Sextortion
What is Sextortion?
SextortionExtortion based on the threat to publish or share intimate images, real or fabricated, unless the victim pays money or complies with further demands.
Sextortion is a form of coercion in which an attacker threatens to release sexual or compromising material to coerce payment, additional explicit content, or other actions. Tactics include compromising a victim's account or device to steal real images, grooming and luring on dating or social platforms, manipulating people on webcams, and bulk "fake" email campaigns claiming malware on the device and presenting an old leaked password as proof. Increasingly, attackers use AI-generated deepfake imagery to threaten people who have never produced intimate content. Mitigations include strong account hygiene (MFA, unique passwords), webcam covers, caution with strangers online, refusing to pay, preserving evidence, and reporting to platforms and law enforcement; specialist support hotlines exist for minors and adult victims.
● Examples
- 01
Mass email claiming malware recorded the recipient via webcam, demanding cryptocurrency payment.
- 02
An attacker who befriends a minor on social media, obtains explicit material, then threatens to send it to family.
● Frequently asked questions
What is Sextortion?
Extortion based on the threat to publish or share intimate images, real or fabricated, unless the victim pays money or complies with further demands. It belongs to the Attacks & Threats category of cybersecurity.
What does Sextortion mean?
Extortion based on the threat to publish or share intimate images, real or fabricated, unless the victim pays money or complies with further demands.
How does Sextortion work?
Sextortion is a form of coercion in which an attacker threatens to release sexual or compromising material to coerce payment, additional explicit content, or other actions. Tactics include compromising a victim's account or device to steal real images, grooming and luring on dating or social platforms, manipulating people on webcams, and bulk "fake" email campaigns claiming malware on the device and presenting an old leaked password as proof. Increasingly, attackers use AI-generated deepfake imagery to threaten people who have never produced intimate content. Mitigations include strong account hygiene (MFA, unique passwords), webcam covers, caution with strangers online, refusing to pay, preserving evidence, and reporting to platforms and law enforcement; specialist support hotlines exist for minors and adult victims.
How do you defend against Sextortion?
Defences for Sextortion typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Sextortion?
Common alternative names include: Webcam extortion, Intimate-image blackmail.
● Related terms
- attacks№ 1065
Social Engineering
The psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker.
- attacks№ 355
Doxxing
Publishing or threatening to publish a person's private identifying information online with the intent to harass, intimidate, or facilitate harm.
- ai-security№ 297
Deepfake
Synthetic audio, image, or video media generated by AI to convincingly depict a real person saying or doing something they did not.
- attacks№ 821
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
- malware№ 900
Ransomware
Malware that encrypts a victim's data or locks systems and demands payment in exchange for restoring access.
- attacks№ 010
Account Takeover (ATO)
An attack in which a criminal gains unauthorised control of a legitimate user account and uses it to steal funds, data, or commit further fraud.
● See also
- № 1118Swatting