Election Security Spotlight – Swatting

An Overview of Swatting

Swatting is an illegal and false phone call to 911 by a bad actor to report a serious, but non-existent, emergency to law enforcement, which, in turn, triggers a significant response by police or other emergency response teams to a particular location. Examples of swatting calls include bomb threats, reports of murder, or hostage situations. The most significant danger of swatting is that emergency response teams, including special weapons and tactics (SWAT) teams, which is the reason "swatting" is named as such, may respond to false reports, potentially leading to injuries or fatalities among both emergency response team members and individuals at the targeted locations.

Bad actors use social engineering techniques, such as phishing, doxing, monitoring social media, and other tactics to uncover information about their victims. With technological advancements, law enforcement faces growing challenges in identifying the perpetrators of false phone calls, due in part to the increasing use of caller ID spoofing (i.e., the practice of disguising phone numbers) and voice changers, which aid in concealing the caller's identity. It can be helpful to understand a bit more about the background of swatting as well as the very real threat the practice presents to the election community.

Why It Matters

Election officials, election offices, and polling locations could all be potential targets of swatting – especially in the lead-up to an election. Swatting attacks that lead law enforcement to election offices or polling locations have the potential to disrupt the election process, including preventing individuals from voting and potentially decreasing confidence in the electoral process. In addition, swatting attacks divert critical emergency response resources from real incidents to the swatting event. It is important to implement best practices in the coming months to reduce the risk of becoming a victim of swatting attacks.

What You Can Do

To protect your information and reduce the risk of becoming a victim of a swatting incident, here are a few best practices:

  • Establish a relationship with local law enforcement and emergency management staff. Meet and keep in contact with your local law enforcement agencies and emergency management divisions. Knowing reporting mechanisms and procedures is crucial and should be an integral part of your incident response plan.
  • Ensure that your incident response plan includes swatting and de-escalation training for both election officials and poll workers. Designate and train personnel, including poll workers, to be vigilant about any potential conflict and how to mitigate potential risk or violence. For more information, please consult CISA’s De-escalation Series available here.
  • Provide cybersecurity training to all workers. Most election offices employ seasonal workers during busy election years. While permanent public employees are likely to complete some cybersecurity training, seasonal workers may not have the same level of cybersecurity knowledge. Be sure to provide training to both permanent employees and seasonal workers on common social engineering techniques to look out for, including the risks of swatting. Also, ensure personnel understand the appropriate reporting and response procedures in the event of an incident.
  • Use a Virtual Private Network (VPN). A VPN, or Virtual Private Network, is a tool used to conceal your computer's IP address, thereby effectively concealing your physical location. Instead of allowing potential malicious entities to determine your whereabouts, a VPN routes your online traffic through a remote server, effectively masking your geographical location.
  • Use strong passwords. Ensure that each password is strong and unique and combines either number, letters, and special characters or unrelated words to create a unique passphrase. In the past, changing passwords regularly was thought to be the most secure method of ensuring threat actors could not access your accounts. This led to the practice of setting one password for multiple accounts, which significantly increased the impact of compromised credentials when a threat actor obtained a password, as the threat actor could then use the same password to access multiple platforms.
  • Implement two-factor or multifactor authentication. Two-factor authentication (or multi-factor authentication more broadly) provides an additional step to the login process beyond entering a password. This additional step is often a randomly generated passcode by an authenticator application on your mobile device.
  • Be cognizant of what you post on social media. Bad actors closely monitor the social media accounts of their victims to gather information. Though many social media users are taking measures to increase the security of their social media accounts, information can still be gained from anything a user posts.
  • Disable location services. Sharing your location when posting on social media allows other social media users to know where you are and are not when you post on social media. Consider disabling location services on all social media platforms.
  • Consider services that remove your information from the internet.  There are some paid services available that can help reduce the number of instances where your information is publicly available on the internet
  • Conduct an online search for yourself to learn where and what information is available online.

In the unfortunate event that you are a victim of a swatting attack, stay calm, listen to, and cooperate with the emergency response team. While there may be no real emergency, the response team believes there is a real emergency and is there to help.  

Please contact us at [email protected] if you have any questions.