Sextortion Scams

Sextortion scams exploit powerful emotions, particularly fear and shame:

• Fear of Embarrassment/Public Exposure: The primary driver is the intense fear of private, intimate content being shared publicly, potentially damaging personal relationships, careers, or social standing.
• Shame and Guilt: Victims might feel ashamed, especially if the threat involves content they regret or if they believe they did something to invite the situation, making them less likely to seek help.
• Belief in the Threat: Scammers often make their claims sound convincing. They might know the victim's name, email address, or password (obtained from previous data breaches), leading the victim to believe the threat is real.
• Isolation and Panic: The scam creates a sense of isolation and panic. Victims might feel they have no one to turn to and that paying the demand is the quickest way to make the problem "go away."
• Hope the Problem Goes Away: Some victims pay in the hope that complying will stop the harassment, even if they are unsure about the validity of the claim.
• Targeting Specific Behaviors: Scammers might target individuals who engage in online activities (like visiting adult websites) where the threat feels more plausible or shameful.

Sextortion scams typically follow a pattern designed to maximize fear and compliance:

1. The Threat (The Contact): The victim receives the extortion message. This usually happens via:
   • Email: The most common method. The email might appear to come from the victim's own email address (making it look like a sent item or draft) or from an unknown address.
   • Social Media Message: Private messages on platforms like Facebook, Instagram, WhatsApp, or dating apps.
   • Text Message (SMS): Less common, but possible.
2. The Claim (The Bluff): The message makes a specific claim to appear credible:
   • Hacking Claim: States they have hacked the victim's device (computer, phone) and activated the webcam to record compromising activity, often mentioning a specific time or website visited.
   Possession Claim: Claims they already have compromising photos or videos of the victim, perhaps obtained from a previous online interaction or data breach.
   • Password Inclusion: To increase believability, the scammer often includes a real password the victim uses (obtained from previous data breaches and easily accessible to criminals). This makes the threat seem more real.
3. The Demand (The Extortion): The scammer makes their financial demand.
   • Usually requests payment in Bitcoin or another cryptocurrency, which is harder to trace.
   • The amount demanded can vary but is often several hundred dollars.
   • Includes instructions on how to purchase and send the cryptocurrency.
4. The Threat of Exposure (Intimidation): The message threatens what will happen if the demand is not met:
   • Promises to send the (non-existent) images/videos to the victim's contacts, family, friends, employer, or social media networks.
   • May threaten further harassment or increase the demand.
5. The Pressure (Urgency): The scammer creates urgency to prevent the victim from thinking or seeking help.
   • Sets a deadline for payment ("Pay within 48 hours").
   • States that law enforcement has been notified (a lie).
   • Claims they are "watching" the victim's online activity.
6. The Victim's Response (Fear/Compliance): The victim, fearing the consequences, might:
   • Ignore the message, realizing it's a scam (Best response).
   • Panic and pay the demand.
   • Seek help from friends, family, or authorities.
   • Research the included password and realize it's from an old breach (leading to the correct conclusion that it's a scam).
7. The Outcome (The Scam): If the victim pays:
   • The scammer receives the cryptocurrency and disappears.
   • The victim receives no proof of any images/videos and realizes they've been scammed.
   • The scammer might even contact the victim again later demanding more money ("You told someone," "We need to be sure").
   If the victim doesn't pay:
   • The scammer might send a few more threatening messages.
   • They will eventually move on to their next target.

While the core mechanism is similar, sextortion scams can vary slightly in their approach:

• Basic Email Sextortion: The standard form involving an email claiming to have compromising content and demanding payment.
• "Webcam Hacking" Sextortion: Specifically claims to have hacked the victim's webcam and recorded them.
• "Password" Sextortion: Relies heavily on including a real password obtained from a data breach to add credibility.
• "Social Media" Sextortion: Threats made via direct messages on social media platforms, often claiming to have screenshots or chats.
• Romance Sextortion: Arises from a romance scam where intimate content was shared during the fake relationship, and the scammer later threatens to release it unless more money is paid. (Also covered under Romance Scams).
• "Celebrity" Sextortion: Threatens to release fake or non-existent compromising content of the victim pretending to be a celebrity.
• Recurring Demands: After an initial payment (if made), the scammer contacts the victim again for more money, claiming the initial payment wasn't enough or that they've told someone.

Prevention involves cybersecurity best practices and understanding that the threat is usually a bluff:

• Understand It's Usually a Bluff: Remember that in most cases, the scammer does not have any compromising images or videos of you. Their goal is to scare you into paying.
• Use Strong, Unique Passwords: Create complex passwords for all your online accounts and use a password manager. If one account is compromised in a data breach, unique passwords prevent the scammer from accessing your other accounts.
• Enable Two-Factor Authentication (2FA): Add an extra layer of security to your important accounts (email, social media, banking).
• Keep Software Updated: Regularly update your operating system, browser, and antivirus software to protect against known vulnerabilities.
• Be Cautious Online: Be mindful of the content you share online and with whom, especially on dating apps or adult websites. Avoid allowing websites to access your webcam unless absolutely necessary and trusted.
• Check HaveIBeenPwned: Regularly check the website haveibeenpwned.com to see if your email addresses have been involved in known data breaches. If they have, change the passwords for those accounts immediately.
• Don't Engage: Do not reply to sextortion emails or messages. Do not click links or download attachments from suspicious messages.
• Secure Your Webcam: Consider covering your webcam with tape or a slider when not in use, or use software that manages webcam access.

Recognizing the warning signs of a sextortion scam:

• Unsolicited Email/Message Claiming Compromise: Receiving an unexpected message claiming they have compromising images or videos of you.
• Inclusion of a Real Password: The message includes a password you recognize, often obtained from a previous data breach.
• Demand for Payment in Cryptocurrency: Almost always requests payment via Bitcoin or other hard-to-trace digital currencies.
• Threats of Public Exposure: Promises to send the content to your contacts, family, or employer.
• Urgency and Deadlines: Insists you must pay within a specific timeframe.
• Claims of Hacking/Watching: States they have hacked your device or are watching your online activity.
• Poor Grammar or Spelling: Many sextortion emails contain errors, though some are well-written.
• Threats Based on Browsing History: Mentions specific websites you visited (likely obtained from a data breach or malware, but often just a guess).

If you receive a sextortion threat, here's what you should do:

1. Do NOT Pay: This is the most important step. Paying the scammer will not make the problem go away and will likely result in further demands. You are throwing money away.
2. Do NOT Panic: Take a deep breath. Remember, the scammer is likely bluffing.
3. Verify the Password (if included): If the message includes a password you recognize:
   • Go to haveibeenpwned.com and check if that email/password was part of a known data breach.
   • This will confirm that the scammer likely obtained the password from a third-party breach, not by hacking you directly.
4. Report the Scam:
   • Email Provider: Report the email to your email provider's spam/phishing reporting system.
   • IC3 (US): FBI's Internet Crime Complaint Center
   • Action Fraud (UK): Action Fraud
   • Local Authorities: File a report with your local police, especially if you've already sent money.
   • Platform Reporting: If the threat came via social media, report the account to the platform.
5. Secure Your Accounts:
   • Change the passwords for the accounts associated with the threat (especially email and social media), especially if the included password was current.
   • Enable Two-Factor Authentication (2FA) if you haven't already.
   • Run a scan with your updated antivirus software.
6. Document Everything: Save the sextortion message(s) as evidence.
7. Talk to Someone: Don't suffer in silence. Talk to a trusted friend, family member, or counselor. The shame is part of the scammer's tool; don't let it isolate you.
8. If You Paid: If you already sent cryptocurrency or money:
   • Report it immediately to the authorities listed above.
   • Contact your bank or the money transfer service if you used one (wire transfer, Western Union). Recovery is unlikely but reporting is important.
   • Report cryptocurrency transactions to your wallet provider or exchange. Recovery is extremely difficult, but it helps track activity.
   • Get Help Recovering Funds: Professional assistance might be available to help trace and potentially recover funds sent through complex financial systems, though success is not guaranteed, especially with cryptocurrency.