Fox News Flash top headlines are here. Check out what's clicking on FoxNews.com.

Most people assume scammers need to hack something. A database. A password. A bank system. They don't.

In most cases, everything a scammer needs to target you is already sitting online, publicly available, completely legal to access, and surprisingly easy to find.

Here's what they're actually looking at before they ever pick up the phone.

Sign up for my FREE CyberGuy Report

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Data broker listings often include sensitive details like your address, phone number and relatives, making removal a critical first step. (Kurt "CyberGuy" Knutsson)

There's an entire industry built around collecting and selling your personal information. It's called data brokering, and most people have never heard of it.

Right now, without your knowledge or consent, your details are being published by dozens of websites, including:

None of this requires a hack. It's all pulled from public records, voter registrations, court filings, real estate transactions, marriage and divorce records and assembled into a profile that anyone can search for a few dollars or sometimes for free.

In 2024, federal prosecutors indicted a network of scam call centers operating out of Montreal that had defrauded hundreds of elderly Americans out of more than $21 million. What made the scheme so effective wasn't sophisticated technology. It was a spreadsheet.

The scammers were working from lists of potential victims that included names, ages, and household income information pulled from commercial databases. They used those lists to identify targets, then called them pretending to be grandchildren in trouble. The calls were convincing enough that victims handed over thousands of dollars, sometimes in cash picked up at the door.

They didn't hack anyone. They just did their research first.

WHY WIDOWS AND DIVORCED WOMEN ARE TARGETS FOR RETIREMENT SCAMS

A call that sounds personal or urgent often relies on real information found about you online. (Kurt "CyberGuy" Knutsson)

Scammers use your publicly available data to make their attacks more personal, believable and harder to detect. Here are three ways they do it.

A scammer calls and says, "Hi, this is fraud prevention at [your bank]. We're seeing suspicious activity on your account ending in 4721."

They already know your bank, your name, and possibly your address. That's enough to sound legitimate. From there, they walk you through "confirming your identity," which is really just you handing over the information they need to access your account.

This kind of scam starts with a simple people-search lookup. Your name and address lead to property records. Property records suggest your income range.

Imagine getting a call: "Meemaw, it's me. I'm in trouble. Please don't tell Mom." Scammers don't guess. Instead, they research your family first. They use relatives' databases to find your children's names, ages and connections.

With that information, they build a story that sounds real. For example, they know to call you "Meemaw." They also know which grandchild to impersonate. In some cases, they even mention a sibling's name to make the story more convincing.

As a result, the call feels personal and urgent. However, none of it is random. It's all based on information that was publicly available the entire time.

A phishing email that says "Dear Customer" is easy to ignore. One that says "Dear [your full name], we noticed unusual activity on your account registered to [your home address]" is a lot harder to dismiss.

Scammers use publicly available data to personalize attacks, adding your real name, city, or even a reference to your neighborhood to make a fake email or text look authentic. The more specific the details, the more likely you are to believe it.

"But I'm not on social media." This is the most common objection, and it misses the point entirely.

You don't have to be on social media for your information to be online. Data brokers pull from public records, not your Facebook profile. Your information is likely already listed on dozens of sites because of:

The less they think they've shared, the more surprised people usually are when they search for themselves on a people-search site for the first time.

DATA BROKERS ACCUSED OF HIDING OPT-OUT PAGES FROM GOOGLE

The more details a scam includes, the more likely it is built from your publicly available data. (Kurt "CyberGuy" Knutsson)

You don't have to accept this as permanent. A few practical steps can help:

The challenge is that there are hundreds of data broker sites, each with its own removal process. Manually opting out of all of them can take hours, and your information often reappears weeks later when brokers refresh their databases.

That's why ongoing automated removal is the only approach that actually works. That's why I recommend using a trusted data removal service.

These services automatically contact data brokers on your behalf and request the removal of your personal information. They also continue monitoring those sites and submit new removal requests if your data reappears.

Many services remove personal data from hundreds of data broker and people-search websites, and some plans allow you to request removals from additional sites as needed.

Some have also received third-party assurance from independent firms, helping validate their claims.

The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.

These services often include a money-back guarantee, so you can try them risk-free and see how much of your information is exposed online.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

Most scams don't start with a breach. They start with a search. Your name, address, relatives and even income clues are already out there, quietly fueling more convincing and more dangerous attacks. That's what makes this so unsettling. You can do everything "right" online and still be exposed because the system itself is built to share your information. The good news is you're not powerless. Once you understand how scammers build their playbook, you can start disrupting it. Removing your data, limiting exposure and staying skeptical of anyone who knows a little too much about you can dramatically reduce your risk. The goal isn't to disappear completely. It's to make yourself a much harder target.

What should be done to stop scammers from using your publicly available data against you in the first place? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report

Copyright 2026 CyberGuy.com. All rights reserved.

Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Get a daily look at what’s developing in science and technology throughout the world.

Subscribed

You've successfully subscribed to this newsletter!