What is swatting?
Swatting is a criminal harassment tactic where someone places a fake emergency call to trick armed law enforcement — often a SWAT team — into showing up at another person’s location. The term comes from Special Weapons and Tactics (SWAT) teams, which are special police units deployed to high-risk events.
The tactic is especially prominent in livestreaming and online gaming communities. It first gained traction in the 2000s, when online pranksters thought it would be funny to disrupt streamers by sending police to their homes mid-broadcast. Some livestreamers, like Adin Ross, have been victimized so often that the police now call him to verify whether the emergency is real before responding.
Swatters have also targeted schools, celebrities, activists, and individuals with outspoken political views, as well as unsuspecting everyday citizens. According to an FBI report, swatters often obtain their victims’ addresses or other personal details online.
What motivates swatting attacks?
Swatting may be driven by a thirst for revenge, the urge to punish someone with different political opinions, or a penchant for mischief. For example, some think it’s funny to see their favorite livestreamer get swatted in real time. Others might use it to get revenge on a former friend or romantic interest.
How swatting works
To carry out a swatting attack, cybercriminals identify a target, ascertain their home address or physical location, and make a false emergency report, usually claiming a violent crime is in progress. Law enforcement then rushes to the victim’s location under the belief that the threat is real.
How do swatters get your information?
In some cases, swatters may be personally acquainted with the victim and know their address already. In others, they gain access to personal information through social engineering tricks, hacking, data leaks, or by scouring the internet, social media, or the dark web for exposed personal details.
Home addresses and phone numbers are also widely available on data broker sites — underscoring the importance of minimizing your digital footprint. Here are some ways swatters obtain victims’ addresses:
Oversharing online
Oversharing on social media, like posting your home address, phone number, or photos that reveal your neighborhood, can give swatters the clues they need to find you. Even casual check-ins, birthday posts, or tagging your location can expose more than you realize.
To reduce your risk, review your privacy settings and turn off features that share your whereabouts, such as Snap Map on Snapchat, location tagging on Instagram, or public friend lists on Facebook. Also, review your post history on old social media accounts to ensure you haven’t revealed too much personal information.
Social engineering
Social engineering attacks take advantage of human behavior and psychology to trick people into divulging personal information. Social engineers might impersonate a family member, romantic interest, or old friend. Once they’ve established trust, they ask for information that they can then exploit. One common type of social engineering is phishing.
In the context of swatting, a perpetrator may pose as a utility worker, delivery driver, or even a police officer to coax a home address out of their target or people close to them.
Protecting yourself against social engineering means staying cautious about what you share and with whom. Think twice before giving out personal details over the phone, email, or social media, and be wary of unsolicited requests for information, even if they seem to come from someone you know or trust.
Caller ID spoofing
Caller ID spoofing is when someone masks their real phone number with a different number. Someone might use this technique to impersonate a trusted entity and gain personal information — like your address. To help keep your phone number more private, make sure you remove it from your social media profiles.
Doxxing
Doxxing is when someone’s personal information, such as their address, phone number, or email, are published online without their consent by malicious actors. Doxxing can lead to harassment, identity theft, or reputational damage. Swatters can obtain doxxed information and use it to victimize people. In fact, doxxing and swatting often go hand in hand.
Doxxed information can be gathered from public sources like social media or the dark web.
To protect yourself against doxxing, use strong passwords and set up breach alerts. We also recommend using a VPN to safeguard against hackers and cyber snoops, particularly if you’re using public Wi-Fi.
Data breaches or leaks
Data breaches have become a regular occurrence, and they’ve hit corporations ranging from Equifax to Facebook. In 2023, there were more than 3,000 data breaches, which affected nearly 350 million victims. The information exposed in data breaches can be accessed and used by swatters.
While data breaches are inevitable, you can soften their blow by practicing good cyber hygiene. For example, limit how often you share your home address and phone number in online accounts, and use strong, unique passwords with two-factor authentication to minimize the risk of leaks or breaches. You can also use a dark web scanner to help identify whether any of your personal information is currently exposed on the dark web.
If you’re looking for an advanced tool that helps protect your online data and warns of potential data breaches that might affect you, use AVG BreachGuard. It scans the web for your information 24/7 and comes with round-the-clock expert support.
Data broker sites
Data brokers, like people-search sites, are companies that collect, package, and sell personal information — often without people realizing it. They pull data from public records, online activity, and even past purchases to build detailed profiles that can be sold to advertisers, marketers, and sometimes less scrupulous buyers.
For swatters, data broker records can be a goldmine. Addresses, phone numbers, family connections, and other sensitive details can all be purchased cheaply and used to make fake emergency reports seem more convincing.
To protect yourself from data broker exposure, you can manually request to have your data removed from each of the services where your details appear. Or, you can use AVG BreachGuard to automatically demand your info is removed.
Hacking
Hackers can break into email, social media, or cloud accounts to steal personal details like addresses or phone numbers — information swatters can then exploit to make their fake reports. Strong, unique passwords and two-factor authentication are your best defenses against these types of attacks. If you don’t use antivirus software, hackers could also infect your device with data-stealing malware.
Use award-winning antivirus software, like AVG AntiVirus Free, for real-time protection against malware, fake websites, scams, and hackers. It can even help protect you from spyware, which cybercriminals can use to steal sensitive information.
Is swatting illegal? Legal consequences explained
Swatting is illegal and prosecutable under both federal and state laws. In fact, there are people sitting in jail for swatting today. Because of the risks to life and health, not to mention the public expense, the penalties for swatting can be very high.
This is illustrated by the particularly notorious 2017 Wichita swatting case, which stemmed from a dispute between online gamers. After an argument on “Call of Duty,” one player enlisted swatter Tyler Barriss to target his rival. Barriss placed a fake 911 call that sent police to the address he was given. But, the target didn’t live at that address, and a totally uninvolved man was tragically killed. Barriss was sentenced to 20 years in federal prison, while the two gamers also received prison terms.
Legal implications for perpetrators
Under federal law, swatting is typically treated as a felony. Perpetrators can serve up to five years in prison for propagating false information and hoaxes. That sentence can go up to 20 years when serious injury results from the swatting. If someone dies, it can increase to life in prison. Some states also have specific laws against doxxing and swatting.
There are many examples of people serving jail time because of swatting besides the Wichita case. In one example, Ashton Connor Garcia, who had carried out swatting attacks while livestreaming on Discord, was sentenced to three years in prison. About six months later, another swatter, Alan Filion, was sentenced to four years in federal prison after making 375 fake bomb threats.
Resource waste and financial impact
Swatting puts a significant financial burden on emergency services, with each swatting incident costing tens of thousands of dollars. In addition to money, each police deployment redirects officers away from actual crimes, potentially creating opportunities for other crimes to occur.
How to help protect yourself from swatting
If you’re looking to protect yourself from swatting, the best defense is reducing the amount of personal information available online and strengthening your digital security. Here are some concrete steps you can take:
-
Avoid oversharing: Don’t post addresses, phone numbers, or location details on social media, and make your accounts private.
-
Pick your battles online: Heated arguments in gaming or on social platforms can escalate. Walking away from conflicts reduces the risk of attracting malicious attention.
-
Alert law enforcement: If you fear that you could be targeted by swatters — or you’re a repeat victim — inform local law enforcement agencies so they know to react cautiously.
-
Use strong security measures: Enable two-factor authentication (2FA) on your accounts, and change any passwords you suspect may be compromised.
-
Strengthen your defenses: Add a VPN to your Cyber Safety arsenal to help mask your online activity and protect your internet connection.
-
Know how to respond: If you become the target of a swatting attack, stay calm, follow police instructions carefully, and explain your situation once it’s safe to do so.
-
Take legal action: If possible, press charges against the perpetrator to discourage future swatting attempts.
-
Be alert to data breaches: Set up breach alerts or monitoring tools so you’ll know quickly if your personal information is exposed.
Protect your personal data and reduce swatting risks with AVG BreachGuard
Swatting attacks and similar risks demand robust proactive measures. Install AVG BreachGuard to get notified if your data is found leaked online, including on the dark web. Its advanced features can provide insights into potential risks and help prevent unauthorized access to your personal data. Take a proactive step toward better digital security today.
