FBI Tech Tuesday: Protecting Your Smart Devices from Swatting
ARIZONA—The FBI Phoenix Field Office wants to educate the public about how you can protect your smart devices from swatting.
Swatting is a term used to describe hoax calls made to emergency services, typically reporting an immediate threat to human life. Swatting may be motivated by revenge, used as a form of harassment, or used as a prank, but it is a serious crime that has serious consequences. The goal is to draw a response from law enforcement and the SWAT team to a specific location.
These attacks pull resources away from valid emergencies, disrupting the ability of emergency services to respond.
Offenders gain access to victims’ smart devices, then use stolen email passwords to log into the device and hijack features, including the live-stream camera and device speakers. Offenders often use spoofing technology to anonymize their own phone numbers to make it appear as if the emergency call is coming from the victim’s phone number. This enhances their credibility when communicating with dispatchers.
As law enforcement responds to the residence, the offender watches the live stream footage and engages with the responding police through the camera and speakers. In some cases, the offender also live streams the incident on shared online community platforms.
If you have smart home devices with cameras and/or voice options, there are ways to protect yourself:
- Use complex passwords or passphrases for online accounts
- Avoid duplicate passwords across different accounts.
- Update your passwords or passphrases regularly.
- Practice good cyber hygiene.
- Use multi-factor authentication (MFA) for all online accounts and any device that touches the Internet. For an additional layer of authentication, use a mobile phone number, virtual or physical tokens, or biometric options (such as a face or fingerprint scan).
If you have been victimized by this kind of crime, make sure to file a report with your local police department. If you believe your email or other smart device credentials were compromised, you should also report the incident to the FBI’s Internet Crime Center at www.ic3.gov or call your local FBI office.