Minors and Adults Targeted in Sextortion Scams

Summary

Over the last several years, the NJCCIC reported on various extortion phishing scams known as “sextortion.” The most common sextortion campaigns claim that the perpetrator compromised the recipient’s device and took adult content screenshots or videos, and threatens to release them if a ransom is not paid. In order to convey a sense of legitimacy, the threat actor also includes “proof” of device compromise by including one of the recipient’s password; however, it is likely that this credential was merely exposed via a public data breach. While these scammers are simply trying to trick users, threat actors are targeting minors and others in sextortion scams that could lead to prolonged victimization. Online predators are targeting minors by attempting to gain their trust via various social platforms and requesting inappropriate images or videos. Once they are sent, the predator threatens to publicly release the explicit media unless more images/videos are shared. Adults are also targeted using similar tactics. Once explicit images or videos are shared, the perpetrator threatens to release the media unless a ransom is paid. Alternatively, the perpetrator will send photos to the victim and subsequently claim the images are of a minor, further threatening to report them to the authorities unless a ransom is paid.

Recommendations

The NJCCIC highly advises victims of sextortion to file a report with their local police department. Additionally, users are recommended to be selective about the information and media they share online, and exercise caution with communications received from unknown users/senders. More information on sextortion attempts can be found in the FBI press release, “FBI Warns of Sextortion Attempts in Arizona.”