Hackers Don’t Want Your Password—They Want Your Everlasting Soul

And they use your personal data to get it.

Okay, that’s dramatic. But only a little.

Brett Johnson is the “Original Internet Godfather, OG cybercrime guy turned good. He was on the FBI’s most wanted list for among other things, inventing the tax fraud scheme that still delays your tax refund today. Brett knows something most security experts miss: Criminals don’t hack systems. They hack you.

Not your computer. Not your phone. You. Your loneliness. Your hope. Your garden-variety grief. Your distraction. Your desperate need to believe that puppy in Atlanta is real.

“She wanted to believe that that was real, so much that she shuts out everything that opposes that belief… If someone wants to believe something, they tend to shut out anyone who disagrees or who might disrupt that belief.”

Here’s what happened: Brett’s friend found a something-doodle puppy online. Perfect price, perfect timing. She loaded her two kids in the car and started driving to Atlanta to pick it up. But Brett—being Brett—smelled a scam. He warned her. She ignored him. He found the listing on Craigslist, contacted the seller himself, discovered it was fake, sent her proof. She didn’t mind. She wanted that dog. And that wanting was more powerful than any evidence Brett could provide.

That’s the game. Criminals don’t need your password if they can catch you wanting something badly enough, or get you to want it in real time. The perception of truth is more important than truth itself.

The Make-Believe Economy

I call it a game of “make-believe.” Not as an insult, mind you. It’s a technical description of the criminal toolkit.

Romance scammers don’t need to be attractive. Pig butchering schemes don’t need legitimate investment platforms, just believable ones. Tech support scams don’t need actual Microsoft credentials. They just need you to believe the story or situation long enough to take action.

“I can go on the dark web, I can buy someone’s complete identity for 30 bucks up to $150… If you can’t buy it ready-made, you can make it yourself. You go to Ben Verified, Spokeo, TruthFinder whatever. You get the background check… That typically is enough information to open up new accounts, take over existing accounts, really whatever type of identity fraud you want to commit.”

Here’s Brett’s playbook when he was on the other side:

• Buy stolen credit card details or banking info on the dark web (cheap)
• Pull a background check from public databases like Spokeo or TruthFinder (cheaper)
• Get family and associate information to build the full picture (free)
• Use that data to answer security questions and pass authentication (priceless)

Notice what’s missing? Advanced hacking skills. Zero-day exploits. None of that Hollywood stuff. Just public information, duct-taped together with a good story.

Your data isn’t just sitting there. It’s ammunition.

Predators Want Your Reaction, Not Your Password

Brett has a theory about why security awareness training fails: It operates at a rational level, but criminals attack at an emotional level.

You can teach someone about phishing emails all day long. But when they’re going through a divorce? Just lost a job? Feeling isolated and desperate? That training evaporates.

“As an attacker, I’m getting you to set aside reason, logic, rationale, and to react emotionally… Whatever platform that you’re on, there are predators in that environment. If you start to understand that, you’ll develop that online situational awareness that you need.”

Brett calls these “transition states”—moments when you’re vulnerable because life just knocked you sideways. Divorce. Death in the family. Job loss. Even just ordinary loneliness.

Criminals weaponize these moments. They don’t want your password. They want your desperation. Your hope. Your need to believe something good is finally happening.

They want the part of you that shuts down your bullsh*t detector because you need the story to be true.

So What Do You Do to protect your personal data?

Brett’s advice isn’t about firewalls or password managers (though use those too). It’s about something he calls situational awareness:

1. Recognize transition states. Going through a breakup? Lost your job? Just moved? You’re in the danger zone. Not because you’re weak—because you’re human.

2. Audit your digital life when relationships change. Divorce? New job? Review shared accounts, passwords, location sharing. Default trust settings need to be manually reset.

3. Starve the script. Criminals build their con using your publicly available data. Remove your personal information from data broker sites. Without ammunition, they can’t build believable stories about knowing your uncle Bob or your time on Pond Road.

4. Kill the “should” error. Stop thinking about how things should be. See the link, the offer, the person as they actually are: potential traps. The puppy should be real. Your tax refund should arrive faster. That person should love you. “Should” doesn’t matter. What’s actually in front of you matters.

If you feel sudden fear or desperate want or any kind of urgency, stop. That’s the attack. Once you recognize the manipulation, they lose their leverage.

The Bottom Line

Your everlasting soul is safe. Probably.

But your loneliness? Your hope? Your belief? Those are absolutely for sale to the highest bidder on the dark web.

Hackers don’t want your password. They want you in a state where the password doesn’t matter—where you’ll hand over everything willingly, because you need the story to be true.

Don’t give them that.