What is virtual kidnapping?

Virtual kidnapping is nothing new, but in an increasingly digital world, it’s becoming more common. Virtual kidnapping is a scam with very serious consequences. Victims are often families with younger, school-aged children, but the strategy isn’t as sophisticated as you’d think. 

Here’s how these criminals lure in their victims: 

  1. Make the calls: The attackers essentially browse through a list of phone numbers or dial a random sequence until they find their victim, spoofing the number of your loved one. Spoofing is when an actor uses your number to make a phone call, thus making the call appear to come from you. This is the research part of the attack and can take hours, sometimes days, before finding what they’re looking for. 
  1. Find the victim: After making hundreds of calls, the attacker finds one with whom their plan lines up perfectly. For instance, if the attacker were to say, “I have your daughter with me”, that plan would only work if; the victim has a daughter, and the daughter is completely unreachable – say, in school or at a friend’s house. The odds aren’t usually in the attackers’ favor, but they’re bound to find someone.   
  1. Demand money or information in exchange for their freedom: Once the attacker has successfully lured the victim in, they’ll typically demand money, or maybe even credit card information in exchange for said family member. 
  1. The victim loses, and the attacker wins: After they’ve gotten the money, victims will realize they were scammed, that their loved ones were safe all along, and now they’re short a few thousand dollars for no reason. Unfortunately, the origins of a spoofed phone call can rarely be tracked down 

So, how do you prevent this from happening to you? This type of attack is becoming increasingly common, but being aware of the signs, and the coordination behind these attacks can help keep you and your family safe.  

Virtual kidnapping typically includes multiple different types of phishing: 

  • Vishing: Phishing attack via phone call 
  • Smishing: Phishing attack via text message or iMessage 
  • Spear phishing: Targeted phishing attack 
  • Brute-force: Hacker uses random sequences of numbers or letters to generate phone numbers and email addresses to target 

Do not give your information out over the phone unless you can verify the source. If you ever feel uncertain about a phone call, trust your gut. Nearly 50% of all incoming phone calls are scammers, so be extremely cautious of any phone call you receive. Even saved numbers can come from an unknown source by way of spoofing, so always remain vigilant.  

Leave a Comment

Connect, Transform, GrowYour biweekly cybersecurity briefing

Tackling cybersecurity can be overwhelming. But don't worry — we'll let you in on all the industry secrets to help you protect and secure your company like a pro.