the staff of the Ridgewood blog
Ridgewood NJ, over the last several years, the NJCCIC reported on sextortion scams in which victims were threatened with the release of compromising or sexually explicit photos or videos of the victim if an extortion payment was not made. Threat actors may use social engineering tactics to lure their victims via email, text message, or direct messages on social media or dating apps, and they may pose as potential love interests to build trust, communicate their story, and profess their love in an attempt to convince their victims to divulge information or send money. Other campaigns included claims that the threat actors successfully compromised the victim’s computer or mobile device and were able to take compromising screenshots or recordings of the victim that were sexually explicit in nature, further threatening to release them if an extortion payment was not made. These campaigns may appear convincing, but these threats were not credible as threat actors were unable to provide proof of the compromised photos or videos.
However, the NJCCIC recently received reports of sextortion incidents in which victims sent sexually explicit photos or videos to threat actors pretending to be potential love interests. In addition, the threat actors built trust with their victims and convinced them to divulge personal details—such as phone number, family members, employer, and social media account information—before threatening to release the photos or videos to their social media platforms, family members, and/or employers if a Bitcoin payment ranging from $500 to $3,000 was not made.
The NJCCIC recommends users educate themselves and others on this and similar scams to prevent future victimization, especially with the Valentine’s Day holiday approaching. Please review the NJCCIC Products Sextortion and Romance Scams Continue with New Tactics and Don’t Let a Romance Scam Break Your Heart or Empty Your Bank Account. We also advise against paying ransom of any kind as these scams are typically not considered credible threats. Users are advised to exercise caution with unsolicited communications and refrain from providing photos or videos, personally identifiable information (PII), financial information, or funds. We encourage users to report cyber incidents via the NJCCIC Cyber Incident Report Form, the FBI’s Internet Crime Complaint Center (IC3) website, and their local police department. We also advise users to report scams and/or abuse to associated email providers, social media platforms, or dating apps, especially if there is a violation of terms and conditions and/or acceptable use policies.
The New Jersey Cybersecurity and Communications Integration Cell, also known as the New Jersey Office of Homeland Security and Preparedness’ Division of Cybersecurity, is the first American state-level information sharing and analysis organization in the United States that exchanges cyber threat intelligence and conducts incident response for governments, businesses, and citizens in New Jersey.