Swatting is the most visible failure mode of address weaponization. It is not the only one. Five categories of harm flow from an exposed home address. The casebook documents one. This is the rest.
Scope and method. Survey of documented address-weaponization mechanisms drawn from federal charging documents, state prosecutions, civil litigation, academic study (notably David S. Morrison's Code Harassment Needs a Texas-Sized Solution), and reporting through 2026. Each category is anchored to named cases with verifiable public sources. Confidence: B2 — Usually reliable, probably true. Refuge documented a 205 percent increase in tech-facilitated abuse referrals between 2018 and 2024, with an additional 62 percent surge between 2024 and 2025. The taxonomy below is a snapshot of an accelerating landscape.
The Central Finding
An exposed address is a delivery target. The only variable is what gets sent.
Every address-weaponization vector follows the same logical step. A perpetrator obtains the home address. The perpetrator then converts that address into a delivery destination for some kind of harm. The harm comes via a proxy: a commercial system, a government agency, a recruited stranger, or an algorithmic infrastructure.
Swatting is the version where the proxy is armed police. The other four versions are less photogenic but no less real. The same address-data exposure that produces a 911 hoax can produce eleven cars of pizza, a hostile inspection from animal control, a forged deed in a county registry, or an AI chatbot endlessly volunteering a private number to strangers.
Read together, the categories form a map. The casebook documents one cell of that map in depth. The rest of this page sketches the other four.
Harassment, economic damage to local merchants, mail-stream pollution
Commercial supply chains are induced to flood the address with unsolicited shipments. The address becomes a doorstep DDoS target. The damage compounds beyond the named victim: small restaurants absorb the cost of unclaimed cash-on-delivery orders, postal carriers process pornographic publications in the victim's name, and the victim's standing with neighbors and family is corroded by what arrives.
Flagship Cases
Jonathan Mark MillerTampa, FL · 2025
Sentenced to 22.8 months in Florida State Prison after coordinated COD pizza-delivery campaign against two Hillsborough County judges overseeing his active legal matters. Two concurrent counts of Fraudulent Use of Personal Information under Florida Statute § 817.568(2). Additional warrants in Pasco County totaling $160,000 in active bonds, including a False Report of Child Abuse charge.
Ling Chan / FINRANew York, NY
Former employee registered HR manager John Braut for numerous pornographic magazine subscriptions and unwanted website signups, paired with threatening posts across digital platforms. FINRA pursued legal action against Chan for the coordinated postal harassment.
eBay Executives v. SteinerNatick, MA · 2019
eBay executives orchestrated a cyberstalking campaign against Ina and David Steiner, publishers of the EcommerceBytes newsletter. The campaign included sending live spiders, a pig fetus, a Halloween pig mask, and explicit pornographic magazine subscriptions delivered to the Steiners' neighbors' homes under the Steiners' names. eBay paid a $3 million criminal penalty.
U.S. OIG v. Poopsenders.comWestern District PA · 2021
Federal Office of Inspector General filed in federal court to enforce a subpoena against the operator of a service that ships anonymous parcels of fake animal feces. The trigger was a harassment campaign against a postal supervisor in Grant, Michigan. Demonstrates federal willingness to pursue the platforms that intermediate physical harassment.
Also includes: Predatory door-to-door magazine sales networks (Chapel Sales, Sunshine Subscription Agency, Points Across America) that recruit out-of-state salespeople with prior convictions, producing documented patterns of burglary and sexual assault after forced home entry.
Sexual assault, trespass, theft of personal property, sustained confrontation
Online ads recruit third parties to physically arrive at the address under false pretenses. The perpetrator never appears in person. The third party arrives expecting one thing and finds something else, or arrives intending to commit a crime they were directly recruited for. The architecture insulates the perpetrator from prosecution under most traditional statutes.
Flagship Cases
Jebidiah Stipe » Ty Oliver McDowellWyoming · 2010
Stipe created a Craigslist ad posing as his ex-girlfriend, publishing her address and soliciting an aggressive stranger to force entry and act out a fabricated "rape fantasy." McDowell responded and raped the victim at knifepoint. The case exposed that recruiting another to commit sexual assault was not covered by legacy criminal statutes; later reforms followed.
Ian DiazFederal · 2023 conviction
Deputy U.S. Marshal convicted in March 2023 of orchestrating fake Craigslist ads to frame his ex-fiancée. Diaz and his then-wife posted ads luring men to their condo for "rape fantasies," then called local police to falsely accuse the ex-fiancée of stalking when the men arrived. Both prongs of the scheme weaponized the address: as honeypot and as fabricated crime scene.
Prince George's County, MD caseMaryland
Defendant posted dozens of social media ads posing as his ex-wife, publishing her address and photos, and soliciting extreme violence. Catalyzed 2014 Maryland reform sponsored by Sen. Brian Frosh and Del. Kathleen Dumais establishing a distinct 20-year felony for using technology to solicit sexual assault.
Also includes: Scavenger Craigslist scams (fraudulent free-item posts directing strangers to remove things from the victim's yard); phantom rental listings (fake low-priced rentals that drive desperate prospective tenants to walk the victim's property looking through windows and knocking on doors); fake job-interview lure posts that direct applicants to a private residence.
iii
Institutional summoning
Proxy
Police, SWAT, code enforcement officers, animal control, CPS, fire marshals
False reports induce government agencies to inspect, intervene, or escalate at the address. The harasser is technically interacting with the agency, not the victim, which complicates traditional harassment claims. Anonymous reporting channels remove the disincentive. The agency cannot refuse to investigate.
Flagship Patterns
Swatting46 documented cases · 2011 to 2025
Fabricated 911 calls drawing tactical police response. The most-studied variant of this category. Andrew Finch (Wichita, 2017) and Mark Herring (Bethpage, TN, 2020) died during the response.
Code-enforcement harassmentDocumented in Texas A&M Law Review
Morrison's Code Harassment Needs a Texas-Sized Solution documents systematic exploitation of municipal code-compliance departments. Perpetrators submit large volumes of anonymous, exaggerated, or fabricated complaints regarding building, zoning, animal-control, or property-maintenance violations. Code officers are legally obligated to investigate. The Texas Citizens Participation Act has been weaponized as a legal shield for harassers when victims attempt civil action.
Coordinated venue-closure campaignsToronto, Baltimore, Fort Worth, Nashville
Anonymous online groups organized via 4chan have launched targeted campaigns to flood municipal building-safety and fire-code channels with reports against independent DIY music and gathering spaces. Weaponizes life-safety regulations to force venue closure.
False CPS and animal-control reportsDistributed pattern
Less prosecuted but widely reported. Anonymous tips trigger child-welfare investigations or animal seizures at the named address. Defensive infrastructure is essentially nonexistent for residents.
Swatting is documented in depth in the Casebook. 46 cases with full incident detail, exposure pathway analysis, and source attribution.
iv
Identity-on-address fraud
Proxy
County recorders, USPS, utility billing systems, title insurers
The address itself becomes the fraud target. The perpetrator does not show up at the door. The address gets converted into a financial instrument, a mail-stream interception point, or a billing channel. Senior citizens with paid-off homes are statistically the heaviest-targeted demographic for the deed-theft variant; victims often discover the fraud only when foreclosure notices arrive on loans they never took.
Flagship Patterns
Deed fraud / title theftNational pattern
Criminal fabricates real estate transfer instruments (typically quitclaim deeds), forges the owner's signature, and records the fraudulent deed in county land records. The property can then be sold to an innocent third party or used as collateral for high-value loans. California prosecutes under Penal Code §§ 115 and 532f. New York provides 90 days of housing-court protection under RPAPL § 756-A.
Fraudulent COA submission reroutes a victim's mail to the perpetrator's drop, intercepting bank statements, IRS notices, replacement credit cards, and identity documents. USPS implemented multifactor verification (billing-address match, Move Validation Letter, $1.25 verification fee) in late 2023 to mitigate. The fraud remains active where the perpetrator can satisfy verification.
Fraudster contacts the victim via spoofed phone number referencing the physical address and claims that gas, water, or electricity is scheduled for immediate disconnection unless payment is made via cryptocurrency, Zelle, Venmo, or gift cards. Federal regulations prohibit legitimate utility providers from operating this way, but the vector continues to produce victims in regions hit by major weather events.
Defensive infrastructure: Real Estate Privacy Trusts (REPTs); LLCs with registered-agent addresses; county-recorder fraud alerts (now offered free in most jurisdictions); ALTA 49 and 49.1 owner's-title-insurance endorsements covering post-policy seller impersonation; quiet-title actions; lis pendens filings to freeze fraudulent transfers.
v
Algorithmic exposure
Proxy
Conversational AI systems, review platforms, search engines, business-profile services
Emerging category. Digital infrastructure unintentionally amplifies or maliciously redirects attention to the address. Sometimes the system itself is the proxy: an AI chatbot volunteers a private address in response to ordinary queries. Sometimes the platform is hijacked: a business owner replies to a negative Google review by publishing the reviewer's home address. The address ends up in front of audiences the victim never consented to.
Flagship Patterns
Generative-AI phone-number doxxingGoogle Gemini · MIT Tech Review, May 2026
Gemini repeatedly volunteered a software developer's personal phone number to users searching for local business customer-service lines. The Israeli software engineer (Barak Abraham, with parallel cases reported by a Reddit user and a University of Washington PhD candidate identifying a colleague) experienced sustained harassment from strangers. Subsequent testing by MIT Technology Review and Gizmodo confirmed ChatGPT exposing real phone numbers and outdated addresses pulled from older public records. Claude, Grok, and Perplexity declined when tested. Scammers can also exploit the pattern by planting fake customer-service numbers online for chatbot ingestion.
Google Business Profile retaliationDocumented pattern
Business owners reply to honest negative reviews by publishing the reviewer's full home address paired with explicit physical threats. The reply is visible to anyone viewing the business profile. Standard automated moderation often fails to catch the doxx; resolution typically requires escalation through Google's Personal Information Removal channel paired with a filed police report.
Trajectory: The category is the youngest in the taxonomy and the fastest-growing. As more LLMs ingest more web data and as more services run on AI-generated outputs, the surface area for address leakage increases mechanically. No current legal framework specifically addresses AI-disclosed private information; the closest available remedies operate through general privacy torts (public disclosure of private facts under Restatement (Second) of Torts § 652D, intrusion upon seclusion) and state-level civil anti-doxxing statutes where they exist.
Reference
The taxonomy at a glance.
Category
Proxy
Sample Case
Documented Recourse
Forced delivery
Pizza drivers, USPS, parcel services
Miller (Tampa judges, 2025) eBay v. Steiner ($3M penalty)
FL Stat § 817.568(2); TX Penal § 22.11; NY Penal Article 240; deceptive-solicitation civil claims
Recruited intrusion
Strangers responding to fraudulent ads
Stipe » McDowell (Wyoming, 2010) Ian Diaz (federal, 2023)
State technology-facilitated-sexual-assault statutes (MD 2014 reform); cyberstalking statutes
Institutional summoning
Police, code officers, CPS, animal control
46 swatting cases (see Casebook) Morrison code-harassment study
Federal swatting bills; § 1983 civil rights actions; municipal anti-anonymous-reporting reforms
Identity-on-address fraud
County recorders, USPS, utility billing
USPS COA fraud (Title 18) National deed-theft pattern
CA Penal §§ 115, 532f; NY RPAPL § 756-A; quiet-title actions; ALTA 49/49.1 endorsements
Algorithmic exposure
AI chatbots, review platforms, search engines
Gemini developer doxxing Google Business retaliation
General privacy torts; OR ORS § 30.835(2); platform-specific removal channels
What this means
One precondition. Five outcomes.
The taxonomy makes a single mechanical claim. The address-exposure precondition is shared across every category. Once a home address is findable, the perpetrator selects a proxy: a delivery service, a stranger, an agency, a fraud channel, an AI. The selection is downstream of the exposure.
That makes the leverage point identifiable. Hoax narratives are infinitely composable. Proxy systems cannot be shut down without breaking ordinary commerce. Officer training cannot eliminate armed response to a credible emergency call. Address-exposure prevention is the only point in the chain where structural intervention reduces harm across all five categories simultaneously.
This is what ObscureIQ's Digital Executive Protection practice exists to do. The casebook is the empirical case. The taxonomy above is the structural case. They argue the same conclusion from different evidence.
