Sextortion and Romance Scams
Mitigation,Scams
February 10, 2023
As Valentine’s Day approaches, cyber criminals attempt to prey on individuals seeking companionship or romance. The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) continues to receive reports of sextortion incidents in which victims are threatened with the release of compromising or sexually explicit photos or videos if an extortion payment is not made. Some sextortion threats are not credible, as cyber criminals are unable to provide proof of such photos or videos. However, there is an increase in reported sextortion incidents in which victims had previously sent compromising or sexually explicit photos or videos to cyber criminals pretending to be trusting potential love interests.
Cyber criminals use social engineering tactics to lure their victims via email, text message, chat and video chat apps (such as Snapchat, WhatsApp, Skype, and Kik), social media platforms (such as Instagram, Facebook, and Wizz), or dating apps (such as Bumble, Grindr and Hinge).
In several incidents, cyber criminals pretend to be attractive females targeting males to coerce a response. They build trust with their victims and convince them to divulge personal information – such as phone numbers, family members, employers, and social media account information – before threatening to post the photos or videos to the victim’s social media platforms or release them to family members, friends, or employers. They may also threaten to upload the explicit photos or videos to various pornographic websites if payment is not made.
Extortion payments are typically demanded to be sent via Zelle, Venmo, Cash App, MoneyGram, Bitcoin, Coinbase, or in the form of gift cards. Similar to sextortion, threat actors may engage in romance scams by posing as potential love interests and building trust with a victim to establish a relationship quickly. Eventually they may create a fake emergency and request the victim send money to help.
The NJCCIC advises against paying ransoms of any kind, as these scams are typically not considered credible threats unless photos or videos are provided. Users are advised to inspect questionable requests for typical indicators of these scams, exercise caution with unsolicited communications, and refrain from providing photos or videos, personally identifiable information (PII), financial information, or funds.
Incidents can be reported on https://www.cyber.nj.gov/report (the NJCCIC Cyber Incident Report Form) and https://www.ic3.gov (the FBI’s Internet Crime Complaint Center).
With any questions, always please make sure to reach us here at Cyber Command.