After Villanova shooting hoax, fake reports of active shooters stir fear at U.S. college campuses
The hoax calls and false alarms have hit at least 12 college campuses from Arkansas to Pennsylvania.
2 weeks ago
Police gather at the Villanova University campus where an active shooter was reported Thursday, Aug. 21, 2025, in Villanova, Pa. (AP Photo/Matt Slocum)
This story originally appeared on 6abc.
According to a report released Wednesday, analysts with the Center for Internet Security (CIS) and the Institute for Strategic Dialogue (ISD) believe it’s very likely a swatting group made false emergency reports targeting at least 10 universities, including Villanova.
The report states the calls, which were made between August 21 and 25, “resulted in lockdowns, panic, and significant disruptions to campus operations.”
The first call was placed last Thursday, August 21, to emergency services at the University of Tennessee at Chattanooga. “Approximately one hour later, the school announced law enforcement found no evidence of a threat,” the report states.
Then, around 4:30 that afternoon, the report states Delaware County’s Department of Emergency Services received a call reporting an active shooter on Villanova’s campus, “followed by several additional calls with “gunshot-like” sounds in the background.”
Students were urged to shelter in place for about an hour before the university president deemed the entire situation a cruel hoax.
According to the report, two additional calls targeted the University of South Carolina and the University of North Carolina at Chapel Hill on Aug. 24.
On Aug. 25, analysts believe the same group targeted at least six more colleges – the University of Arkansas, Iowa State University, Kansas State University, University of Maine, University of New Hampshire, and the University of Colorado Boulder.
Action News spoke with Rob D’Ovidio, a cybersecurity expert at Drexel University, about how these swatting calls are done.
“They’re using a voiceover IP service, like Google Voice, in this case. And then what they usually do is they usually try to get a hacked account. So they use someone else’s account to throw the attention on that person,” he explained. “They’ll layer that with a VPN to hide their location in the network.”
D’Ovidio said this method makes it challenging for a call center to pinpoint the caller’s IP address in order to figure out where the call originated.
He said, “It makes it very difficult for law enforcement to catch someone like this.”
The report states these swatting cases can provide notoriety to groups on the dark web, “boost their reputation, attract larger audiences, and generate revenue for group members.”
Analysts said the group likely responsible for these calls is best known for the arrest of three of its former members who were charged in May 2024 with threatening a variety of facilities in several states, including Delaware, New York and Ohio.
“This particular subgroup is all about chaos, and mayhem, and causing damage and destruction,” D’Ovidio said. “We’re not talking about a bunch of kids playing pranks here. These are serious crimes that these individuals are committing.”