Beware of Digital Kidnapping

in Member Education, Safety & Security

Most parents warn their kids against taking candy or accepting a ride from a stranger, but there’s a digital equivalent to conventional kidnapping that is unknown to many people. Digital kidnapping happens when a person takes control of a target’s social media profiles and holds them until a ransom is paid. It can also involve “kidnapping” photos that are posted on social media pages. Here’s what you need to know about digital kidnapping and how to protect yourself from falling victim.

How the scams play out

In a digital kidnapping scam, a hacker or ring of scammers will take control of one or more of a target’s social media profiles. The target will be effectively locked out of their own social media accounts and will be unable to access or update them. Once the scammer has control of the profile, they’ll contact the target, demanding a hefty ransom in return for access to the account. They may even threaten to post damaging or humiliating content on the social media profile unless the ransom is paid.

In another version of this scam, hackers will “kidnap” a photo of a child or baby off an unsecured social media account. They will post these photos in their own accounts, using the picture-perfect moments to create a fantasy world of their own. In a creepy twist of reality, they’ll pretend these are snapshots of their own family. They may use this fake world to help them create an imaginary escape, or to draw traffic to their own public accounts. Sometimes, they’ll utilize these photos to help build a bogus story, such as a baby being put up for adoption, or a charitable fund to benefit a child whose parents are struggling financially. Unfortunately for the actual parents, it can be months or years before they find out that their child’s picture is splashed across a public account with thousands of followers.

If you’ve been targeted

If you believe you’ve been targeted by a digital kidnapping scam, there are steps you can take to mitigate the damage. First, alert the company that owns the social media platform to let them know your account has been compromised. They’ll likely have specific instructions for you to follow to ensure your account remains safe. They may even advise you to close the compromised account and open a new one. Next, tip off the Federal Trade Commission (FTC) and local law enforcement agencies which can help you determine whether it makes sense to pay the requested ransom. Finally, clean up your accounts and make sure there is no identifying or potentially dangerous information being posted on a public forum.

Protect yourself

The best way to protect yourself from digital kidnapping is by keeping your accounts private and secure. Always choose the strongest security settings on your devices and opt for private social media accounts across every platform. This will limit your audience to by-invitation-only viewers while helping to keep hackers and creeps away.

It’s also a good idea to be mindful of what you post, and how often you post it. Even when using the strongest security settings, sharing a picture online essentially means sharing it with the public. You never know who may be trolling your accounts or looking for pictures to “adopt” as their own. Think three times before posting a picture of your kids. Extra caution is advised for those with super-cute kids.

Finally, be sure to follow basic online safety rules to avoid giving a scammer access to your accounts. Use strong, unique passwords for each of your online accounts and change up your passwords every six months or so. Avoid using public WiFi unless absolutely necessary. Accept every security and software update offered for your device to keep them operating at optimal security. Finally, avoid sharing sensitive information with an unverified contact and never download an attachment or click on a link within an email from an unknown sender.


Fraud prevention is important.

As a reminder, SouthPoint will never email, text or call you and ask for your personal information. This includes usernames, passwords, account numbers or access codes. Even if your caller ID says “SouthPoint,” it’s likely spoofing, which is a scam. If this happens to you, please contact us and we can help. For more simple steps to protect yourself, click here.

You have requested an external link.

 By clicking this link, you are leaving SouthPoint’s website and entering a website hosted by another party. We do not operate this site, nor are we responsible for its content. Please review the privacy and security policies of the site you are entering, as they may differ from those practiced by the credit union.

Cancel Accept