“Sextortion” scams are some of the most brazen ways cybercriminals try to get money from you. These extortion tactics use fear and shame to get you to pay. Just like individualized ransomware attacks, you’ll be exposed publicly if you don’t pay.
Since these attacks target individuals, not companies, all employees need to know the signs to avoid being a victim. While the initial risk is on the individual, the ultimate impact could be on their company, as scammers may not only want money but also sensitive info. Here are the tactics to be aware of and how they work.
What are Sextortion Scams?
Sextortion scams happen when a threat actor digitally blackmails an individual by referencing a real-life experience, like infidelity or visiting adult websites. They are called “sextortion” scams because they involve a sexual element that the scammers make out to be shameful.
How Do They Work?
Usually, these scammers threaten to expose the victim’s perceived shameful activities to colleagues, friends, and family. The demand is for payment to keep this info quiet. Not all sextortion scams involve sexual elements; some use threats of physical harm to extort money. For example, some scammers may threaten to harm or kill the victim if payment is not made immediately.
History of Sextortion Scams
While sextortion scams aren’t new, they have changed a lot in the last few years. This is evident in the demographics of their targets:
Women: Historically, victims were young women, often someone they had dated in real life or met online. These perpetrators would have private or sexual images of the victims, which they would use to extort.
Teenagers: More recently, criminals have been targeting teens and children, coercing them to send explicit images of themselves. These images are then traded among criminals and further perpetuate the cycle of exploitation.
Strangers: Also, sextortion emails are sent to individuals who have never had any prior contact with the scammer. To prevent these unsolicited emails from landing in your work inbox, you can use secure email gateways to block common email attacks.
Payment Methods
Most scammers ask for payment in cryptocurrency, usually Bitcoin. Bitcoin is convenient for criminals because it has minimal legal regulation across countries. With no oversight, it’s the perfect vehicle for criminal activities, as it provides anonymity and makes tracing transactions hard.
The Sextortion Scam Formula
Sextortion scams have common elements that make them so effective. Knowing these elements can help you recognize and respond to these threats better.
Common Themes and Tactics
Fear and Emotion
The goal of a sextortion scam is to make the recipient feel intense fear and anxiety. Scammers use graphic language and scary scenarios to create a sense of urgency and make you feel trapped and desperate.
Making it Real
Scammers go to great lengths to make the recipient believe the email is real. They may include personal details or references to past conversations to make the threat seem credible. This is to lower the victim’s guard and make them more likely to comply with the demand.
Presenting the Threat as Immediate
The threats of sextortion scams are often presented as immediate and unavoidable. Scammers may claim to have compromising material, like explicit images or videos, and threaten to share this with the victim’s friends, family, or colleagues if their demand is not met.
Justifying the Payment
Scammers present the payment as a reasonable transaction to keep the details private. They may say paying the fee is the only way to avoid public humiliation and protect your reputation. This is to play on your fear of being exposed and ashamed.
Resistance is Futile
Many sextortion scams include language that implies resistance is useless. Scammers may say they have already taken steps to expose you or that they have the means to follow through on their threats. This is to discourage you from seeking help or reporting the scam.
Act Fast
Scammers want you to act quickly, creating a sense of urgency that can make you cloudy-headed. They may set tight payment deadlines to heighten your anxiety and make you more likely to comply without thinking through the consequences.
Sextortion Tactic 1: Credibility
Don’t Believe Everything You Hear. One of the tactics used in sextortion scams is credibility. Scammers use various ways to make their threats seem more believable and to scare you.
Credibility Statements
To make their claims more believable, scammers include statements that make the victim think they are part of a bigger and more dangerous operation. Phrases like “I am a member of an international hacker group” or “My nickname in the dark net is Gray24” are common. These statements are to make the person demanding ransom think they have the skills and resources to carry out their threats.
Technical Talk and Explanations
Scammers provide complex technical explanations to make the victim think their computer was compromised. By using technical language, they create an illusion of expertise and make the victim more likely to believe them. This makes the victim feel helpless and more likely to comply with the demand out of fear of further consequences.
Poor Grammar
Another tactic is to use poor grammar, which is often a red flag for scams. Scammers may pre-empt this by apologizing for their grammar, like “I apologize for my grammar; I’m from China.” This is to explain away the warning signs of bad grammar and make the email look more believable.
While the scammer may have language barriers, it’s equally possible this is a calculated move to disarm the victim’s skepticism. Victims should be cautious and not let fear cloud their judgment because of these tactics.
Sextortion Tactic 2: Threats
Sextortion scams use threats, which can be direct or implied. The goal is to instill fear in the victim and get them to comply with the scammer’s demands.
Direct Threats
Direct threats are obvious and menacing, often with explicit warnings of what will happen if you don’t comply. For example, scammers may threaten to send a captured video of you to your friends, family, and colleagues. This is very effective because it reflects your fear of public humiliation and damage to your personal and professional relationships.
Besides these threats, scammers may also intimidate by saying that malware has been installed on your computer. They may claim that malware can track your online activity and that your device will be locked if you try to do anything with the email. This combination of threats makes you feel helpless and more likely to comply.
Implied Threats
Implied threats are more subtle and subliminal. These threats are related to the consequences of exposure, like shame or loss of relationships. For example, a scammer may say, “I don’t think what you look at on your computer when no one is around is really bad, but when all your colleagues, relatives, and friends receive a video record of it, that’s definitely bad news.” This kind of language is to provoke anxiety and fear without stating the consequences, making the threat feel more personal and immediate. You are left to imagine the worst-case scenarios, which can be even more terrifying than direct threats.
The Reaction Varies
These threats are designed to trigger fear, a powerful primal instinct that can override rational thinking and careful decision-making. Fear can make people act impulsively and not in their best interest.
Also, people experience fear differently; some may react more than others. Those who are more fear-averse may feel an overwhelming urge to comply with the scammer’s demands to make the situation go away fast. This heightened sensitivity to fear makes them more vulnerable to sextortion scams as they may prioritize quick relief over careful consideration of their options.
Sextortion Tactic 3: Urgency and Grooming
Sextortion scams often combine fear with a sense of urgency. This works because fear, like other visceral influences—like strong emotions, sexual desire, and hunger—is short-lived. Once the initial shock wears off, the victim will start to think more clearly, which is why creating a sense of urgency is key to the scammer’s success. The goal is to get the potential victim to act while they are still in a state of heightened emotion and irrationality.
The Pressure to Comply
Victims are given a short timeframe, usually 24 to 48 hours, to comply with the scammer’s demands. This limited window creates panic and makes the victim act impulsively without considering the consequences. Some scams go a step further by saying the countdown starts the moment the email is opened, making the pressure to act fast even more intense.
Grooming Techniques
Besides urgency, scammers also use grooming techniques to make the victim feel secretive and compliant. They may tell the victim to be discreet when buying Bitcoin or other cryptocurrencies, saying their future depends on keeping the transaction private. This tactic plays on the victim’s fear of exposure, making them believe that if they get caught, the compromising footage the scammer claims to have will be released.
By making the victim feel secretive and urgent, scammers create an environment where the victim feels alone and pressured to comply without seeking help or advice from others. This grooming makes the victim feel like they are the only one in this situation and further isolates them from their support systems.
Sextortion Tactic 4: Justifying the Crime
A common tactic in sextortion scams is to justify the crime itself. Many of these emails contain elements that normalize the disgusting act of extortion, making it less shocking and more acceptable to the victim.
Normalizing the Ask
Scammers will downplay their actions by framing the payment as reasonable. They may call it a “confidentiality fee” or a “privacy donation,” which obscures the criminal nature of the transaction. By using euphemistic language, they want the victim to feel like they are in a legitimate transaction, not extortion.
Detaching the Personal
Besides normalizing the payment, scammers will also say their actions are not personal. They may say this is just a job for them, and the victim should not hate them for what they are doing. This tactic creates detachment, making the victim feel like they are dealing with a faceless entity rather than a malicious person.
By framing extortion as something more socially acceptable, like debt collection, scammers try to reduce the emotional impact of their threats. They may say the fee is unpleasant, but it’s like a legally enforced charge the victim must pay, further normalizing the extortion process.
Sextortion Tactic 5: Psychological Harm and Helplessness
Extortionists use several tactics to break the psychological resilience of their victims and make them feel shame, humiliation, and helplessness.
Words
In almost all sextortion scams, victims are bombarded with carefully chosen words and phrases that evoke strong feelings of shame and humiliation. Words like “nasty,” “dirt,” “sordid,” “unpleasant,” and “unbridled” are commonly used. The repeated use of these words throughout the correspondence makes the victim feel more ashamed and can trigger a higher fear response.
Scammers may also include statements that invoke social norms to further frighten the victim. By framing the situation in a way that emphasizes social judgment, they increase the emotional impact of their threats.
Social Norms
Scammers use social norms to manipulate their victims. For example, a common tactic is to say, “I was shocked by what I saw!!! I want to say that you are a BIG pervert. Your fantasies are far from normal.” This kind of language is to provoke a strong emotional response by making the victim feel their behavior is way off from social norms.
Since people behave according to social norms, potential victims may feel that society would condemn them if their actions were exposed. This fear of social rejection can make victims pay the ransom to avoid the shame and humiliation of being exposed.
Secrecy
Many sextortion emails also include a section that tells victims not to report the crime to the authorities. Scammers may say something like, “At this point, you may be thinking, ‘I’ll just go to the cops,’ which is why I used a fake name and a fake return address and took steps to make this email cannot be traced back to me.” This tactic makes the victim feel helpless. By making the victim believe there’s no recourse or protection available, scammers increase the chance of resignation and eventual compliance. The victim may feel trapped, thinking they have no other choice but to comply with the demands to avoid further consequences.
Sextortion Scams: What to Do
If you find yourself in a sextortion situation, you need to stay calm. Here’s what to do:
1. Pause and Reflect
In any situation where emotions are high, fear is present, or you feel uncomfortable, the best thing to do is to pause. These intense feelings are temporary but can cloud your judgment and decision-making. Give yourself some time to calm down and think clearly before you do anything. This pause can help you regain perspective and avoid making impulsive decisions based on fear.
2. Share Your Experience
Once you’ve paused and reflected, the next step is to share your experience. Report the incident to the authorities. This will not only guide you on what to do next but also help in the fight against sextortion scams. Law enforcement agencies can give you valuable advice and may be able to investigate the case.
3. Seek Support
In addition to reporting the scam, reach out to trusted friends or family. Sharing your experience with someone you trust can give you emotional support and help you process the situation. They may give you insights or advice you haven’t thought of, and having a support system can make you feel less alone.
4. Know the Scammer’s Motive
Even if the threat is very real, remember that sextortion attackers don’t get paid by exposing you to your friends and family. Their main goal is to get money from you. By knowing this, you can better assess the situation and realize that compliance is not the only option. Scammers bank on fear and secrecy to control their victims, so breaking that silence can weaken their hold.
5. Educate
Sharing your story and the email you received can raise awareness about this type of scam. By telling others about your experience, you’re contributing to the collective knowledge about sextortion scams, which can help others avoid falling into the same trap. Awareness is a powerful weapon against these scams because it enables individuals to recognize the signs and react accordingly.