FBI Warning: Protecting Your Smart Devices from Swatting

The FBI Phoenix Field Office recently received details on how the public can protect their smart devices from swatting.

Swatting is a term used to describe hoax calls made to emergency services, typically reporting an immediate threat to human life. Swatting may be motivated by revenge, used as a form of harassment, or used as a prank, but it is a serious crime that has serious consequences. The goal is to draw a response from law enforcement and the SWAT team to a specific location. Swatting is a crime.

It is a deliberate and malicious act that creates an environment of fear and unnecessary risk, and in some cases, has led to loss of life. These attacks pull resources away from valid emergencies, disrupting the ability of emergency services to respond.

Offenders gain access to victims’ smart devices, then use stolen email passwords to log into the device and hijack features, including the live-stream camera and device speakers. Offenders often use spoofing technology to anonymize their own phone numbers to make it appear as if the emergency call is coming from the victim’s phone number. This enhances their credibility when communicating with dispatchers.

As law enforcement responds to the residence, the offender watches the live stream footage and engages with the responding police through the camera and speakers. In some cases, the offender also live streams the incident on shared online community platforms.

Anyone can be the target of swatting, but victims are typically associated with the tech industry, video game industry, and/or the online broadcasting community. Authorities have also seen cases where criminals are attempting to silence people with elevated online profiles, elevating these particular swatting incidents to hate crimes.

If you have smart home devices with cameras and/or voice options, there are ways to protect yourself:

  • Use complex passwords or passphrases for online accounts
  • Avoid duplicate passwords across different accounts.
  • Update your passwords or passphrases regularly.
  • Practice good cyber hygiene.
  • Use multi-factor authentication (MFA) for all online accounts and any device that touches the Internet. For an additional layer of authentication, use a mobile phone number, virtual or physical tokens, or biometric options (such as a face or fingerprint scan).

If you have been victimized by this kind of crime, make sure to file a report with your local police department. If you believe your email or other smart device credentials were compromised, you should also report the incident to the FBI’s Internet Crime Center at www.ic3.gov or call your local FBI office.