‘Chelsea’ asked for nude pictures. Then the sextortion began.


‘David’, a 32-year-old pharmacy technician who fell for a sextortion scam, in Manhattan on Feb 8, 2024. Young men are being coerced into sending naked pictures to scammers pretending to be women – who then demand money. The consequences can be devastating. — The New York Times

The Instagram message popped up from a girl named Chelsea: “Howdy.”

David didn’t know anyone named Chelsea, but he clicked through her profile: She had brown hair and a nice smile; under her name was a quote from the Bible. He thought it was sort of weird that she was messaging him, a stranger, in the middle of a workday, but her pouty selfies made that easy to ignore.

He was hesitant when she asked him to chat, but soon her flirty messages escalated to a volley of explicit pictures, and David, a 32-year-old pharmacy technician, got carried away. When she asked him for a nude, he hardly thought twice, he said. He slipped into the bathroom at the New Jersey hospital where he works, took a picture and hit send.

Within seconds, the threats began.

David’s phone lit up with messages: pictures he had sent with his genitals exposed alongside screenshots of his Instagram followers with whom he shares a last name – his family. “She said: I’m demanding US$500 (RM2,341), if not I’m going to send it to all of these people,” said David, who asked that only his middle name be used to protect his privacy. “Then she started a countdown.”

But there was no Chelsea. The real person behind the account, David said, was a man who, over the course of three fraught days, inadvertently revealed he was in Nigeria as he demanded hundreds of dollars to keep David’s pictures private. As he paid up, David joined the thousands of people cowed under a new scam that has exploded over the past three years to become the fastest-growing cybercrime, according to both the FBI and the Department of Homeland Security.

Called financial sextortion, it is a uniquely modern riff on the romance scams of yesteryear in which the lonely were seduced into parting with their money by people posing as suitors. In other versions of the scheme that focus on women and girls, explicit images are typically coerced for sexual gratification or to be sold as pornography. This new iteration preys on young men and teenage boys, and the images are held as ransom – often for as little as a few hundred dollars, to be paid typically through cryptocurrency or even gift cards from the sender.

But cybercrime agencies caution not to be deceived by the seemingly small stakes. Many victims caught in this scam are minors – of the 13,000 reports of financial sextortion the FBI received between October 2021 to March 2023, a vast majority of them involved boys. And though David’s dealings with “Chelsea” cost him US$750 (RM3,511) – as well as spiraling anxiety and a deep sense of humiliation – the consequences for young boys can be devastating. According to the FBI, between January 2021 and July 2023, at least 20 teenagers, when faced with the threat that an embarrassing photo would ruin their lives, have killed themselves.

“They can’t understand temporary versus forever,” said Mary Rodee, the mother of Riley Basford, a 15-year-old from Potsdam, New York, who in 2021 killed himself just hours after he was enticed by a scammer who posed as a girl his age on Facebook. After Riley sent nude photos of himself, the scammer demanded US$3,500 (RM16,387) to have them returned. Since her son’s death, Rodee, an elementary schoolteacher, has become an outspoken educator about sextortion.

She also has joined the ranks of parents and cybersecurity experts lobbying for better protections from the social media that the scammers use. “It is really hard to just live with knowing that these people who did this to Riley continue to get away with it,” Rodee said. “I just can’t understand, how can the tech companies not immediately stop them? Because they could.”

Sextortion tips for scammers

In a coworking space in New Haven, Connecticut, Paul Raffile, a cyberintelligence analyst, put up shades to mask his work computer screen – it was filled with the social media profiles of sextorters sharing their spoils on TikTok. Last year, Raffile was introduced to sextortion when a friend contacted him for help with a humiliating problem.

Paul Raffile, Senior Intelligence Analyst at Network Contageon Research Institute, at his office in New Have, Connecticut. Raffile was stunned to find out how brazen sextortion scammers were in sharing techniques among themselves. — The New York TimesPaul Raffile, Senior Intelligence Analyst at Network Contageon Research Institute, at his office in New Have, Connecticut. Raffile was stunned to find out how brazen sextortion scammers were in sharing techniques among themselves. — The New York Times

He was stunned by how open the scammers were about their exploits, bragging about their marks (whom they refer to as “clients”) and comparing best practices on public message boards and social media accounts. Since then, Raffile has made it the focus of his work at the Network Contagion Research Institute, an independent organisation that identifies and forecasts online threats.

“It was extremely shocking, the number of people – especially young people – being targeted by the scam on a daily basis,” he said. “It was insane to see just how cavalier they were being, and how public and open they were about sextorting victims.”

He learned how they typically work. First, a scammer located in, say, the Ivory Coast, will create an attractive female avatar. To find targets, he may trawl a high school football team’s social media account and “friend” all the players; those who accept the friend request are sent flirtatious messages. Once the person has obtained a photo – one that shows both genitals and face, for more leverage – the scammer will use that list of people as well as the victim’s online friend list as a weapon, threatening to send the compromising picture to teammates, coaches and teachers.

On his screen, Raffile pulled up what amounts to a school for sextorters: online marketplaces on TikTok, YouTube and Scribd, a popular repository of documents, where you can browse through libraries of extortion scripts, known in the trade as “formats”. These are step-by-step guides on how to blackmail, or in the shorthand of the scammers, “BM”. The scripts, some of which are for sale on the site, include things like the best words and phrases to seduce a victim into handing over a picture, and even instructions on how to instill the right amount of panic.

The method has become so common that when a different New Jersey man was duped into sending a scammer nude photos, the man immediately raced to a drugstore to follow the scammer’s directions: load US$1,000 (RM4,682) onto as many gift cards as necessary and send the redemption codes. At the register, the store manager took one look at the gift cards and tried to stop him, the man said; the manager had seen this before.

The man, who asked not to be named, said he was too afraid to heed the advice. He sent the money anyway.

‘Your world is not over.’

Financial sextortion emerged on law enforcement radar about five years ago, according to Mike Prado, the deputy assistant director of the Homeland Security Investigations Cyber Crimes Center. Known as C3, the center is a hub based in Fairfax, Virginia, about 30 minutes west of Washington. In a hulking office building with hallway wallpaper meant to evoke binary code, forensic analysts sift through the digital footprints of online criminals, including sextorters.

From 2022 to 2023, about 2,300 sextortion cases came into C3, Prado said; since October 2023, there have been 8,000. But even that notable jump is most likely an undercount, he said, because of the shame many victims feel. As an example of the potential scope: Last year, the parent company of Snapchat conducted a survey of over 1,000 teenagers and young adults that found nearly half had been recently approached sexually across different social media by strangers. Nearly half of those who shared explicit pictures were met with sextortion attempts.

Mike Prado, Deputy Assistant Director of the Homeland Security Investigations Cyber Crimes Center, in his office in Fairfax, Va., on Dec. 7, 2023. Prado works in a Homeland Security unit where analysts look through the digital footprints of sextorters. — The New York TimesMike Prado, Deputy Assistant Director of the Homeland Security Investigations Cyber Crimes Center, in his office in Fairfax, Va., on Dec. 7, 2023. Prado works in a Homeland Security unit where analysts look through the digital footprints of sextorters. — The New York Times

“The consequences of this could not be more serious,” Prado said. “It is inordinately affecting children, and young boys in particular.”

US law enforcement has gone after scammers abroad successfully a few times: After a Michigan teenager named Jordan DeMay shot himself following the scam in 2022, two Nigerian brothers, Samuel Ogoshi, 22, and Samson Ogoshi, 20, were arrested in Lagos last past summer following an FBI investigation and extradited to Michigan.

In April both pleaded guilty to conspiring to exploit teenage boys – there were hundreds of other victims, according to the FBI – which entails a mandatory minimum sentence of 15 years in prison.

But in most instances, Homeland Security’s investigation begins and ends in the centre in Fairfax. While there have been some arrests made abroad, the United States has no formal extradition agreement with many of the countries where the scammers are. The Ivory Coast, which analysts at the Cyber Crime Center have located as the primary location of financial sextortion cases, has no such agreement.

“It absolutely is a source of frustration, which is why we have switched tactics to a certain degree, and are really focusing on the prevention and education piece,” Prado said. For victims, he said, “It is important to note your world is not over.”

A push for digital guardrails

Rodee is haunted by the fact that her son, Riley, didn’t realise he had options once he hit send. Part of her work now, she said, is changing the long-standing messaging to children that the Internet is forever, an approach that advocates and law enforcement have also begun to take.

But she and others lay most of the blame on social media companies that she says are not doing enough to block the scam accounts. Rodee has become a regular at the US Capitol, lobbying Congress to pass laws that would require tech companies to install stronger digital guardrails for minors, among other reforms. This week, President Joe Biden signed into law the REPORT Act, which requires social media platforms to report crimes involving enticement of children, which they are not currently required to do.

“Even though I’m sick and sad, I can’t stop trying or give up,” Rodee said.

In early April, Meta, which owns Instagram and Facebook, announced it would be testing an optional security feature to both block unwanted nude images and remind senders to think twice before sharing their own. It is developing new tech to identify potential sextortion accounts, among other measures.

“This is a highly adversarial space,” Antigone Davis, the global head of safety for Meta, said in a statement. “Determined scammers and criminals evolve their tactics to try and evade our protections.”

Others want to hold tech accountable not for future incidents but for past negligence: Brandon Guffey’s teenage son, Gavin, killed himself in 2022 after falling prey to a sextortion scam. In January, Guffey, a South Carolina state representative, sued Meta for what he claims is the tech company’s failure to provide adequate child protections.

“You are allowing someone from outside this country to contact minors, and they exchange child pornography through their channels, and yet they try to claim that it is not their problem,” Guffey said in an interview. “They put profit over people, and sad to say, one of those people was my son,” he said.

The cybersecurity researcher, Raffile, agreed with the assessment that tech companies have much more to do to address a problem of which they are fully aware, despite recent moves to cooperate with law enforcement and roll out new safety features.

On Reddit, victims on one sextortion forum share encouragement and empathy with distraught newcomers. There is hard-won advice from Reddit commenters – don’t pay; the pictures won’t actually ruin your life – and links to resources like the National Center for Missing and Exploited Children, a nonprofit clearinghouse for crimes involving children, where the crime can be reported, and which offers methods for getting pictures exposed online removed.

This is the tack the Department of Homeland Security is taking. In April it announced a nationwide rollout of awareness campaigns that will include signs at Major League Baseball games and NASCAR rallies, as well as partnerships with groups like the Boy Scouts of America. Special agents will visits schools to inform teenagers of the crime and how to avoid falling victim.

On a recent afternoon, at one such presentation in the auditorium of Preston High, a Catholic girls’ school in New York City, several hundred students sat before a special agent with Homeland Security Investigations in New York, half-listening as he told them about the perils of sextortion.

As he spoke, at least a third of the students appeared to drift off. – The New York Times

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Sextortion , scam

   

Next In Tech News

Judge aims to rule on Elon Musk's $56 billion Tesla pay by year end
Juniper beats quarterly estimates on networking gear demand
Intel rises on recovery hopes as it forecasts revenue above estimates
BlackRock becomes latest, largest firm to seek approval for ETF share class
Pastors and secret codes: US election officials wage low-tech battle against AI robocalls
OpenAI adds new search function to ChatGPT
US court questions legal basis for net neutrality reinstatement
EU Commission says French gambling provider did not receive unfair state aid
UK finance firms told to beef up buffers against CrowdStrike-like events
Google brings AI answers to map applications

Others Also Read