Avoiding Virtual Kidnapping

Just the title, Virtual Kidnapping, sounds scary enough. There's a good reason for that: it is. Let me provide a quick caveat - kidnapping does happen, obviously; however, this is different than that and is purely extortion.

Virtual Kidnapping is the process when scammers call you on your phone, generally using number spoofing. This will create the appearance that the number you are being called from it local. It will make both the area code and prefix look local, and with most cell phones, under the phone number, it will say the location (e.g. Portland, Oregon). However, once you answer that call, everything changes drastically. Occasionally, this call will be from an “Unknown” phone number.

The scammers will contact you and explain that your child has been kidnapped. They will then demand a ransom for their "safe return” or “(they) will (insert horrific event here).“ Scammers have gone as far as to have the voice of a young boy or girl screaming in the background, making it feel even more real. This is exacerbated when you have a daughter/son, and it is a voice that sounds familiar. Of course, when you first hear that your loved one is kidnapped, any voice could sound like your child’s. It’s part of the brain’s response. There have been two families who have fallen victim here in my home state of Oregon, but down around the US/Mexico border, the numbers skyrocket. Why? Cartels. They are actually paying people to extort victims out of thousands and thousands of dollars.

Before we dive into how this happens, let me explain that this is all a hoax. It is not true, and it's simply extortion.

So, the important question: how does this happen?

Honestly, the first issue...is you. I know this sounds silly, rude, inaccurate, and victim blaming, but stick with me for a second. How does someone know you have a child; moreover, how do they know if your child is a boy or girl? FACEBOOK. Facebook, Facebook, Facebook. First, if you don't have a private Facebook profile, you should. This means someone cannot see your Personal Information or posts. They can, however, see your Profile Picture and Name. This means that even if you have a private profile, but you Profile Picture has your child in it, a scammer knows that you have a child. Even worse, if it's public, they can see where you are, and when you're most likely to be away from your child. This primarily applies to parents with children that are not yet of legal age.

But what if your child is over 18-years-old, possibly in college or moved away? Here's where it gets tricky, and this is where the children need to be on-board with the private profile aspect as well. Think about something really quick - if you saw 25 private Facebook profiles, meaning you can just see the person's name and profile picture, and I asked you if the person in question was a college student or moved out from their parents, or if they were not, I bet you'd score over 50%. Most would probably be closer to 75%. That's what these scammers are primarily doing. They are finding college kids. God forbid those kids have public profiles, which sometime even has their Family Information (Father, Mother, Siblings, etc.), proves to a scammer that they're in college, maybe even what sorority, fraternity, or club they're involved in. From there, it's as simple as finding a phone number, which isn't as hard as you think. Google your own name, and see if you can find your own phone number. Now let's pray that the college kid's profile is private. This makes it more difficult, but definitely not impossible. Now that you've put your own name into Google, try your children's name. See if you can find your phone number simply by putting their name in the search bar. If you can't, you're in luck. You're also the exception to the rule.

My recommendation is to make all of your social media profiles private, especially anything with lots of personal data and/or photos. The two that stand out to me are Facebook and Instagram (coincidentally enough, owned by Facebook).

I will both link to articles about how to make your Facebook and Instagram private, but I will also go through it step-by-step. As I deleted my Facebook early in 2019, I can't verify that this method works. If it doesn't, please email me immediately.


1. Click the downward facing arrow in the top-right corner.

2. Navigate to Settings

3. Click Privacy on the left toolbar

This is where you can configure everything. At the very least, change "Who can see my stuff" to "Friends".


1. Go to your profile (the little person avatar in the bottom-right corner)

2. Click the three, stacked horizontal lines in the top-right corner

3. At the bottom of the sidebar that slides out, you'll see a gear icon with "Settings" next to it. Click on "Settings".

4. Click Privacy

5. Click Account Privacy (about halfway down)

6. Toggle switch to Private

The FBI issued the following tips on what you can look for if you become a victim of this scam:

  • Calls (along the border) are usually made from an outside area code

  • The incident may involve multiple phone calls

  • Calls do not come from the kidnapped victim’s phone

  • Callers go to great lengths to keep you on the phone

  • Callers prevent you from calling or locating the “kidnapped” victim

  • Ransom money is only accepted via wire transfer service

If you receive a phone call from someone who demands payment of a ransom for a kidnapped victim, the following should be considered:

  • Stay calm.

  • Try to slow the situation down.

  • Avoid sharing information about you or your family during the call.

  • Request to speak to the victim directly. Ask, “How do I know my loved one is okay?”

  • Request the kidnapped victim call back from his/her cell phone.

  • Listen carefully to the voice of the kidnapped victim if they speak, and ask questions only they would know.

  • If they don’t let you speak to the victim, ask them to describe the victim or describe the vehicle they drive, if applicable.

  • While staying on the line with alleged kidnappers, try to call the alleged kidnap victim from another phone.

  • Attempt to text, or contact the victim via social media.

  • Attempt to physically locate the victim.

  • To buy time, repeat the caller’s request and tell them you are writing down the demand, or tell the caller you need time to get things moving.

  • Don’t directly challenge or argue with the caller. Keep your voice low and steady.

Yes, I understand how scary this could be for a parent, but if you still are questioning whether or not having a private profile is important, I highly recommend reading THE CHAIN by Adrian McKinty. It takes the premise of virtual kidnapping to a new level. It's a great fiction thriller, and hopefully it will shed more light on this issue.


Less than a month ago, security researcher Brian Krebs published an article called, Sextortion Scam Uses Recipient’s Hacked Passwords, and now, it appears that extortion has spread to the Apple platform.

Sextortion, by definition, is a form of blackmail in which sexual information or images are used to extort sexual favors from the victim. 

As noted by Krebs, the perpetrators would first hack the computers password. After receiving the computer's password, the hackers would email the victim and inform them that their password was hacked. What they would do next is tell the victim that they recorded them doing nefarious things. You can read an entire email below.


This type of email would be very convincing, as the hackers literally know your password, which would make the average user and even more advanced users assume that recording through the webcam is possible. This is one of the more intimidating and personal scams I've ever seen. This isn't simply an attempt at extortion, it's uncomfortably personal.

Quite some time ago, I wrote a blog entitled simply Should You Cover Your Computer Camera. Now, when I wrote this, I hadn't really considered something like sextortion. That being said, if you are going to be doing..."personal" things on your computer, you may be better off using a camera cover. In addition to covering your camera, it may be worth it to get a piece of camera-monitoring software that can help monitor your webcam activity and alert you to its use.

When it comes to webcam monitoring, there is nothing better than Oversight by Objective-See. This software, as I mentioned, alerts you to both your camera and your microphone becoming active. It will throw you a notification in the top-right corner of your screen, alerting you to its activation. It also allows to whitelist certain apps, meaning that when you get the alert whether to allow or block the enabling of your camera, you can choose "Yes, Always" or "Just Once." This way, you can make sure Facetime always comes through, but other applications do not. Now you may be thinking, "Isn't that what the small, green light next to the camera is for?" The short answer is: yes. The slightly longer answer is that the green light can be bypassed to remain off even while the camera is active.

© Objective-See —— example of whitelisting an application with Oversight

© Objective-See —— example of whitelisting an application with Oversight

© Objective-See —— Oversight Application for macOS

© Objective-See —— Oversight Application for macOS

There are other ways you can protect yourself, such as using a program such as Micro Snitch, which is a program by the creators of Little Snitch, or you could even use an actual camera cover. If you so desire, you even get a pair the two. I don't physically cover my camera, as I am not overly concerned of being spied on, but a large part of this is due to the fact that I purchased Micro Snitch years ago, and since then, Objective-See released Oversight, which I also have installed. I figure that between the two programs, I should be safe, although I've found myself definitely drifting towards Objective-See's tools as opposed to the creators of Little/Micro Snitch, Objective Development. TL;DR: Install Oversight.

I do understand why others may want it covered. We all remember that picture of Mark Zuckerberg holding up a sign in his office, and in the background you see a MacBook Pro with the microphone and camera covered. Many people were shocked by this, but I was not one of them. Zuckerberg has many whom I'm sure would like to access his webcam, whereas someone like myself doesn't really have to deal with creepy people like that in my reality. It's our differences in fame and fortune. Fortune will quickly make you a larger target for any type of cyber attack.


The FBI has listed a few ways to avoid sextortion scams. They are as follows:

1. Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.

2. Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.

3. Turn off [and/or cover] any web cameras when you are not using them.

If you or someone you know have been victims of a sextortion scam, contact the FBI toll-free at 1-800-CALL-FBI.