Each week, the NTIC Cyber Center highlights a different social engineering scam impacting individuals and communities within the National Capital Region. We encourage everyone to share this information with friends, colleagues, and loved ones to help reduce their risk of becoming a victim of financial fraud and identity theft.
Sextortion is a cybercrime in which criminals threaten to distribute sensitive or incriminating content if a victim does not comply with certain demands. There are several ways criminals can perpetrate these scams, but their objective remains the same: to profit from the extortion of innocent victims.
In one iteration of the scam, cyber criminals approach victims through dating apps or social media platforms and seduce them into participating in online sexual activities. Posing as interested partners looking for an intimate relationship, they may engage victims in conversations of a sexual nature, solicit incriminating photographs, or invite victims to share live video content. Without the knowledge or consent of victims, however, criminals take screenshots of exchanges, save sensitive photographs, and record live video interactions with the ultimate intent of compiling a dossier of compromising material with which to blackmail a victim.
Cyber criminals may also use hacking activity to steal personal or incriminating content from victims. They can obtain this material in any number of ways, including using stolen or weak passwords to access a victim’s computer files or sending malware that allows them to remotely enable webcams and microphones to record victims. Unfortunately, many victims do not even realize that criminals have secured a direct view of their private life and content until it’s too late.
Additionally, cyber criminals may initiate sextortion scams by simply pretending to possess a victim’s private content. They often send notifications to victims via email and attempt to make their claims more believable by including information such as the names of a victim’s friends identified on social media or a victim’s old password taken from a previous data breach.
After cyber criminals have amassed sensitive material or merely allege to have done so, they threaten to distribute this content to victims’ families, work associates, or the public if they do not receive payment. In addition to demanding money, cyber criminals may also blackmail victims in exchange for sensitive information, access to military or government facilities, computer network credentials, or additional sensitive photographs or videos. Criminals may also pose as law enforcement entities, lawyers, or parents claiming to represent an underage victim and threaten fines or arrest if victims do not pay. Sextortion scams have unfortunately proven to be an attractive and profitable technique for cyber criminals since victims often comply with demands to avoid any embarrassing repercussions of the release of their private content.
The NTIC Cyber Center recommends educating friends and relatives of the dangers associated with sextortion scams and sharing the following techniques to defend against them:
Remain vigilant when corresponding with unknown entities on social media platforms or dating apps and be suspicious of anyone requesting photographs or videos.
Refrain from sending sensitive, personal, or compromising material to anyone on social media platforms, dating apps, messaging platforms, or by text message.
Avoid keeping intimate photos or videos on internet-connected devices; if your device is infected with malware, it may allow cyber criminals to access this content.
Never open attachments or click on links in unexpected or unsolicited emails.
Keep antivirus software up-to-date to guard against any known spyware or malware.
Consider blocking your computer’s webcam and phone’s front-facing camera when not in use to reduce the risks posed by snooping cyber criminals.
Routinely review camera and microphone permissions granted to apps on computers and mobile devices. Revoke any permissions that do not match the functionality of the app or remove the app from the device.
If you believe you or a loved one may be the victim of a sextortion scam, report the crime to a local law enforcement entity, the US Department of Homeland Security at firstname.lastname@example.org, and the FBI’s Internet Crime Complaint Center.