifically aimed at C-Suite executives and board members—and they are extremely dangerous.
Swatting often results in a full law enforcement response to the executive’s home, with the house liable to be surrounded or stormed by armed police officers and SWAT teams. Since the police believe they are responding to a serious crime in progress, these confrontations can easily spiral out of control before the executive or their family members understand what is happening.
While swatting isn’t a new phenomenon, it typically occurs in isolated incidents and has been traditionally limited to high-profile figures, such as celebrities, online gamers, influencers and politicians, in addition to schools. This current iteration of swatting attacks is highly unusual because it is specifically aimed at corporate executives or board members, with no particular preference on industry, region or victim demographic (other than their C-Suite status). The executives who have been victimized in these attacks are not well-known outside of their industries, which is counter to a swatter’s usual motivations. These attacks are clearly part of an organized and determined campaign, although the exact motive remains unclear.
As the CEO of a digital executive protection company, I have experience dealing with swatting cases and other types of cyber-harassment and extortion. But the current wave of swatting attacks now underway is unlike anything I’ve seen in over 20 years in the field. These attacks are not random. They appear to be highly targeted and purposeful. And they are causing chaos in and amongst the highest levels of Corporate America.
Here is what executives need to understand about this active threat:
What is “Swatting”?
Swatting is when a hacker impersonates a victim in order to make a hoax phone call to emergency services with the goal of bringing out a SWAT team or large police presence to this victim’s residence or workplace.
In most instances, the hacker uses caller ID spoofing to trick the emergency responders into believing it is a legitimate call. They may also use special apps or online tools to conceal their voice or to auto-generate the call. When making the fake 911 call, the hacker will often claim that an active shooter or hostage situation is underway, or they may claim some other violent crime is in progress.
Due to the serious nature of the reported crimes, these calls often lead to a significant law enforcement response. Officers may arrive with guns drawn, SWAT teams and hostage rescue teams may be called in, and officers may storm the house immediately upon arrival to try and stop what they believe is an active threat. These incidents can be extremely dangerous for the victims, and several people have died in recent years from swatting.
What We Know About the New Campaign Targeting Executives
This surge in the swatting crimewave began in early October 2022, but has escalated significantly since the start of this year. During this time, a high number of executives in Fortune 1000 companies have been targeted by these attacks.
Unfortunately, this crime surge does not appear to be slowing down anytime soon—in the last three weeks, another 30 executives have fallen victim to these attacks.
While it’s unclear who is responsible for this swatting campaign, the attacks are clearly not being conducted at random. The group or individual who is behind them appears to be well organized and purposeful. They are specifically targeting C-Suite executives and board members in multiple industries, including pharmaceuticals, healthcare, biomedical, insurance and esports/gaming. However, the threat is not only limited to those industries—the hackers may be expanding to other sectors too.
While these attacks are not geo-specific, we have observed several clusters of activity in the following areas, particularly since the new year: Boston, Chicago, San Francisco and Los Angeles.
How Executives are Being Hunted
The group or individual behind these attacks are using several standard methods to collect information and target their victims.
First, the attacker visits a company website to find a list of executives. Usually this information is on the “About Us” or “Leadership” page and includes the names, titles and sometimes location of the executive. Armed with this short-list, the attacker will use both data broker services and stolen personal data sold on the Dark Web to identify a home address and phone number tied to that person or their significant other.
With the name and address of the person in tow, the attacker will then research the direct emergency number for the local police department. Sometimes the attacker will record a synthesized voice or just use a computer-generated voice to state that a kidnapping, murder or hostage situation is underway at the address for the individual. Given the gravity of the situation, the police will attempt to contact the homeowner and respond.
How to Defend Against This Threat
Swatting is a difficult crime to prevent, but there are several steps executives can take that will significantly reduce the threat to themselves and their families.
One of the most important of these steps is removing personal information from data broker websites. There are approximately 200 data broker services in the U.S., so this will not be easy, but it can be done and there are professional services that can help. By removing this information, executives will make it harder for a criminal to find their home address, phone number, family members’ information, home IP address, email accounts, social media and other information that can be used to carry out these attacks. However, it’s important to realize that data brokers can relist an individual later on if their information re-enters public databases due to a “records event,” such as buying a home, getting married, getting a traffic ticket, etc. Therefore, constant vigilance is required.
Here are several other steps they should take:
- Remove the specific town you reside in from social media accounts and from your company’s bio/executive team pages. Also remove information on those pages giving the name of your significant other and/or children.
- Do not share your home address or phone number with parties that do not have a need to know it.
- Ensure your home is not registered in your name when purchased. If it is in your family name, have your attorney transfer it to a trust, but note the original record of purchase can never be removed.
- Use a post office box or UPS mailbox store as a main address for homes that have not been disclosed as belonging to you. In many cases attorneys, wealth managers or business managers can offer a similar service as well.
- Reduce the amount of information you share with your mobile apps.
If you have been threatened online or feel you are at imminent risk of being targeted for a swatting attack, please contact your local law enforcement non-emergency number.