Abstract
No longer limited by geographic locations and in-person interactions, criminals leverage information and communication technology to commit virtual kidnappings. In its simplest form, a virtual kidnapping is a cyber-enabled crime where criminals contact targets (falsely) claiming to have kidnapped a significant other, child, or other relative and threatening to cause death or serious bodily harm to the person unless a ransom is paid. Overall, little is known about virtual kidnappings and the characteristics of the actors and groups that commit this cyber-enabled crime. To identify these characteristics, this article conducts an in-depth, virtual kidnapping case study analysis based on a systematic review of more than 7000 news reports, official reports, and court documents between January 2000 and March 2022. The aims of the article are twofold. First, the article identifies the intersection between technology and kidnapping to place virtual kidnapping within the broader kidnapping literature. Second, the article develops a comprehensive typology of virtual kidnapping based on an in-depth analysis of 75 cases that identifies the characteristics of the actors and groups involved in this crime, including: whether this crime is committed individually, with another actor, or as part of a group; if there are ties to transnational organized crime; the gender and nationality of actors; the size, structure, and roles of members of any identified groups; and the actors’ and groups’ tactics, tools, targets, areas of operation, and modus operandi. The research findings of this study can assist criminal justice agencies in the identification, investigation, prosecution, and adjudication of this crime.
Keywords: Virtual kidnapping, Cyber-enabled crime, Ransom, Organized crime, Methods of operation
Introduction
Virtual kidnapping is a term used to describe a scam that is perpetrated using information and communications technology (ICT) where criminals contact targets (falsely) claiming to have kidnapped a significant other, child, or other relative and threatening to cause death or serious bodily harm to the person unless a ransom is paid. During the COVID-19 pandemic, U.S. FBI press releases warned about virtual kidnappings (e.g., FBI, 2020, 2022); yet the actual number of these crimes in the U.S. and other countries is unknown because when these incidents are reported they are not recorded as virtual kidnappings. Although law enforcement agencies have been aware of virtual kidnappings for decades, it remains a highly understudied topic.
This article seeks to fill the void in academic and gray literature by conducting an in-depth systematic review of news articles, government reports and briefings, and criminal cases that cover virtual kidnappings. Based on a review of more than 7000 articles, reports, and court documents, and detailed analysis of 75 cases, this article pursues two main objectives. The first goal is to place the understudied topic of virtual kidnapping within the broader literature of kidnapping and encourage future research on this topic. Second, the aim is to develop a comprehensive typology that identifies various characteristics of virtual kidnappings. The motivating questions for this analysis include: Who are the offenders and targets in virtual kidnapping cases? What are the main characteristics of the actors involved in this crime? Is this crime committed individually, with another actor, or as a part of a group? Are there any links to transnational organized crime? What can we learn about the size, structure, and roles of members of any identified groups? What are the actors’ and groups’ tactics, tools, areas of operation, and modus operandi? The research findings could be used by academics interested in studying this illicit activity and criminal justice practitioners investigating, prosecuting, and adjudicating this crime.
Literature Review
Kidnapping refers to the illicit act of abducting, transporting, and/or confining an individual against their will. This unlawful act usually involves seizing targets and transferring them to a location where they will be held; placing and keeping them in confinement (often under duress); contacting third parties associated with the targets; negotiating payments for the release of targets (i.e., money, goods, and/or services); and obtaining payments and commonly, releasing targets following the payment.1 The next section provides background information on the broader topic of kidnapping (i.e., traditional kidnapping), to situate the understudied topic of virtual kidnapping within the broader academic literature on kidnapping.
Traditional Kidnapping
Kidnapping literature has identified different motivations for committing this crime. Specifically, it differentiates between kidnapping for political reasons, which is beyond the scope of this article, and kidnapping for criminal/economic reasons (e.g., Briggs, 2001; Pires and Guerette, 2019; Pires et al., 2014; Ochoa, 2012). Kidnapping for ransom is motivated by criminal/economic reasons and involves abducting targets and holding them (often under duress) until payment is received from third parties (e.g., relatives, loved ones, companies, or others). Payments can be made through physical cash drops (where victims would drop off cash and co-conspirators would pick it up and bring it to the main offenders), wire transfers, and cryptocurrency (Joshi, 2020; Shortland, 2019).
Literature also identifies various kidnapping targets and locations where kidnappings occur. A report by S-RM, a global intelligence and cybersecurity firm, revealed that in South Africa kidnapping for ransom targets expanded, moving beyond the targeting of prominent South Asian business officials to include children from wealthy families. In Mexico, while kidnapping targets were originally wealthy and had some social or political status, kidnappers also began to target those without wealth or status (Ochoa, 2012). This shift, at least in part, was attributed to the government’s targeting and dismantling of groups engaged in kidnapping and the implementation of better protective strategies by the wealthy to avoid and/or minimize their kidnapping risk. In addition, while kidnapping research has largely focused on specific regions (e.g., Central and South America), where kidnappings are frequent (e.g., Moor & Remijnse, 2008; Pires et al., 2014), this crime can occur anywhere (Tzaneli, 2006; Korhonen, 2022). In fact, a report from a U.S.-based risk management company identified countries in the Middle East, Africa, and Asia as having high kidnapping rates (Constellis, 2022).
Research on the gender of offenders and roles of these offenders in kidnapping is limited. This research identifies women’s involvement in kidnapping and the various roles they play during the commission of this crime. Specifically, in Yates and Leutert’s (2020) study on migrant kidnappings in Mexico, out of the 172 kidnapping cases they analyzed, 30% of the offenders were women. Their analysis revealed 66 women and 270 men accused of participating in migrant kidnappings. Except for two cases, women offenders were arrested with at least one other person. Information about the relationships between male and female offenders were also identified in their study. Some women offenders worked directly with male romantic partners or family members, while others were forced to engage in kidnapping activities. In only 20 cases that included information about female offenders’ roles, women had varied rather than singular roles, participating in activities, such as cooking, cleaning safe houses, recruiting, transporting (i.e., drivers), organizing operations and delegating tasks, and being money mules, among other activities (Yates & Leutert, 2020). Moreover, Ochoa’s (2019) study on kidnappings in Mexico City provides information about facilitators of kidnapping—although not from a gendered perspective. He identified the so-called “treason phenomenon,” whereby individuals connected to targets in some way (e.g., domestic employee, family member) facilitate kidnapping by providing critical “inside” information to kidnappers about targets (e.g., whereabouts and wealth) (p. 93).
Research has also shown that groups commit kidnappings. Research on the size and structure of these groups is limited (see Constellis, 2022; Yates & Leutert, 2020; Ochoa, 2019). Small criminal groups of three or four individuals are common. While this research does not show connections between these groups and cartels and organized crime, it may be that these smaller groups have some link and/or pay fees (a “tax”) to these larger groups for the right to operate in territories. In Mexico, larger groups exercising control over territories, such as Los Zetas factions and the Gulf Cartel in Tamaulipas, were linked to migrant kidnappings (e.g., Valdés, Aguirre, and González, 2018; Leutert, 2021; UNODC, 2012).
Furthermore, researchers have identified different forms of kidnapping for ransom. For example, Moor and Remijnse (2008) identified four types: express kidnappings (i.e., kidnappers force targets to go to ATMs or banks and withdraw money to give to kidnappers); group kidnappings (i.e., kidnappers indiscriminately and spontaneously select kidnap targets at traffic road stops); premeditated kidnappings (i.e., kidnappers choose specific targets to kidnap); and virtual kidnappings (Moor & Remijnse, 2008). The next section examines existing information about one form of kidnapping for ransom, namely, virtual kidnappings.
Virtual Kidnappings
A virtual kidnapping is considered a variation of existing scams involving the use of ICT (e.g., phones and encrypted and unencrypted communications platforms) to threaten or coerce targets to pay scammers, such as criminals pretending to be police officers who falsely claim to have arrested a target’s significant other, child, or other relative or criminals pretending to be police officers or government agents threatening to arrest or prosecute a target for a supposed crime or failure to pay taxes. These tactics are used to frighten targets and trick them into sending perpetrators something of value. Individuals who engage in this crime commit extortion, an illegal act whereby targets are threatened or intimidated to coerce them into providing perpetrators with money or another financial or material benefit (UNODC, 2021).
Virtual kidnapping is a form of cyber-enabled fraud, whereby perpetrators use a myriad of deceptive and/or misleading tactics to obtain money, goods, services, or other gains. Individuals draw from countless plotlines to target victims across demographics with various forms of cyber-enabled fraud (Button & Cross, 2017; Cross & Kelly, 2016). The Financial Fraud Research Center at the Stanford Center on Longevity and FINRA Investor Education Foundation created a fraud typology that categorizes fraud types based on various characteristics (Beals et al., 2015). This typology provides various fraud categories and subcategories based on attributes relating to the “target” (i.e., fraud against individuals and fraud against organizations), “expected benefit/outcome” (Table 1), and “specific type of fraudulent item/transaction/relationship,” the latter of which includes subcategories that are non-exhaustive and include “‘other’ categories to account for specific fraud types not listed or new fraud types that may arise in future” (Beals et al., 2015, p. 12).
Table 1.
Fraud typology: subcategories of the fraud against individuals’ category
Subcategory | Expected benefits/outcomes |
---|---|
Consumer investment fraud | Investment returns |
Consumer products and services fraud | Products and services |
Employment fraud | Employment |
Prize and grant fraud | Prizes and grants |
Phantom debt collection fraud | Avoid adverse consequences from failure to pay debts |
Charity fraud | Charity contributions |
Relationship and trust fraud | Relationships |
Beals et al., 2015
Virtual kidnapping is not explicitly mentioned in this fraud typology. The closest subcategory of “fraud against an individual” that relates to virtual kidnapping is “relationship and trust fraud.” According to Beals et al. (2015), perpetrators of this fraud exploit targets pre-existing personal relationships by, for example, masquerading as a friend, relative, or other loved one (imposter scam) or cultivating personal “romantic” relationships with targets (romance scam), which they subsequently exploit. While imposter scams seek to catch targets off-guard without much time to process the request, romance scams take time and perpetrators use various subtle tactics to build rapport, trust, and ultimately a “relationship” with targets (Carter, 2021; Button & Cross, 2017; Cross et al., 2016).
Like other forms of relationship and trust fraud, virtual kidnapping exploits pre-existing personal relationships with friends, relatives, or other loved ones to perpetrate the scam. In addition, like virtual kidnappings, targets of relationship and trust frauds, such as romance scams, may be pressured or coerced to comply with perpetrators’ demands (Button & Cross, 2017). These targets may be threatened with extortion, particularly if they have committed any criminal activity at the behest of the perpetrator, provided intimate images or other forms of media to the perpetrators, or engaged in any other conduct, which could harm the target if made public (Button & Cross, 2017; Whitty, 2013).
Virtual kidnappers also utilize comparable scare tactics as those used in ransomware attacks. Like virtual kidnapping, ransomware seeks to frighten users to pay a ransom by threatening to cause harm or damage to them and/or their property. Earlier versions of ransomware involved malicious software (or malware) that infected users’ devices and posted a warning message threatening to release information and report individuals to the police due to criminal activity identified on the users’ systems and/or damage the systems. Today’s common version of ransomware is cryptoransomware, which infects users’ devices, encrypts data and/or files thereby blocking users’ access to them, and demands a ransom be paid to regain access to encrypted items (Maras, 2017). In virtual kidnappings, ransom is demanded to “release” individuals falsely claimed to be kidnapped. Wall’s (2022) research identifies the evolution of ransomware by examining cyber organized criminal groups2 engaging in this cybercrime and the ransomware attacks they committed. These attacks are becoming more discerning in target selection, moving from trying to infect as many systems as possible (spray and prey) to infecting specific targets that could provide greater gains (big game hunting) (Wall, 2022).
Even though research on virtual kidnapping is very limited, certain countries have published reports on this crime. For example, Kenya’s National Crime Research Center (2017) published a kidnapping report where it identified virtual kidnappings as the least prevalent form of kidnapping in Kenya. In Mexico, a publication by the now-defunct Federal Agency of Investigation (AFI) of the Attorney General’s Office (PGR) traced the origins of telephone extortions (i.e., virtual kidnappings) to 2004 as an outcome of the country’s efforts to combat kidnapping. Once kidnappers were placed in prison, they posed as members of organized criminal groups (e.g., Los Zetas, La Familia Michoacana, or Los Caballeros Templarios) (ONC, 2014) and committed this crime to make money (ONC, 2014). This evolution of kidnapping for ransom enables perpetrators to commit this crime at a distance without requiring the use of violence. Instead, these perpetrators use intimidation and threats of violence to convince targets that they will cause them, their relatives, or significant others harm. These threats resonate with targets and are viewed as credible as they come from (or pretend to come from) territories where violence, homicide, and kidnappings are (or seem) likely to occur (ibid.). The perpetrators may randomly contact the targets or choose the target based on information obtained online, in the news, etc. (ibid.).
Despite some general discussions on the topic, the nature and scope of virtual kidnapping remains unknown. The dearth of information could be, at least in part, explained by the lack of use of the term “virtual kidnapping” in cases, news articles, and government reports. Instead, this cyber-enabled crime is often described as a phone/telephone scam, online scam, and/or extortion. In Australia, virtual kidnappings are considered “threats to life, arrest, or other scams,” which coerce targets into paying money to scammers by threatening or demanding payment for fraudulent reasons (Australian Competition and Consumer Commission, 2021). In the USA, this cyber-enabled crime is reported as extortion. In 2020, 76,741 acts of extortion were reported by crime victims to the U.S. Internet Crime Complaint Center (IC3, 2020). IC3 does not provide information on if and how many of the victim-reported crimes were virtual kidnappings. Existing cybercrime measurement tools also do not specifically record virtual kidnappings.
Methodology
We conducted a qualitative content analysis of publicly available English-language documents published between 2000 and 2022 that involved virtual kidnappings. Most of our data came from English-language newspaper articles and court documents. We also reviewed official English-language government and law enforcement reports on virtual kidnappings. Since the academic literature on this topic is almost nonexistent, we chose this exploratory method to better understand virtual kidnappings, how they are conducted, the perpetrators of this cyber-enabled crime, and the persons targeted by this cybercrime. We tried to triangulate various credible sources to provide the most complete picture possible of virtual kidnappings.
Data Collection
We cast a wide net with our approach to identify a robust sample for our study. Specifically, we searched for news reports, press releases on government websites, and criminal indictments and other court documents that involved cases of virtual kidnappings between 2000 and 2022. We have collected relevant statements and reports published by formal agencies (e.g., official reports, press releases, law enforcement statistics, and statements) to complete the missing gaps in our dataset. The term virtual kidnapping was not consistently used, which made the identification of cases difficult. We first searched a private case law database (NexisUni) using varying combinations of search terms that include a combination of the words “kidnap” or “kidnapping” with “virtual,” “Internet,” “online,” “phone,” “fraud,” “extortion,” “indictment,” “arrest”, “guilty,” and “sentence.” The last four terms were added to determine the progress of identified cases and their conclusions (if any). We did not use web scraping tools because we predominantly sought cases and newspaper articles in NexisUni, which does not allow scraping as it violates their terms of use. We conducted supplementary research on the United Nations Office on Drugs and Crime’s (UNODC) Sharing Electronic Resources and Laws on Crime (SHERLOC) database and Public Access to Court Electronic Records (PACER). We then searched clearnet for supplemental case information.
We reviewed more than 7000 documents that contained our relevant keywords to select the most relevant for the purpose of our study. We reviewed our search results dismissing incidents that involved physical kidnappings for ransom, including general information and warnings about virtual kidnappings, and any duplicate results. We also excluded any documents that mentioned virtual kidnapping but did not provide any information about a specific incident involving this crime. We were able to identify 75 virtual kidnapping cases both in the USA and abroad that occurred between January 2000 and March 2022, only 7 of which had publicly available court documents in the English language.
Data Analysis
After identifying 75 cases, we conducted an in-depth, case study analysis and added information about this crime, its perpetrators, and victims/targets to a codebook. Our codebook included the characteristics of actors, dyads, and groups engaged in virtual kidnapping and the tactics, tools, targets, areas of operation, and modus operandi used by them, as well as the characteristics of targets/victims of this cybercrime. To ensure intercoder reliability, the authors and our research assistant coded cases separately and then reviewed and discussed coded cases to verify consistency in coding and resolve any disagreements. The authors conducted a final review and quality check of all coded cases. Ultimately, we created an English-language dataset with the characteristics of actors engaged in and/or targeted by virtual kidnapping, as well as information about virtual kidnappings.
Results and Discussion: The Anatomy of Virtual Kidnappings
Our comprehensive analysis of cases revealed variations in the profiles of perpetrators and targets of virtual kidnappings, the tools used to facilitate and/or commit this cybercrime (i.e., financial and communications platforms), and the tactics and methods of operation of virtual kidnappers. In the next sections, we provide detailed information about the results of our study, particularly as it relates to threat actors and targets, and identifiable trends in virtual kidnappers’ tactics, tools, targets, areas of operation, and modus operandi and discuss our findings.
“Who” Commits Virtual Kidnappings and “Who” are the Targets?
Demographics
Demographic information about offenders and targets/victims were primarily available in the cases where offenders and victims were identified. Regarding offenders, even in those cases where the offenders were unknown, we were able to identify some demographic information. For most of the cases with unknown offenders, gender information was available for certain offenders based on their roles in the virtual kidnapping. Predominantly, gender information was available for the callers (i.e., individuals who contacted targets to inform them of the kidnapping and demand a ransom) and the fictitious kidnapped person (i.e., a person masquerading as the kidnapped victim, who can be heard in the background of the call and/or who speaks to the target). For example, a woman received a call from a man claiming to have kidnapped her daughter, who was a student at the University of Maryland (C75). During the call, an unnamed woman was put on the phone claiming to be her daughter and pleading with her to pay the ransom (Binkley, 2016). Our findings revealed that the callers were predominantly men, and the fictitious kidnapped persons were predominantly women. Like Yates and Leutert’s (2020) study on migrant kidnappings, we observed that virtual kidnappings are not “a male-only activity” (p. 296). In the few cases where court documents were available, which involved organized criminal groups engaging in virtual kidnappings, men served the roles of leaders, organizers, and were responsible for contacting targets and women served as money mules and recruiters of money mules. In other cases that involved smaller groups, women played other roles, even serving as the leader (particularly in cases where they staged their own fake kidnapping). While Yates and Leutert (2020) found that women did not have singular roles in migrant kidnapping, given the lack of robust information on our cases where court documents were lacking, we were unable to identify whether women played more than one role in most virtual kidnapping cases.
Regarding targets/victims, the gender of one or more victims was identified in 64 out of the 75 cases. From the 64 cases, 30 identified at least one woman, 20 identified at least one man, and 14 cases identified at least one man and one woman. For the cases with identified offenders and targets/victims, we could identify the relationships between them. The targets of virtual kidnappers include family members (i.e., parents, siblings, children, or grandparents), significant others, contacts on target’s phone, friends, employers, the police, or persons within one’s social environment, such as a community and church. Our dataset also revealed the targets were in Argentina, Australia, Brazil, Canada, China, Hong Kong, Ireland, Malaysia, Mexico, New Zealand, Nigeria, Singapore, South Korea, the UK, and the USA (Table 2). These findings illustrate that virtual kidnappings are perpetrated in North America, Latin America, Europe, Africa, Asia, and Oceania.
Table 2.
Virtual kidnapping typology
Offenders’ Nationalities* | Structure** | Gender and roles*** | Methods of operation trends | Payment & ICT used | Crimes committed | Victims/targets & relationship to offenders |
---|---|---|---|---|---|---|
USA Mexico Hong Kong UK Canada Argentina Australia Ireland Malaysia Singapore Nigeria |
Lone actors Dyads Groups - including cyber organized criminal groups, particularly clustered hybrids Note: While we could not confirm in other cases whether lone actors, dyads, or groups were involved, we were able to identify at least one offender, at least two offenders, and possible group involvement. In most cases, the offenders were not identified so it was difficult to determine if a group was involved in the incident |
Lone actors: In all but one case where one offender was mentioned and the gender of this offender was identified, the gender was a male Dyads: Mainly made up of a man and a woman. In most of these cases a perpetrator was identified (i.e., the perpetrator served as the primary or sole contact) and one other person who served the role of pretending to be the child (male or female) of the target. In many of these cases where a person pretended to be the child of the target, the targets claimed hearing women’s/girls’ voices Groups: Of the few cases in the dataset that included the gender of offenders, the identified members of the group were either only men in the group; an equal number of men and women; or more men than women in the group. In the few cases we identified with group member gender information, men served as leaders, organizers, and contacted targets, and women served as money mules and recruiters of money mules |
USA: Callers pretended to be kidnappers and/or impersonated others. The call included a person pretending to be kidnapped who screamed in the background. Scammers told various stories ranging from significant others or relatives being in car accidents, having debts, taking the place of intended kidnapping targets, being in trouble, to having witnessed something they should not have witnessed Mexico: Callers threatened harm or death to “kidnapped” victim unless ransom is paid and used a third party to masquerade as the “kidnapped victim.” The third party would cry or scream so the target can hear them on the phone. A few of the cases in our dataset originated in Mexican prisons Chinese students/immigrants: Perpetrators claimed to be Chinese officials; targeted Chinese immigrant students in Australia, New Zealand, Canada, and Singapore; frightened or coerced targets into conducting fake staged kidnappings and/or isolating themselves and cutting off communications with their families; threatened legal action, arrest, and/or deportation for noncompliance. Some common stories used were that targets were implicated in a crime in China, were under investigation, had immigration or visa issues, or were victims of identity theft |
Most offenders used telecommunications, such as mobile phones and/or smartphones, to contact potential targets A few cases involved the use of encrypted communication platforms, such as WhatsApp or WeChat to commit the virtual kidnapping Payments were made via bank wire transfers, online payment system (i.e., Venmo, PayPal and Zelle), Western Union, MoneyGram, or physical cash drop Social media, such as Facebook and Instagram, are used to identify targets and find information about them |
Wire fraud; Conspiracy to commit wire fraud; Conspiracy to commit money laundering; Extortion; Interstate or foreign communication involving kidnapping threats with the intention of extortion; Conspiracy to deal with property that represents proceeds of a crime/known or believed to represent proceeds of an indictable offense; False imprisonment; Wasting police time; Staging kidnapping; Blackmail; Public mischief; Attempted fraud; Providing false information about a kidnapping; Disorderly conduct; Malicious communications; Publishing false or misleading material to obtain an advantage; false representation resulting in a police investigation; Scheming with one or more unknown persons; Fraud by false representation; Giving false statements to federal agents; Second-degree grand larceny; Fourth-degree conspiracy; Fraud; Conspiracy to obtain property by false pretense |
Gender: The gender of one or more victims was identified in 64 out of the 75 cases From the 64 cases, 30 identified at least one woman, 20 identified at least one man, and 14 cases identified at least one man and one woman Relationship between offenders and targets/victims: The targets of virtual kidnappers include family members (i.e., parents, siblings, children, or grandparents), significant others, contacts on target’s phone, friends, employers, the police, or persons within one’s social environment, such as a community and church Location of targets/victims: Argentina, Australia, Brazil, Canada, China, Hong Kong, Ireland, Malaysia, Mexico, New Zealand, Nigeria, Singapore, South Korea, the UK, and the USA |
*Nationality of offenders was only identified in the cases where the offenders were identified, charged, and/or convicted of their crimes
**This information is only from the cases where gender and role information were available
This table is not produced for quantification purposes. It merely serves to indicate that certain trends/patterns exist and that certain behaviors/patterns have been observed in the cases collected for the purpose of this research. We acknowledge that there could be many more cases that have not been collected for the purpose of this research due to language barriers, lack of court data, and/or media coverage, among other limitations and challenges encountered during our research
By contrast, offenders’ nationality was not easily identifiable. In our dataset, the nationality of offenders was only identified in the cases where the offenders were identified, charged, and/or convicted of their crimes in the USA, Mexico, Hong Kong, the UK, Canada, Argentina, Australia, Ireland, Malaysia, Singapore, and Nigeria. These offenders were charged with various crimes relating to virtual kidnappings, including wire fraud; conspiracy to commit wire fraud; conspiracy to commit money laundering; extortion; interstate or foreign communication involving kidnapping threats with the intention of extortion; conspiracy to deal with property that represents proceeds of a crime/known or believed to represent proceeds of an indictable offense; false imprisonment; wasting police time; staging kidnapping; blackmail; public mischief; attempted fraud; providing false information about a kidnapping; disorderly conduct; malicious communications; publishing false or misleading material to obtain an advantage; false representation resulting in a police investigation; scheming with one or more unknown persons; fraud by false representation; giving false statements to federal agents; second-degree grand larceny; fourth-degree conspiracy; fraud; and conspiracy to obtain property by false pretense (Table 2). The low identification, prosecution, and adjudication rates for virtual kidnappings reveal that this is low-risk, high-reward cyber-enabled crime.
Lone Actors, Dyads, and Groups
Many of the cases in our dataset did not reveal enough information to establish whether lone actors, dyads, or groups perpetrated virtual kidnappings. In most of the cases, all the offenders were not identified so it was difficult to determine if a group was involved in the incident. A few cases indicated group involvement or a report that mentioned the word “group,” “scammers,” or “kidnappers,” but the information provided was insufficient to determine the number and roles of perpetrators, and the type, organization, and structure of the group.
Lone Actors
Except for one case (C35), which involved a female offender, the lone actors in our dataset were men. Some lone actors targeted family members, such as parents. In one case, an offender texted his mother that he was kidnapped by a group and threatened to harm her and steal her van if money was not sent to the “kidnappers” via Western Union (C39). Other cases did not have (or did not appear to have) a familial or intimate partner connection. For instance, a male offender called emergency services, claiming to have kidnapped a police officer and demanding payment in exchange for the safe release of the officer (C42). Additionally, our dataset included cases where one perpetrator was identified; that is, the person who contacted the target—the caller—was the only person mentioned in the case. However, it is important to note that this does not necessarily mean that the offender operated alone; this only means that only one offender was identified in the case. Based on the available information, we could not determine whether the person was acting alone or in concert with others to commit this cybercrime.
Dyads
Most of the dyads in our dataset were made up of a man and woman. In some of our cases, dyads targeted employers, significant others, or relatives of one or more of the perpetrators. These dyads were made up of spouses, intimate partners, friends, and acquaintances. In one case (C50), for example, a husband and wife worked together to defraud an elderly woman in West Virginia, USA. At the time of the incident, the wife was an employee of the elderly woman, serving as her caretaker. The husband and wife orchestrated the virtual kidnapping: The “kidnapper” contacted the elderly woman via phone and told her that the caretaker would be killed if a ransom of USD $20,000 was not paid (Office of the U.S. Attorney, 2009). Cases like these are in line with Yates and Leutert’s (2020) findings where they found that women kidnappers worked directly with male romantic partners or family members.
In other cases, the relationship between the persons in the dyads was unknown. In those cases, it was unclear whether there were only two perpetrators involved in the cybercrime. There were 19 cases where a perpetrator was identified (i.e., the perpetrator served as the primary or sole contact) and one other person who served the role of pretending to be the child of the target. Pretending to be the target’s child, this second person cried, screamed, and/or talked to and/or pleaded with the target on the phone. In the USA, two parents in separate families were targeted by a virtual kidnapping scheme, where the father and mother were each called on the phone, heard a woman screaming saying she was kidnapped, and were informed by an unknown man (the caller) that their respective daughters would be returned unharmed if a ransom was paid (O’Leary, 2019; Shamsian, 2019). In cases like these, however, there was insufficient information to determine whether the perpetrator and the person posing as the kidnapped victim (adult or child) were working together, were part of a larger group, or the person portraying the kidnapped victim was coerced into engaging in this act. More information would be needed to establish whether the two individuals were working together.
Groups
The cases we examined revealed two types of groups. One type of group targeted individuals who they knew, usually family, friends, or associates. Members worked together to demand a ransom against specific targets. For instance, in the UK, Asif Hussein and his accomplices committed a virtual kidnapping scam against a friend’s family whose brother disappeared (C34). The offenders claimed to have kidnapped and tortured the brother, leaving a voicemail and text messages to that effect, and demanded a ransom for his release by cash drop and wire transfer (Sutcliffe, 2006). We found other cases that involved (staged) virtual kidnappings where the alleged victim was the sole perpetrator and staged the kidnapping with or without accomplices.3 Although it is hard to know the exact number of people involved in these groups, it appears that both virtual kidnappers and traditional kidnappers work mainly in small groups and are sometimes linked to larger criminal groups.
The second type of group included cyber organized criminal groups. Cyber organized criminal group typologies were created based on the group’s structure and the extent of their participation in online and/or offline activities (Broadhurst et al., 2014; UNODC, 2021). Literature identifies three types of groups, which (1) predominantly operate online (i.e., swarms and hubs); (2) operate both online and offline (i.e., clustered and extended hybrids); and (3) operate predominantly offline (i.e., traditional organized criminal groups) (Broadhurst et al., 2014).
Our research revealed some cases involving cyber organized criminal groups. These groups had three or more persons fulfilling different roles in the organization (e.g., caller and money mule). They were organized and had some form of identifiable hierarchy. All groups had both online and offline operations (e.g., technology was used to commit virtual kidnappings and money mules were used to obtain ransom in person and via wire transfer). Two of these cases (C1, C3), USA v. Yanette Rodriguez Acosta and USA v. Ismael Brito Ramirez, were linked. Ramirez, a prisoner in a Mexican prison, conducted virtual kidnappings against USA-based targets that involved co-conspirator Acosta. Ramirez contacted targets in California, Idaho, and Texas via telephone, falsely claiming to have kidnapped their children and threatening to cause death or serious bodily harm to them and/or the target unless a ransom was paid and/or if the target hung up or disconnected the call for any reason. Ramirez instructed the targets to either wire money to co-conspirators in Mexico or to drop off the money at a physical location to be picked up by U.S. co-conspirators. Acosta, one of the co-conspirators, recruited money mules in the USA and served as a money mule coordinating payments, collecting money that targets dropped off in physical locations, and wire transferring funds to Ramirez’s co-conspirators in Mexico. Ramirez, Acosta, and their co-conspirators were members of a cyber organized criminal group, particularly a clustered hybrid, which committed virtual kidnappings in a specific region (for more information about clustered hybrids, see UNODC, 2021). Another case that involved a clustered hybrid group was USA v. Ruth Graciela Rayzoga, Maria del Carmen Pulido Contreras, Adrian Jovan Rocha, Jonathan Roch (2013) (C5). While many of its operations were online (e.g., technology used to conduct virtual kidnappings, wire transfer, and launder money), there was at least one in-person activity—the physical exchange of criminal proceeds with co-conspirators in Mexico (at least in the instances where money was not wire transferred to co-conspirators in Mexico). Like previous cases, USA v. Reyes Zuniga (2019) involved a group that committed a virtual kidnapping, operated both online and offline, and instructed victims to wire transfer money to group members or drop off money and/or electronics at physical locations to be picked up by group members (C2).
Our analysis did not reveal the involvement of an extended hybrid, which is “less centralized and has a less obvious core than a clustered hybrid… [, and is] made up of associates and subgroups that commit various criminal activities” (UNODC, 2021, p. 19). This lack of finding does not necessarily mean that this type of cyber organized criminal group is not involved in virtual kidnappings. From the available information, we also could not identify any groups that operated exclusively online (i.e., swarms and hubs). Moreover, only in a few cases were traditional organized criminal groups mentioned as engaging in virtual kidnappings; for example, Cártel Jalisco Nueva Generación and Los Zetas (C18, C21, C37, C40). These cases, however, were identified in news and others reports, not criminal court cases; therefore, the involvement of these groups could not be established. In another case, Juicio 38/2020 (Mexico), the offenders were part of a cartel and traveled to locations where money was transferred to physically withdraw the money (C4). Like previous cases, while the virtual kidnapping activities were cyber-enabled, the group engaged in certain offline activities to access the laundered money and proceeds of their cybercrime. Unfortunately, more detail was not provided in this case beyond the description of the way this cybercrime was committed. The name of the cartel is not mentioned, so we were unable to determine whether it was a traditional organized criminal group that engaged in online activities (i.e., virtual kidnapping) as one of many criminal activities or if this group exclusively focused on virtual kidnapping. While some virtual kidnappers may be part of cartels or other criminal groups (e.g., prison-based gangs) or operate on behalf of these groups, others falsely identify themselves as members of criminal groups to instill fear in targets, show that their threats are credible, and increase the likelihood of compliance with demands (Drake, 2020). Finally, owing to a lack of detailed information about group structure and organization, we could not determine the type of cyber organized criminal groups in most cases. In these cases, even when a group was mentioned, no other details were provided to establish group involvement. A case in point is a U.S. incident involving an unnamed mother in Washington, who was told her son was kidnapped and a ransom was demanded for his safe return (C64). The news article covering this incident (Wilson, 2018) mentioned the word “kidnappers,” without explaining why “kidnappers” was used instead of “kidnapper.”
How Do They Operate? Identifiable Trends
In this section, we identify some of the most observed trends in virtual kidnappers’ tactics, tools, targets, areas of operation, and modus operandi.
Tools
Similarly to other forms of kidnappings, our findings indicate that kidnappers predominantly used telecommunications—telephones and/or cell phones—to contact potential targets. A few cases involved the use of encrypted communication platforms, such as WhatsApp or WeChat. Social media, such as Facebook and Instagram, are used to identify virtual kidnapping targets and find information about them, especially in cases where targets had missing relatives and/or loved ones. Geotagging has been used as well (Drake, 2020, 2021). Our cases also revealed that perpetrators engaged in operational security methods to prevent, avoid, and/or minimize the risk of law enforcement detection and exposure. Specifically, perpetrators used caller-ID spoofing to mask their identities and locations and/or pretend to be associated with the targets (e.g., spoofing the number of a spouse or child to make it seem as if they are receiving a call from their significant other) and/or their instructed targets to go to more than one location to withdraw and/or send money; hide the reason why the money was being sent (e.g., to place the word “rent” in the notes section for the reason for sending money) (Skiba, 2019); rip up receipts of wire transactions; and/or purchase gift cards and provide card information to the perpetrators as a form of payment.
Additionally, our cases revealed that targets made payments to offenders via bank wire transfers, online payment systems, or via physical cash drop (where victims would drop off the cash and co-conspirators would pick up the cash to bring it to the main offenders). Even though wire transfers were a common payment method, the cases often were missing information about the exact banks used. Moreover, some of the cases indicated that Western Union and MoneyGram were used as the money transfer company. Further, peer-to-peer (P2P) smartphone apps, like Paypal, Zelle, and Venmo, were identified in some cases. In others, the offenders requested gift cards, electronics, iPhones, or iPads as forms of payments.
Tactics
Our Dataset Revealed Several Interesting Tactics Virtual Kidnappers Used:
Stories Told.
Unlike kidnappings for ransom, no one is actually kidnapped in virtual kidnappings. In view of that, virtual kidnappers use various scenarios like kidnappings for ransom to sound believable and convince targets to pay ransom. Targets were told that their significant other or relative was in a car accident, had a drug-related debt or owed another type of personal debt (e.g., to human smugglers), took the place of the intended target for kidnapping, was in trouble, or witnessed something they should not have witnessed. Virtual kidnappers have impersonated targets’ family members or loved ones, organized criminal groups, and/or government officials. Furthermore, virtual kidnappers do not need a backstory to convince targets that someone they know, care about or are related to is kidnapped. In most of the cases we examined, instead of providing a backstory about the kidnapping, the offenders used another person to make the scam appear more credible (i.e., a person pretending to be kidnapped cries, screams, or pleads for help)4 and/or personal information about the target and/or “kidnapped” victim or spoofing technology or SIM card swapping to make the kidnapping appear more plausible.
Threats.
To confuse and frighten their targets into making rushed decisions, offenders communicate very serious threats to targets, mimicking traditional kidnapping cases. These threats often involve children. For example, an unknown offender said the following to a mother about her daughter: “We have Simone’s finger. Do you want to see the rest of her in a body bag?” (Queally, 2017). Likewise, one target was told, “If you don’t pay me $10,000, I’m going to cut up your son and make you listen to him scream” (Hurtibise, 2020). Offenders have also threatened to harm spouses. A virtual kidnapper threatened to harm a man’s wife if ransom was not paid. Specifically, the offender told him: “I don’t want to kill her, but I need you to send me money” (Cunningham, 2022). Additionally, offenders have threatened to cause serious bodily harm or death to parents (e.g., “I have your mom and I have a gun held to her head and if you don’t do what I say, I’m gonna kill her,” Runevitch, 2021). Moreover, virtual kidnappers threaten to harm or kill siblings or other relatives (e.g., “We have your sister…Nothing is going to happen to her if we get money. We just want money…Put the gun down. She’s going to give us money,” Skiba, 2019). Finally, virtual kidnappers have threatened the targets as well: “I know exactly where you live, and if you say something, I’m gonna hang up the phone and I’m coming inside your house” (ABC27, 2021); “If you don’t listen to us, we are going to put drugs in your hotel room and you’re going to rot in jail in Mexico. Or we will just put a pistol to your head and kill you” (FBI, 2014). In general, threats to targets or their loved ones are very common and designed to ensure compliance with offenders’ demands and to deter targets from contacting the police, the supposed “kidnapped” victims, or others.
Criminals Keep Target on the Phone.
Our analysis revealed that perpetrators threatened to kill or harm the targets’ children, relatives, or significant others or kill or harm the targets to keep targets on the phone. Unlike traditional kidnappings, targets in virtual kidnappings have often been ordered to stay on the phone until the money is wired. The purpose of this tactic is to prevent targets from seeking assistance (by, for example, calling the police), trying to contact “kidnapped” victims, and/or otherwise establishing the well-being and/or whereabouts of victims. This tactic is also used to instill a sense of fear and urgency to coerce targets to act quickly and make ransom payments. Conversely, in traditional kidnappings, since the interaction between victims and perpetrators tends to be longer and often over a couple of days, the kidnappers prefer to stay on the phone for shorter periods of time to avoid having their location traced by law enforcement.
Criminals are Becoming More Discerning with Their Tactics.
Existing literature and news reports mention that virtual kidnappings originally targeted specific individuals (e.g., in the USA, Spanish speakers), but now indiscriminately target individuals (e.g., FBI, 2017; Healey, 2022). We observed that individuals, dyads, and groups engaging in virtual kidnappings have become more targeted in their approach. Like traditional kidnapping cases where the kidnappers carefully study their potential victims and whereabouts (except for spontaneous kidnappings, like Moor and Remijnse’s (2008) “group kidnappings”), our analysis revealed cases where virtual kidnappers knew the personal information and/or phone numbers of targets and their family members, rather than randomly selecting targets based on phone numbers and locations. In these cases, the perpetrators used this information to make the kidnapping scenario more plausible to the targets. In some cases, the phone number of the purported kidnapping victim was spoofed to make the target think that the call from the kidnapper was coming from their loved one’s or family member’s phone. Numbers are also spoofed for perpetrators to make it seem as if calls are coming from a specific location or government authorities. This tactic shows that virtual kidnappings have evolved making it much more difficult for targets to identify this scam. Such an evolution was similarly observed with another cyber-enabled crime—phishing (i.e., a cybercrime that involves “masquerading as a legitimate entity or business in order to trick users into revealing some type of information”; Maras, 2017, p. 292). Phishers cast a wide net and contact individuals en masse in the hopes of defrauding some of the targets. By contrast, spearphishing is a targeted form of phishing whereby perpetrators “send…emails or other electronic forms of communication to a specific individual, organization, or business in order to steal data for malicious purposes or to install malware on the target’s computer system” (UNODC, 2021, p. 49). This evolution to targeted approaches to victimization has also been observed with ransomware (Wall, 2022). Like spearphishing (and ransomware), we observed that virtual kidnappers target specific individuals. Virtual kidnappers target people in households based on information they obtain about them (e.g., names and phone numbers of children, spouses, or other relatives).
Operational Methods (Cartels, Gangs, and Larger Criminal Groups)
Virtual kidnappings are committed by groups and individuals globally; although our cases showed that many originated in and/or have some connection to Mexico and China. Our analysis also revealed several trends, particularly relating to the geography, tactics, and tools used to facilitate and engage in virtual kidnappings (i.e., scenarios and threats used, communications technology, and financial payment platforms) and the methods of operation of virtual kidnappers in these countries and the USA.
Trends Involving Mexico.
U.S.-based law enforcement agents have frequently noted that virtual kidnappers operate in Mexico (FBI, 2017). In USA v. Ruth Graciela Rayzoga et al. (2013), offenders in Mexico, Texas, and California mainly targeted Spanish-speaking families in the USA (i.e., most of the 124 victims were Spanish-speaking families in Maryland, Minnesota, and Virginia) with relatives in different countries (e.g., El Salvador, Guatemala), claiming they smuggled the targets’ loved ones (e.g., daughters/sons, brothers) into the USA and demanding ransom money (between USD $1,500—$4,000) through wire transfer (MoneyGram or Western Union) in exchange for their safe release (C5). In another case (C32), the target lost contact with her brother after he crossed the U.S-Mexican border. Years later, she was the target of virtual kidnapping where the caller told her that her brother was kidnapped and would be harmed if a ransom was not paid. These offenders obtain information and photos from targets’ social media profiles that enable them to provide fake “proof of life” information on so-called kidnapped persons. The tactic of targeting relatives of individuals smuggled across borders was identified by the FBI (2015) as one of the most common “stories” of virtual kidnappers.
Virtual kidnappings originating in Mexico also targeted doctors (FBI, 2017). Our dataset contained two such virtual kidnapping cases (C40, C48). In both cases, the offenders called the targets, informed them that their daughters were kidnapped by a Mexican cartel,5 threatened to harm them if ransom was not paid,6 and placed a person who sounded like a young girl7 to cry and/or beg for her life on the phone (Borunda 2014). Employing the same M.O. used against U.S.-based doctors, offenders in Mexican prisons targeted U.S. victims (e.g., C2, C21). In those cases, the inmate offenders bribed guards to obtain cell phones (FBI, 2017) or smuggle them into prison to commit virtual kidnappings (USA v. Reyes Zuniga, 2019). While the FBI (2017) reported that most virtual kidnappings committed from Mexico have originated in prisons (FBI, 2017), we observed only a few cases where this connection could be established. Specifically, while offenders in these cases primarily contacted targets using Mexican phone numbers, these calls did not always originate in Mexican prisons. Cases in point are USA v. Yanette Rodriguez Acosta (2017) and USA v. Ismael Brito Ramirez (2018), where offenders contacted at least 39 targets in California, Idaho, and Texas using Mexican phone numbers and demanding wire transfers or money (cash) drops (between USD $13,000 and $15,000) in exchange for family members’ safe release (C1 and C3). These phone numbers were used to trick targets into believing their loved ones were kidnapped.
The targets of virtual kidnappers in Mexico have also changed over the years. Especially after 2016, our dataset shows that offenders operating from Mexico, including Mexican prisons, are no longer targeting only Spanish speakers and/or doctors but also targeting affluent individuals and individuals in affluent U.S. areas. For example, in USA v. Reyes Zuniga (2019), offenders targeted about 29 people in Los Angeles, Orange County, and Santa Barbara County, requesting ransom payments via wire transfers, cash drops, or electronics (i.e., iPhone or iPad). The FBI (2017) similarly reported that virtual kidnappers targeted affluent areas (e.g., Beverly Hills, California). For instance, a case in our dataset involved a Beverly Hills socialite, a possible target of Ismael Brito Ramirez’s group, who was contacted by an offender claiming to have kidnapped her daughter, cut off her finger, and threatening to put the rest of her body in a body bag if her mother did not pay a ransom of USD $4000 (C14). Nevertheless, like studies on traditional forms of kidnappings (e.g., Ochoa, 2012, 2019), our study revealed that virtual kidnapping targets can be from any socio-economic class.
Our cases also revealed other emerging virtual kidnapping trends present in Mexico. Specifically, groups or individuals pretending to be part of criminal groups target hotel guests in Mexico, such as U.S. tourists (C31, C18, C37), nurses in Mexico (C21), athletes visiting Mexico, or individuals crossing the borders (C5, C32). In hotels close to the Mexican border, offenders called targets and convinced them to cross into Mexico and either video call the offender or take a screenshot of themselves in Mexico (Drake, 2020). The offenders would then contact the victims’ U.S. families and use the screenshots/videos to convince them that the victims have been kidnapped (ibid.). In one case (C21), nurses in two Mexican hotels received calls from offenders intimidating and threatening them with kidnapping or violence if they left the hotels (Wallace, 2020). Concurrently, the offenders were contacting the nurses’ families threatening to harm the nurses if a ransom was not paid. Virtual kidnappers also call hotel guests staying at hotels in or close to the Mexican border and tell them that gangs or armed groups/enforcers have surrounded their hotel and that they would be harmed if they do not comply with their demands (e.g., stay at the hotel and do not call anyone). In these cases, it appears that offenders worked with hotel staff to obtain personal information about the guests; this technique was reported by the FBI (2019).
What is interesting about the Mexico trends is that several of the above-mentioned cases were linked to the criminal groups of Yanette Rodriguez Acosta, Ismael Brito Ramirez, and Reyes Zuniga, as well as established cartels and gangs, such as Los Zetas, the Unión Tepito, and the Cártel Jalisco Nueva Generación. Although there are only a handful of prosecutions and it is not always easy/possible to verify the story of the callers, it appears that somewhat more organized criminal structures control virtual kidnappings originating from Mexico.
The Trend Involving Chinese Students/Immigrants.
Offenders who appear to reside in China8 have targeted Chinese communities, especially international Chinese students, in Canada, Australia, New Zealand, and other countries. For example, in Australia, offenders who spoke Mandarin pretended to be Chinese government officials from the consulate, police, or embassy and claimed that the targets are implicated in a crime in China, under investigation, have immigration or visa issues, or have been a victim of identity theft (Bucci, 2020). The offenders ultimately convince the targets to comply with the offenders’ demands to stage a fake kidnapping. The scammers in these cases coerce targets to “kidnap” themselves, take photographs and videos that are designed to convince others of their kidnapping, and send these photos and videos to relatives via smartphone apps (e.g., WeChat or WhatsApp). In 2019 alone, in Australia, about 1,200 of these scams were reported (ibid.) In fact, a common virtual kidnapping scheme targeting Chinese immigrant students is to frighten or coerce targets into a fake staged kidnapping and/or coercing them to isolate (e.g., at hotel or other location identified by offenders) and cut communications with their contacts by threatening legal action, arrest, and/or deportation. This process enables offenders to convince families that their children are kidnapped and to pay the ransom. Meanwhile, the targets that are in hiding are unaware that their families are being contacted as they cannot communicate with them. In New Zealand, offenders coerced and frightened international Chinese students into taking staged photos of themselves to appear kidnapped (i.e., images of them bound and blind-folded) (C17). Similar trends were observed in Canada (C22, C56) and Singapore (C57). Although there are few prosecutions, it appears that this cybercrime is conducted by organized and experienced criminal structures, probably from China.
Operational Methods Identified in Incidents in the USA.
In the USA, initially, offenders were targeting mainly Spanish-speaking families and doctors, but later began targeting individuals in affluent and other areas. Similarly to trends identified in Mexico, our dataset revealed that offenders, mainly targeting U.S. residents, coerce them into paying a ransom in exchange for the safe return of family members or significant others. In most of these cases, a caller contacted the target and a woman could be heard screaming in the background. Like other forms of kidnappings, the targets were predominately instructed to withdraw money from ATMs and/or their banks. This tactic is like that used in express kidnappings (defined by Moor & Remijnse, 2008), where kidnappers force targets to go to ATMs or banks and withdraw money to give to the kidnappers. The difference between express kidnappings and this form of virtual kidnapping is in the type of force used to coerce and compel the target to obtain the ransom, while offenders use physical and verbal force in express kidnappings, in virtual kidnappings verbal force is used—although threats of harm to purported kidnapping victims, targets, and/or other members of the targets’ families are also made. Most of the money transfers in these cases were sent through wire transfer, via online payment system, or via physical cash drop. When payment transfer systems were used, multiple small transactions were requested since large money transfers attract unwanted attention from financial institutions and criminal justice agents.
Finally, we observed an interesting tactic used by virtual kidnappers—the targeting of more than one family member simultaneously; this was also observed in a recent SR-M intelligence report (Drake, 2021). In these cases, the perpetrators called each target (the parent, child, or both spouses) and tricked them into thinking the other person was kidnapped. For example, in one case where a husband and wife were targeted (C47), the offender informed the wife that there was a hit and run car accident, the caller’s child was injured, and the caller had her husband (Blessing, 2016). The caller demanded money for his injured child’s medical expenses. Thinking it was a scam, the wife hung up and tried, unsuccessfully, to call her husband. The caller called her back and threatened to shoot her husband in the head unless a ransom was paid. While on the phone with the wife, the perpetrator also called the husband and briefly merged the calls so they could hear each other. The perpetrator told the husband that his wife was kidnapped and instructed him to stay on the phone until the ransom was paid. The FBI (2015) reported that car accident stories were common in virtual kidnappings.
Limitations
A main limitation of our study is that our sample contains few cases of virtual kidnapping prosecutions. This is a new and understudied research area, so most of our work is exploratory and based on a variety of sources that we triangulated to present a realistic picture of virtual kidnapping trends and strategies. Comparable exploratory approaches, using clearnet searches for court documents, press releases, news reports, and/or other documents, have been used to study other forms of crime (e.g., cyber sextortion, O’Malley & Holt, 2020; “cash-for-crash” insurance fraud, Button et al., 2017; organized crime, Arsovska and Temple, 2016). Also, we focused on cases from English-language jurisdictions since our searches were conducted in English. While we did include some cases from non-English jurisdictions, the materials we used were English-language documents (i.e., court documents, case summaries, or news articles). We also had difficulty finding the court documents of several cases where perpetrators were identified, especially in jurisdictions outside of the U.S.A. where documents are not publicly available or are housed in non-English-language databases.
We encountered challenges in identifying virtual kidnapping cases because the term is not used consistently in case law, government publications, and news sources. The lack of consistent use of the term and the significant breadth and variation in criminal charges across jurisdictions make the identification of these cases extremely difficult. To identify these cases, we had to thoroughly examine court documents, news sources, and other sources to determine whether acts were virtual kidnappings. Owing to a lack of detail in the cases and other sources we reviewed (often due to lack of prosecutions and/or arrests), we also were unable to identify the structure and organization of groups in most incidents.
Ultimately, all these factors influenced the identification of virtual kidnapping cases and the number of cases included in our sample. Our sample is not a representative sample of all virtual kidnapping cases in all countries and our findings are not generalizable. Nevertheless, our study filled an important void in academic literature on virtual kidnappings because it is first of its kind and tackles an understudied area of research.
Conclusion
Virtual kidnapping is and will remain a very profitable, low-risk activity for criminals, particularly in comparison to traditional kidnapping for ransom. However, virtual kidnapping cases are not easily identifiable in case law and other sources. Most sources other than court documents did not have detailed information about the incidents, offenders, and/or victims involved in virtual kidnappings. This made it difficult to understand exactly how groups are organized and operate. In fact, most virtual kidnappings mentioned the word “group” but did not include any identifying information about the group. Nevertheless, by triangulating our sources and looking at a very large body of literature (more than 7,000 newspapers, court files, press releases, government reports, etc.) we managed to identify some observable trends and patterns and some new and emerging trends.
Our cases illustrate that virtual kidnappers often focus on specific regions and on specific persons and/or groups. They use established platforms and tools to communicate and to ensure that ransoms are paid. They use violent threats to ensure that targets comply with demands and their scams are not uncovered until payments are made. While their tactics often vary based on the targets and their geographic location, several commonalities and observable trends were identified in this study. Specifically, our analysis identified important information about the actors who commit virtual kidnappings (particularly lone actors, dyads, and groups), the individuals targeted by this cyber-enabled crime, and the relationships between victims/targets and offenders. It also provided insights into the ways virtual kidnappers commit this cybercrime, particularly their methods of operation. More specifically, based on the analysis of 75 cases/incidents and other supporting documents and official reports, we conclude that virtual kidnappings can be committed in a multitude of ways with respect to the targets (e.g., parents, children, international students, elderly people, nurses, and hotel guests); tools used (i.e., financial and communications platforms); size and structure (e.g., whether this crime is committed individually, with another actor, or as a part of a group); ties to transnational organized crime; gender and nationality of actors; roles of members of any identified groups; areas of operation; and the actors’ and groups’ specific tactics and modus operandi.
Our study seeks to shed light on virtual kidnappings and inspire future research in this highly understudied area. We believe our research provides academics, researchers, criminal justice agents, and other concerned actors with useful information about virtual kidnappings, as well as the tactics, targets, areas of operation, and methods of operation of virtual kidnappers active in various parts of the world.
Acknowledgements
We would like to thank our research assistant, Lori Kanina. We would also like to thank Conor O'Reilly for his comments on a previous draft of our paper.
Funding
Funding for this work was provided by a Faculty Scholarship grant from the Office for the Advancement of Research at John Jay College.
Data Availability
Not applicable.
Declarations
Conflict of interest
On behalf of all authors, the corresponding author states that there is no conflict of interest.
Footnotes
To incentivize third parties to pay the ransom, the target is often released after the payment is made.
A cyber organized crime is a cybercrime that involves an organized criminal group or participation in an organized criminal group (UNODC, 2021). An organized criminal group is defined as “a structured group of three or more persons, existing for a period of time and acting in concert with the aim of committing one or more serious crimes or offenses established in accordance with this Convention, in order to obtain, directly or indirectly, a financial or other material benefit” (Article 2(a), United Nations Convention against Transnational Organized Crime).
These cases involved a lone actor, dyad, or group.
It is possible that the adult or child heard screaming or pleading is a recording. Recordings may even include the real voice of the alleged kidnapped person, either provided by that person and/or created by artificial intelligence.
In C40, Los Zetas is mentioned.
In C40, threatened to send his daughter’s head to him in a bag if ransom was not paid.
May have been a child or adult. This was not confirmed.
The exact origin of the offenders is not always obvious in most cases.
Contributor Information
Marie-Helen Maras, Email: mmaras@jjay.cuny.edu.
Jana Arsovska, Email: jarsovska@jjay.cuny.edu.
References
- ABC 27. (2021). Don’t waste your money: Kidnapping scam calls, 26 February, 2021. From https://www.abc27.com/news/consumer/dont-waste-your-money/dont-waste-your-money-kidnapping-scam-calls/.
- Arsovska J, Temple M. Organizational learning, adaptation, and rationality: The expansion of Albanian organized crime in New York City. Crime, Law and Social Change. 2016;66(1):1–20. doi: 10.1007/s10611-016-9612-z. [DOI] [Google Scholar]
- Australian Competition and Consumer Commission. (2021). Targeting scams: Report of the ACCC on scams activity 2020. https://www.accc.gov.au/system/files/Targeting%20scams%20-%20report%20of%20the%20ACCC%20on%20scams%20activity%202020%20v2.pdf
- Beals, M., DeLiema, M. and Deevy, M. (2015). Framework for a Taxonomy of Fraud. Stanford Center on Longevity.
- Binkley, C. (2016). Schools warn of ‘virtual kidnapping’ scam targeting parents. Associated Press. 7 October, 2016. From https://apnews.com/article/473c670cc1424a2e83b744a28aee3415.
- Blessing, K. (2016). Scam artist faked kidnapping, threatened to murder Salem family. Eagle Tribune. 24 August, 2016. From https://www.eagletribune.com/news/new_hampshire/scam-artist-faked-kidnapping-threatened-to-murder-salem-family/article_839f150a-65ff-5de8-b9f6-874e452c5266.html
- Borunda, D. (2014). ‘Virtual kidnapping’ scam targets El Paso doctors. El Paso Times, August 2, 2014.
- Briggs R. The kidnapping business. The Foreign Policy Centre Diplomatic Forum; 2001. [Google Scholar]
- Broadhurst R, Grabosky P, Alazab M, Chon S. Organizations and cybercrime: An analysis of the nature of groups engaged in cybercrime. International Journal of Cyber Criminology. 2014;8(1):1–20. [Google Scholar]
- Bucci, N. (2020). Bizarre virtual kidnapping in Australia highlights risk to Chinese students. The Guardian. 25 September, 2020. From https://www.theguardian.com/australia-news/2020/sep/26/bizarre-virtual-kidnapping-in-australia-highlights-risk-to-chinese-students
- Button M, Brooks G, Lewis C, Aleem A. Just about everybody doing the business? Explaining ‘cash-for-crash’ insurance fraud in the United Kingdom. Australian & New Zealand Journal of Criminology. 2017;50(2):176–194. doi: 10.1177/0004865816638910. [DOI] [Google Scholar]
- Button M, Cross C. Cyber frauds, scams and their victims. Routledge; 2017. [Google Scholar]
- Carter E. Distort, extort, deceive and exploit: Exploring the inner workings of a romance fraud. The British Journal of Criminology. 2021;61(2):283–302. doi: 10.1093/bjc/azaa072. [DOI] [Google Scholar]
- Constellis (2022). Kidnap Ransom Insight. Global Summary. https://www.constellis.com/wp-content/uploads/2022/05/1357029_AprilKRReport_050422-editd.pdf
- Cross C, Kelly M. The problem of “white noise”: Examining current prevention approaches to online fraud. Journal of Financial Crime. 2016;23(4):806–828. doi: 10.1108/JFC-12-2015-0069. [DOI] [Google Scholar]
- Cross C, Richards K, Smith R. Improving the response to online fraud victims: An examination of reporting and support. Australian Institute of Criminology; 2016. [Google Scholar]
- Cunningham, T. (2022). ‘I want her safe’: Aurora family falls victim to virtual kidnapping scam. Fox 31 Denver. 17 January, 2022. From https://kdvr.com/news/local/i-want-her-safe-aurora-family-falls-victim-to-virtual-kidnapping-scam/.
- Drake, E. (2020). Staying in: Virtual kidnappings in Mexican hotels. S-RM intelligence and risk consulting. https://insights.s-rminform.com/virtual-kidnappings-in-mexican-hotels.
- Drake, E. (2021). Disappearing act: Virtual kidnapping in North America. S-RM intelligence and risk consulting. https://insights.s-rminform.com/virtual-kidnappings-in-north-america.
- FBI. (2014). Virtual kidnapping: U.S. citizens threatened by Mexican Extortion scheme. https://www.fbi.gov/news/stories/us-citizens-threatened-by-mexican-virtual-kidnapping-scheme.
- FBI. (2015). Virtual kidnapping scam on the rise in New York city. https://www.fbi.gov/contact-us/field-offices/newyork/news/press-releases/virtual-kidnapping-scam-on-the-rise-in-new-york-city.
- FBI. (2017). Virtual kidnapping: A new twist on a frightening scam. https://www.fbi.gov/news/stories/virtual-kidnapping
- FBI. (2019). Law enforcement partners warn of new twist in virtual kidnapping scams. https://www.fbi.gov/contact-us/field-offices/phoenix/news/press-releases/fbi-law-enforcement-partners-warn-of-new-twist-in-virtual-kidnapping-scams.
- FBI. (2020). FBI warns public of ‘virtual kidnapping’ extortion calls. https://www.fbi.gov/contact-us/field-offices/phoenix/news/press-releases/fbi-warns-public-of-virtual-kidnapping-extortion-calls.
- FBI. (2022). FBI Chicago warns public about virtual kidnapping scams. https://www.fbi.gov/contact-us/field-offices/chicago/news/press-releases/fbi-chicago-warns-public-about-virtual-kidnapping-scams
- Healy, J. (2022). Why I hung up on the person who said he kidnapped my child. Los Angeles Times. 7 December, 2022. From https://www.latimes.com/business/story/2022-12-07/how-to-respond-to-relative-in-trouble-scams.
- Hurtibise, R. (2020). ‘Horrific’ kidnap scam leaves South Florida mom shaken. South Florida Sun Sentinel. 21 August, 2020. From https://www.sun-sentinel.com/business/fl-bz-horrific-kidnap-scam-shakes-lighthouse-point-victim-20200821-jhmggptcvvclzjgrvyjbgrxtiy-story.html.
- IC3. (2020). Internet Crime Report 2020. https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf.
- Joshi, S. (2020). Boom in Cryptocurrency Marks the Return of Bitcoin Kidnappings in India. Vice. 22 December, 2020. From https://www.vice.com/en/article/akdjyg/boom-in-cryptocurrency-marks-the-return-of-bitcoin-kidnappings-in-india
- Korhonen, M. (2022). A Look Ahead: Kidnapping 2022. SR-M report. https://insights.s-rminform.com/a-look-ahead-kidnapping-in-2022.
- Leutert, S. (2021). Migrant Kidnapping in Nuevo Laredo During MPP and Title 42. Strauss Center for International Security and Law and Vecina. https://www.strausscenter.org/wp-content/uploads/Migrant-Kidnappings-in-Nuevo-Laredo-.pdf.
- Maras M-H. Cybercriminology. Oxford University Press; 2017. [Google Scholar]
- Moor M, Remijnse S. Kidnapping is a booming business. IKV PAX Christi; 2008. [Google Scholar]
- National Crime Research Centre. (2017). Emerging Crimes: The Case of Kidnappings in Kenya (Nairobi, Kenya). http://crimeresearch.go.ke/wp-content/uploads/2019/07/Kidnappings-in-Kenya-Report.-2.pdf.
- Observatorio Nacional Ciudadano (ONC) de Seguridad, Justicia y Legalidad. (2014). Análisis de la extorsión en México 1997–2013 Retos y oportunidades. https://onc.org.mx/public/rednacionaldeobservatorios/public/onc_site/uploads/interioresextorsionfebrero.pdf
- O’Leary, T. (2019). The Trend of Virtual Kidnapping. The State Times. 5 April, 2019. From https://thestatetimes.com/2019/04/05/the-trend-of-virtual-kidnapping/.
- O’Malley RL, Holt KM. Cyber sextortion: An exploratory analysis of different perpetrators engaging in a similar crime. Journal of Interpersonal Violence. 2020;37(1–2):258–283. doi: 10.1177/0886260520909186. [DOI] [PubMed] [Google Scholar]
- Ochoa R. Not just the rich: New tendencies in kidnapping in Mexico City. Global Crime. 2012;13(1):1–21. doi: 10.1080/17440572.2011.632499. [DOI] [Google Scholar]
- Ochoa R. Intimate crimes: Kidnappings, gangs and trust in Mexico City. Oxford University Press; 2019. [Google Scholar]
- Office of the U.S. Attorney, Northern District of West Virginia. (2009). Two Grafton Residents Indicted on Charges Related to Extortion and Wire Fraud. U.S. Department of Justice. https://www.justice.gov/archive/usao/wvn/news/2009/july/zuspan-trickett.html.
- Pires SF, Guerette RT. Ransom kidnapping: A global concern. In: Natarajan M, editor. International and transnational crime and justice. 2. Cambridge University Press; 2019. [Google Scholar]
- Pires SF, Guerette RT, Stubbert CH. The crime triangle of kidnapping for ransom incidents in Colombia, South America: A ‘litmus’ test for situational crime prevention. British Journal of Criminology. 2014;54:784–808. doi: 10.1093/bjc/azu044. [DOI] [Google Scholar]
- Queally, J. (2017). ‘Virtual kidnap’ scams extort ransom; officials tell public to beware of bogus calls, which have targeted hundreds of fearful Southland residents. The Los Angeles Times. 26 July, 2017. From https://www.proquest.com/docview/1923184181?parentSessionId=quKH6JAeMNZWjcXDd3spnlipEGwPrfNNHhTFh0V5vLA%3D&pq-origsite=primo&accountid=11724.
- Runevitch, J. (2021). Police, victim warn of ‘virtual hostage’ phone scam. WTHR. 1 November, 2021. From https://www.wthr.com/article/news/crime/johnson-county-woman-phone-scam-threat/531-f025e02f-563b-4b9f-adaf-3902290d40f9
- Shamsian, J. (2019). Phone scammers are pretending to kidnap rich people’s kids and trying to get them to pay ransoms. Pulse. 20 March, 2019. From https://www.pulse.ng/bi/lifestyle/phone-scammers-are-pretending-to-kidnap-rich-peoples-kids-and-trying-to-get-them-to/3nj5k5k.
- Shortland A. Kidnap: Inside the ransom business. Oxford University Press; 2019. [Google Scholar]
- Skiba, K. (2019). Virtual kidnapping for ransom is on the rise. AARP. 28 November, 2019. From https://www.aarp.org/money/scams-fraud/info-2019/virtual-kidnapping.html.
- Sutcliffe, R. (2006). Blackmailer jailed for kidnap scam. Yorkshire Post, August 5, 2006. Lexis Uni. Juicio 38/2020 (Mexico).
- Tzaneli R. Capitalizing on value: Towards a sociological understanding of kidnapping. Sociology. 2006;40(5):929–947. doi: 10.1177/0038038506067516. [DOI] [Google Scholar]
- UNODC. (2012). Transnational organized crime in Central America and the caribbean: A threat assessment. https://www.unodc.org/documents/data-and-analysis/Studies/TOC_Central_America_and_the_Caribbean_english.pdf
- UNODC. (2021). Digest of cyber organized crime. https://www.unodc.org/documents/organized-crime/tools_and_publications/21-05344_eBook.pdf.
- USA v. Ruth Graciela Rayzoga, Maria del Carmen Pulido Contreras, Adrian Jovan Rocha, Jonathan Roch, Indictment 13CRM3984 JM (U.S. Southern District of California, 2013).
- USA v. Yanette Rodriguez Acosta, Indictment CR No. 17CR437 (U.S. Southern District of Texas, 2017).
- USA v. Ismael Brito Ramirez (U.S. Southern District of Texas 2018).
- USA v. Reyes Zuniga, Indictment CR No. 19 CR00519-RGK (U.S. Central District of California, 2019).
- Valdés, V. M. S., Aguirre, M. P., & González, J. V. (2018). Formación y desarrollo de los colectivos de búsqueda de personas desaparecidas en Coahuila: lecciones para el futuro. El Colegio de México: Seminario sobre Violencia y paz.
- Wall D. Transnational Cybercrime Extortion Landscape and the Pandemic: Changes in ransomware offender tactics, attack scalability and the organisation of offending. European Law Enforcement Research Bulletin. 2022;5:45–60. [Google Scholar]
- Wallace, D. (2020). Mexican nurses on coronavirus front lines targeted in 'virtual kidnapping,' extortion plot: officials. Fox News. 21 May, 2020. From https://www.foxnews.com/world/mexico-14-healthcare-workers-nurses-virtual-kidnappin-extortion-coronavirus.
- Whitty M. The scammers persuasive techniques model: Development of a stage model to explain the online dating romance scam. British Journal of Criminology. 2013;53(4):665–884. doi: 10.1093/bjc/azt009. [DOI] [Google Scholar]
- Wilson, M. (2018). Kidnapping phone scam targeting parents could cost victims thousands, police. KIRO-7. 16 June, 2018. From https://www.kiro7.com/news/local/police-warn-of-kidnapping-scam-targeting-parents-in-washington-state/770662960/.
- Yates C, Leutert S. A gender perspective of migrant kidnapping in Mexico. Victims & Offenders. 2020;3:295–312. doi: 10.1080/15564886.2019.1685040. [DOI] [Google Scholar]
Associated Data
This section collects any data citations, data availability statements, or supplementary materials included in this article.
Data Availability Statement
Not applicable.