The pandemic saw a surge in sextortion cases in 2020. Fast forward 12 months, and the numbers continue to rise significantly.

This revelation came from the FBI Internet Crime Complaint Center (IC3). Until 31 July 2021, it had received over 16,000 sextortion complaints, with victims losing a combined $8M USD at least.

“Nearly half of these extortion victims were in the 20-39 age group,” according to the IC3 PSA, “Victims over 60 years comprised the third largest reporting age group, while victims under the age of 20 reported the fewest number of complaints.”

Let’s not forget that the FBI released a sextortion page in their official site for kids and teens back in 2015. Today, internet users under the age of 18 are continuously targeted and victimized by sextortion, too.

It all starts innocently…

The start of any online relationship is usually not malicious. The same is true for all sextortion cases. The victims recount the common story of meeting someone either on social media, a dating app, or a gaming site. From there, their new-found “friend” suggests that they move their conversation elsewhere, either via email, a voice-over-IP (VoIP) service like Skype, or other platforms that allow the sharing or exchange of media.

Then, after some time, their “friend”—who at this point may still be a complete stranger to the victim—suggests that to the victim that they send some sexually explicit media of themselves, either a still photo. Sometimes, they even suggest conducting their intimate moments over a live video call, which the attacker surreptitiously records. Once the victim complies and performs the act, the “friend” then becomes an extortionist, threatening the victim and demanding payment to stop the “friend” sharing the images with the victim’s contacts, friends, and family.

While there are genuine sextortion attacks that follow the script above, there are also many fake sextortion attacks that rely on their notoriety to scare people into paying money. In this case, an attacker sends a message to a stranger that falsely claims to have control over a device or email account they own.

That this simple social engineering tactic works is evident from countless email campaigns over several years, targeting users of both PC and Mac.

(Source: The Federal Bureau of Investigation)

Protect against sextortion

To avoid sextortion, the FBI advises that people turn off electronic devices and webcams that aren’t being used; don’t open attachments from people they don’t know; and never send compromising images of themselves to anyone, ever. The last piece of advice will work, but we suspect that it’s probably culturally impossible by now, and it also opens the door for people who want to blame the victim (although that is not what the FBI is doing). While not taking compromising pictures is the only surefire guarantee that nobody can have compromising pictures of you, you are not to blame for having them used against you if you choose to.

In addition, we suggest you secure your online accounts using two-factor authentication (2FA) and a password manager. This won’t stop people using pictures that you’ve shared against you, but it makes it much harder for people to steal pictures and use them against you.

Stay safe!