The one thing scammers check before targeting you online

Most people assume scammers need to hack something. A database. A password. A bank system. They don’t.

In most cases, everything a scammer needs to target you is already sitting online, publicly available, completely legal to access, and surprisingly easy to find.

Here’s what they’re actually looking at before they ever pick up the phone.

Your personal profile is already out there and it’s more complete than you think

There’s an entire industry built around collecting and selling your personal information. It’s called data brokering, and most people have never heard of it.

Right now, without your knowledge or consent, your details are being published by dozens of websites, including:

• People search sites (like Whitepages, Spokeo, and BeenVerified): your full name, current address, phone numbers, and age.
• Address lookup tools: your current and past home addresses, sometimes going back decades.
• Relatives databases: the names and contact information of your family members, automatically linked to your profile.
• Property records: whether you own your home, what it’s worth, and when you bought it.

None of this requires a hack. It’s all pulled from public records, voter registrations, court filings, real estate transactions, marriage and divorce records and assembled into a profile that anyone can search for a few dollars or sometimes for free.

They’re not guessing. They’re researching.

In 2024, federal prosecutors indicted a network of scam call centers operating out of Montreal that had defrauded hundreds of elderly Americans out of more than $21 million. What made the scheme so effective wasn’t sophisticated technology. It was a spreadsheet.

The scammers were working from lists of potential victims that included names, ages, and household income information pulled from commercial databases. They used those lists to identify targets, then called them pretending to be grandchildren in trouble. The calls were convincing enough that victims handed over thousands of dollars, sometimes in cash picked up at the door.

They didn’t hack anyone. They just did their research first.

Three ways scammers turn your public data into a weapon

Scammers use your publicly available data to make their attacks more personal, believable and harder to detect. Here are three ways they do it.

1) Impersonating your bank

A scammer calls and says, “Hi, this is fraud prevention at [your bank]. We’re seeing suspicious activity on your account ending in 4721.”

They already know your bank, your name, and possibly your address. That’s enough to sound legitimate. From there, they walk you through “confirming your identity,” which is really just you handing over the information they need to access your account.

This kind of scam starts with a simple people-search lookup. Your name and address lead to property records. Property records suggest your income range.

2) The family emergency call

Imagine getting a call: “Meemaw, it’s me. I’m in trouble. Please don’t tell Mom.” Scammers don’t guess. Instead, they research your family first. They use relatives’ databases to find your children’s names, ages and connections.

With that information, they build a story that sounds real. For example, they know to call you “Meemaw.” They also know which grandchild to impersonate. In some cases, they even mention a sibling’s name to make the story more convincing.

As a result, the call feels personal and urgent. However, none of it is random. It’s all based on information that was publicly available the entire time.

3) Targeted phishing with your own details

A phishing email that says “Dear Customer” is easy to ignore. One that says “Dear [your full name], we noticed unusual activity on your account registered to [your home address]” is a lot harder to dismiss.

Scammers use publicly available data to personalize attacks, adding your real name, city, or even a reference to your neighborhood to make a fake email or text look authentic. The more specific the details, the more likely you are to believe it.

“But I’m not on social media.” This is the most common objection, and it misses the point entirely.

You don’t have to be on social media for your information to be online. Data brokers pull from public records, not your Facebook profile. Your information is likely already listed on dozens of sites because of:

• Your home purchase
• Voter registration records
• Court or property tax filings.

The less they think they’ve shared, the more surprised people usually are when they search for themselves on a people-search site for the first time.

How to reduce your exposure

You don’t have to accept this as permanent. A few practical steps can help:

• Search your full name on Whitepages, Spokeo, FastPeopleSearch, and other people-search sites and submit opt-out requests.
• Look up your address directly, not just your name, since many listings are organized by location.
• Ask elderly family members to search for themselves, too, since older adults are disproportionately targeted.
• Be skeptical of any call that opens with personal details, as it can be a sign that someone researched you first.

How to remove your personal data and stop scammers from finding you

The challenge is that there are hundreds of data broker sites, each with its own removal process. Manually opting out of all of them can take hours, and your information often reappears weeks later when brokers refresh their databases.

That’s why ongoing automated removal is the only approach that actually works. That’s why I recommend Incogni.

Incogni automatically contacts data brokers on your behalf and requests the removal of your personal information. It also continues monitoring those sites and submits new removal requests if your data reappears.

Incogni currently removes personal data from 420+ data broker and people-search websites, and their Unlimited plan allows you to request removals from as many additional sites as you need.

Incogni has also received third-party assurance from Deloitte, validating its marketing claims.

The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.

CyberGuy Exclusive: 60% OFF

CyberGuy readers get 60% off Incogni’s annual plans using the links in this article.

The service also includes a 30-day, money-back guarantee, so you can try it risk-free and see how much of your information is exposed online.

 

You can also run a free exposure scan to see where your personal information is appearing online. Results typically arrive by email within an hour.

Related Links: 

• Remove your data to protect your retirement from scammers
• Why widows and divorced women are targets for retirement scams
• Scams that aren’t illegal (but should be)

Kurt’s key takeaways

Most scams don’t start with a breach. They start with a search. Your name, address, relatives and even income clues are already out there, quietly fueling more convincing and more dangerous attacks. That’s what makes this so unsettling. You can do everything “right” online and still be exposed because the system itself is built to share your information. The good news is you’re not powerless. Once you understand how scammers build their playbook, you can start disrupting it. Removing your data, limiting exposure and staying skeptical of anyone who knows a little too much about you can dramatically reduce your risk. The goal isn’t to disappear completely. It’s to make yourself a much harder target.

What should be done to stop scammers from using your publicly available data against you in the first place? Let us know in the comments below. 

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

We created this article in partnership with Incogni

Copyright 2026 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.