Garden State Cyber Threat Highlight
Original Release Date: 2/9/2023

As Valentine’s Day approaches, threat actors may attempt to prey on individuals seeking companionship or romance. The NJCCIC continues to receive reports of sextortion incidents in which victims are threatened with the release of compromising or sexually explicit photos or videos if an extortion payment is not made. Some sextortion threats are not credible, as threat actors are unable to provide proof of such photos or videos. However, there is an increase in reported sextortion incidents in which victims sent compromising or sexually explicit photos or videos to threat actors pretending to be trusting potential love interests.

Threat actors use social engineering tactics to lure their victims via email, text message, chat and video chat apps (such as Snapchat, WhatsApp, Skype, and Kik), social media platforms (such as Instagram, Facebook, and Wizz), or dating apps (such as Grindr and Hinge). They may initiate communication through one of these platforms and then move to other platforms. In several incidents, threat actors pretend to be attractive females targeting males to coerce a response. They build trust with their victims and convince them to divulge personal information—such as phone numbers, family members, employers, and social media account information—before threatening to post the photos or videos to the victim’s social media platforms or release them to family members, friends, or employers. They may also threaten to upload the explicit photos or videos to various pornographic websites if payment is not made. Extortion payments are typically demanded to be sent via Zelle, Venmo, Cash App, MoneyGram, Bitcoin, Coinbase, or in the form of gift cards. Similar to sextortion, threat actors may engage in romance scams by posing as potential love interests and building trust with a victim to establish a relationship quickly. Eventually they may create a fake emergency and request the victim send money to help. They may also encourage victims to invest in cryptocurrency that turns out to be a scam.

Sextortion and romance scams continue to be successful as threat actors change tactics to coincide with trends and topics of interest in order to increase their likelihood for a reward or payout. To help counteract these scams, the New Jersey Senate recently passed a bill to make sextortion a third-degree crime punishable by up to five years in prison and a $15,000 fine. For victims who are minors or adults with developmental disabilities, the offense would be a second-degree crime punishable by up to 10 years in prison and a $150,000 fine. If the bill is signed into law, New Jersey will become the 18th state in the United States to formally ban sextortion.

This year’s theme for Safer Internet Day on February 7 was sextortion with a focus on financial sextortion and making sure young people know they can always get help. Additionally, the FBI and international law enforcement agencies issued a joint warning regarding the explosion in sextortion incidents targeting children and teens. Over 7,000 reports of sextortion received by law enforcement agencies in 2022 resulted in over 3,000 minor victims, primarily boys, and more than a dozen victims died by suicide.

The NJCCIC recommends users educate themselves and others on this and similar scams to prevent future victimization. Please review the Beware of Sextortion and Romance Scams NJCCIC product. The NJCCIC also advises against paying ransoms of any kind, as these scams are typically not considered credible threats unless photos or videos are provided. Users are advised to inspect questionable requests for typical indicators of these scams, exercise caution with unsolicited communications, and refrain from providing photos or videos, personally identifiable information (PII), financial information, or funds. Users are encouraged to report cyber incidents via the NJCCIC Cyber Incident Report Form, the FBI’s Internet Crime Complaint Center (IC3) website, and their local police department. Users are also advised to report scams or abuse to associated email providers, social media platforms, or dating apps, especially if there is a violation of terms and conditions or acceptable use policies.

Original article: