TLDR
Data brokers legally collect and sell personal information that scammers use to make phishing calls and texts personalized, convincing, and highly targeted. The average American has data held by over 100 data brokers. When a scam caller knows your name, address, employer, and recent purchases, that information likely came from a data broker rather than a direct breach of your accounts. ScamVerify™ FTC data shows 684,045 impersonation complaints where scammers used personal details to impersonate legitimate organizations, and 935,542 debt reduction complaints where callers appeared to know the victim's financial situation. The data broker industry generates $250+ billion annually, and a meaningful portion of that data ends up in scam operations.
What Data Brokers Know About You
Data brokers aggregate information from hundreds of sources to build comprehensive profiles on individuals. A typical data broker profile contains:
| Data Category | Examples | How Scammers Use It |
|---|---|---|
| Contact information | Phone numbers, email addresses, home address | Direct targeting via phone, text, email |
| Demographics | Age, gender, household size, income range | Tailoring scam pitches to demographics |
| Financial indicators | Credit range, homeowner status, estimated income | Debt reduction, investment, and insurance scams |
| Health indicators | Insurance type, prescriptions, conditions | Medicare and health insurance scams |
| Purchasing behavior | Recent purchases, subscription services, brand preferences | Impersonation of known brands |
| Online activity | Search history, website visits, app usage | Targeting based on expressed interests |
| Vehicle information | Make, model, year, registration | Auto warranty scams |
| Property records | Home value, mortgage status, years at address | Home improvement and refinancing scams |
| Family connections | Spouse, children, parents, relatives | Grandparent scams, family emergency pretexts |
This is not hypothetical. Data broker companies openly advertise these data categories to their customers. The customers are supposed to be marketers, insurers, and financial services companies. In practice, the data flows to anyone willing to pay.
How Data Brokers Supply Scam Operations
Direct Purchase
Some scam operations purchase data directly from legitimate-seeming data broker platforms. The broker may not know (or may not care) that the buyer intends to use the data for fraud. A "marketing company" buying 50,000 consumer profiles for "targeted outreach" looks identical to a scam ring buying the same data for robocall campaigns.
Reseller Networks
Data purchased from brokers is resold through informal networks. A single bulk purchase gets divided and resold multiple times, eventually reaching scam operations through intermediaries who obscure the original source.
Data Enrichment
Scam operations combine data broker information with breached databases to create enriched profiles. A data breach provides names and email addresses. A data broker adds phone numbers, addresses, income ranges, and financial indicators. The combined profile enables highly personalized scam contacts.
The FTC Complaint Connection
ScamVerify FTC data reveals the downstream impact of data broker activity:
| FTC Category | Complaints | Personalization Pattern |
|---|---|---|
| Impersonation | 684,045 | Caller knows victim's name, bank, employer |
| Debt reduction | 935,542 | Caller references specific debt amounts or credit status |
| Medical/prescriptions | 312,847 | Caller knows insurance provider, medications, conditions |
| Warranties/protection | 287,693 | Caller knows vehicle make, model, and warranty status |
| Home improvement | 83,326 | Caller knows home value, age, and location |
| Charity | 65,553 | Caller knows donation history and financial capacity |
In each category, the scam is more effective because the caller appears to have insider knowledge. That "insider knowledge" is purchasable from data brokers for pennies per record.
The Economics of Data Brokerage
What Your Data Is Worth
| Data Type | Broker Price Per Record | Scam ROI |
|---|---|---|
| Basic contact (name, phone, email) | $0.005 to $0.01 | Enables initial contact |
| Demographic profile | $0.01 to $0.05 | Enables targeting by age, income |
| Financial indicators | $0.05 to $0.25 | Enables debt, investment scam targeting |
| Health data | $0.10 to $0.50 | Enables Medicare, insurance scam targeting |
| Complete consumer profile | $0.25 to $1.00 | Enables fully personalized scam campaigns |
At these prices, a scam operation can purchase detailed profiles on 100,000 people for a few thousand dollars. If even 0.1% of those people fall for the scam at an average loss of $3,690, the return is massive.
The $250 Billion Industry
The data broker industry generates an estimated $250+ billion annually in the United States. Major players include Acxiom, Experian (consumer data division), Oracle Data Cloud, LexisNexis, and hundreds of smaller firms. The industry operates with minimal federal regulation, though some states (California, Vermont, Texas) have enacted data broker registration laws.
Why Personalized Scam Calls Work
The psychology of scams explains why personalization is so effective:
Authority through knowledge. When a caller knows your specific details, you subconsciously grant them authority. "We know about your credit card balance" sounds like a creditor, not a random scammer.
Urgency through specificity. "Your $14,532 in credit card debt qualifies for a government program" creates more urgency than "you may qualify for debt relief." The specific number makes the claim feel researched and legitimate.
Trust through familiarity. A caller who references your home address, vehicle, or recent purchase creates a sense that they have a legitimate relationship with you or a company you do business with.
Reduced suspicion. The primary defense against scam calls is suspicion: "How did they get my number? Why are they calling me?" When the caller already knows details about your life, the answers to these questions seem self-evident, and suspicion drops.
Data Broker to Scam Call: A Real Example
Here is how data broker information flows into a targeted scam call:
Step 1: Data acquisition. A scam operation purchases 50,000 consumer profiles of adults aged 60+ with estimated incomes over $75,000 and homeowner status. Cost: approximately $5,000.
Step 2: Enrichment. The purchased data is cross-referenced with breached databases to add any available email addresses, family member names, or financial account indicators.
Step 3: Segmentation. The 50,000 profiles are divided into campaign groups: Medicare/health (for those with health indicators), debt reduction (for those with credit indicators), and home improvement (for homeowners).
Step 4: Script customization. AI generates personalized call scripts for each segment. The Medicare script references the victim's state and insurance type. The debt script references estimated debt ranges. The home improvement script references property age and value.
Step 5: Campaign execution. Robocall systems dial the numbers with segment-specific pre-recorded messages. Live agents handle calls where the victim engages.
Step 6: Conversion. The personalized approach achieves higher answer rates (the caller seems to know the victim) and higher conversion rates (the pitch references real details). The $5,000 data investment generates tens of thousands in fraudulent revenue.
What You Can Do
Reduce Your Data Broker Exposure
- Opt out of major data brokers. Companies like Acxiom, Whitepages, Spokeo, and BeenVerified offer opt-out processes. This is tedious but effective for reducing your profile's availability.
- Search for yourself. Google your name + city + phone number to see what information is publicly available. Request removal from people-search sites that appear in results.
- Limit sharing. Be selective about what personal information you provide to retailers, apps, surveys, and loyalty programs. Every data point you share enters the broker ecosystem.
- Use privacy-focused settings. Opt out of data sharing in apps, browsers, and devices. Review privacy settings on social media platforms.
Defend Against Personalized Scam Calls
- Assume callers have your data. If an unknown caller references your personal information, that does not make them legitimate. Anyone can buy that data.
- Verify independently. When a caller claims to be from your bank, insurance company, or a government agency, hang up and call the organization directly at a number you find yourself.
- Check unknown numbers on ScamVerify before engaging. A number that appears in the FTC complaint database is almost certainly a scam, regardless of what the caller knows about you.
- Report personalized scam calls to the FTC at reportfraud.ftc.gov. Include details about what personal information the caller referenced.
For a related analysis of how data breaches specifically feed the scam pipeline, see our data breach to scam pipeline guide.
Check this number now
Enter any U.S. phone number to check it against millions of federal complaints and real-time carrier data.
FAQ
Is it legal for data brokers to sell my information?
In most of the United States, yes. Federal law does not comprehensively regulate data brokers. The California Consumer Privacy Act (CCPA), Vermont's Data Broker Registry, and a few other state laws provide some transparency and opt-out rights, but most Americans have limited legal recourse against data broker activity. Data brokers are required to honor opt-out requests in states with such laws, but enforcement is inconsistent.
How do scammers know my specific financial details?
Financial indicators (estimated income, homeowner status, credit range) are standard data broker categories sold to marketers, insurers, and lenders. When a scam caller references your approximate debt level or financial situation, they likely purchased that data from a broker or obtained it through a data breach. They do not have access to your actual bank account. They have estimated profiles that are often close enough to sound convincing.
Can I remove my data from all brokers?
Practically, no. There are hundreds of data brokers operating in the United States, and new ones emerge regularly. You can opt out of the largest ones (Acxiom, Whitepages, Spokeo, BeenVerified, Intelius, PeopleFinder) which covers the most commonly accessed sources. However, complete removal from all brokers is not feasible for most individuals. Data removal services exist but have varying effectiveness.
Why don't data brokers verify who is buying the data?
Most data brokers have terms of service that prohibit using purchased data for fraud. In practice, enforcement of these terms is minimal. Scam operations register as legitimate businesses, use intermediary companies, or purchase through resellers who obscure the end use. The volume of data sales (millions of transactions) makes individual buyer verification impractical at scale.
Does the FTC regulate data brokers?
The FTC has taken enforcement actions against specific data brokers for deceptive practices and has advocated for federal data broker legislation. However, no comprehensive federal law currently governs data broker activity. The FTC operates primarily through enforcement actions against the most egregious cases rather than systematic regulation of the industry.
