Sextortion explained: How to keep yourself and your family safe

If this has happened to you or a loved one, it can be a distressing experience. And the proliferation of AI-powered “nudifier” tools is making attacks like this more likely.

Welcome to the world of sextortion. Take a deep breath, and read on to find out what it is, how it works, and what you should do next.

Key points of this article:

• Almost all sextortion emails are scams. In the vast majority of cases, the sender has no compromising footage of you.
• If the email includes a real password, it most likely came from a data breach, not because the scammer has hacked your computer.
• Never pay your extorter, reply to them, or click on links/open attachments.
• Take preventive measures like covering your webcam and using unique passwords.
• If a child or teenager is being targeted, contact law enforcement immediately.

Sextortion refers to any kind of digital extortion in which a criminal tries to force their victim into handing over money and/or explicit images. They will claim, falsely or otherwise, that they have indecent images or videos of you that they will share if their demands are not met.

Often these are empty threats - the scammer is effectively socially engineering you into believing what they say. But sometimes there is truth to their claims. They may have created realistic-looking images/videos of you by using AI. Or they may have genuinely elicited some revealing images after striking up a quasi-romantic relationship online.

This is a threat that dates back over a decade. But it is evolving all the time. Knowledge and caution are your best allies in the fight against sextortion. 

It’s difficult to quantify the true scale of the sextortion epidemic, because many victims are too ashamed to report their experience. And “official” stats may not cover all of the many variations of this digital crime. However, the FBI Internet Crime Complaint Center (IC3) Annual Internet Crime Report is a good place to start.

The most recent report, released in April 2025 and covering the prior year, claims Americans filed 54,936 extortion and sextortion complaints in 2024. That’s a 59% increase on the figures for 2023, with losses reaching $33.5 million (a 9% annual increase). The larger category of “extortion” was ranked second in terms of complaint volume in the US in 2024, with 86,415 victims identified. Among cryptocurrency-nexus (connected) crimes, extortion came first (47,054).

Separately, the US Treasury Department’s FinCEN (Financial Crimes Enforcement Network) claimed in September 2025 that financially motivated sextortion is increasing “dramatically,” with boys aged between 14 and 17 being particularly vulnerable.

Sextortion can mean different things. Understanding these variants will better equip you to respond:

Email-based scams

Arguably the oldest sextortion variant, this one begins with an unsolicited email from a threat actor claiming to have images/videos they took of you via your webcam. They’ll give you an ultimatum: pay up (usually in crypto) within 24/48 hours, or they’ll release the footage to allyour contacts. The key to this scam is the fact that they include a small detail (usually an email address and password, or perhaps a home address) that is valid, in order to trick you into believing their story. In fact, those data points will simply have been lifted from historic data breaches.

An alternate version of this quasi-phishing scam is one in which the fraudsters claim they were able to eavesdrop on you because they installed the infamous Pegasus spyware on your machine. In any case, they’re lying.

Another option is email sender spoofing – attackers pretend to send a victim an email from the victim’s own email address to falsely demonstrate that they’ve taken over the victim’s mailbox. However, the sender address is, in fact, spoofed to appear as the victim’s one.

AI deepfakes

The proliferation of generative AI (GenAI) has made it easy for malicious actors to produce realistic nude images or videos (deepfakes) of anyone they choose to target. All they need is some data to train the deepfake on, which is usually scraped from publicly accessible social media profiles. As far back as 2023, the FBI reported an uptick in these scams.

Sextortion targeting teens

If a teenager you know is being targeted, act immediately.

This is not a bluff. Report it to the FBI at tips.fbi.gov or call 1-800-CALL-FBI. Use the NCMEC's Take It Down tool to request removal of images. If the young person is in distress, consider contacting the 988 Suicide and Crisis Lifeline by calling or texting 988.

This is the most troubling type of sextortion. Threat actors strike up an online relationship with their victims (typically teens) via social media, gaming platforms or other channels. They persuade them to send explicit images, then blackmail them into sending more images/videos. At some point they will demand payment (via crypto, gift cards or other non-traceable means) or else they’ll release the material to the victim’s friends and family. It’s a crime that has sadly claimed many lives.

Malware delivery

A less common variant of these scams is one in which threat actors aren’t looking to blackmail you into paying. Instead, they’ll trick you into clicking on a link which triggers a malware download. They’ll do so by claiming to have webcam footage of you that you can view if you follow the link.   

It’s easy enough to dismiss what appears to be pretty obvious scams. But when you’re on the receiving end, things can feel very different. Psychologically, they work for several reasons:

• Fear reduces your capacity for rational thinking
• Urgency rushes you into making hasty (and ill-informed) decisions
• The real data points they cite are designed to trick you into believing their story
• Shame makes it less likely you’ll seek help, and more likely you’ll pay

The key to one of the most popular sextortion variants is its believability. And scammers achieve this by sharing a snippet of genuine information they know about you.

Although they claim to have this information because they hacked your machine, in reality it’s because they’ve bought or acquired the data online, from a historic breach or infostealer malware attack.

Personally identifiable information (PII) like this is widely available on the dark web. Alternatively, they may buy it legally from data brokers. Or they may simply scrape it from the public web, especially if you have open social media accounts.

If you’re the victim of a sextortion scam, take a deep breath and think through your next steps. Remember: the scammer is banking on you acting before you think. Follow these steps:

1. Don’t pay them, as this may trigger further demands.
2. Don’t reply at all, as this will also indicate that your email address is live and could lead to increased threat actor pressure/scrutiny.
3. Don’t click any links or open attachments as they could trigger malware downloads.
4. Check your email address/password if cited in the email. Use HaveIBeenPwned, it is a useful site to check whether your data has been included in a previous data breach.
5. Report the scam. In the US, you can do this by reaching out to the FBI or FTC. In the UK, report to the National Crime Agency. Or approach your local police force.
6. Block the sender and mark as spam to prevent recurring attacks.
7. Contact law enforcement if the threat actor genuinely has images they obtained from you.

I’ve already paid: What now?

Stop making any more payments. Save any messages and transactions between you and your extorter. Report these transactions to your bank/crypto exchange as fraudulent. File a report with your local police force or the agencies listed above.

For general users

• Use a unique password for every account stored in a password manager. This will help to insulate you from the kind of shock tactics used in typical email-based scams. You can instantly create strong, random passwords with the free ESET Password Generator.
• Cover your webcam when it is not in use. This will eliminate the risk of digital snooping.
• Audit your social media privacy settings. Lock down your accounts, so opportunistic extortionists can’t scrape your image to feed into GenAI/deepfake tools.
• Limit personal information on the public internet. Home addresses, phone numbers, and employer details on LinkedIn can all be used by scammers to add authenticity to their lies.
• Monitor your breach exposure. Set up a free alert at haveibeenpwned.com so you know when your email/passwords appear in a new breach. Tech platform providers like Apple and Google also notify when passwords have featured in historic breaches.

Monitor your breach exposure.
For example, you can use ESET Home Security Ultimate with Identity Protection service that detects the illegal selling of your personal information by providing continuous monitoring. With the ESET Identity Protection, you will receive notifications to your mobile phone, computer, or tablet right after your identity is at risk.  

For parents/caregivers

Genuine sextortion can have tragic repercussions. Consider the following:

• Keep the communication channels open. Talk to your teens about the threat, and why it’s never OK to send explicit photos to someone you’ve never met IRL.
• Explain that it’s never the victim’s fault. Scammers thrive off shame.
• Help them feel comfortable telling you anything, without fear of judgement.
• If your loved one has already been targeted: Block the sender, preserve all messages as evidence and report as above. Never reply to the extortionist.
• If the young person is in distress or you are concerned about their safety, contact the 988 Suicide and Crisis Lifeline by calling or texting 988.

Don’t Just Respond to Scams - Prevent Them                         

Most sextortion emails stem from phishing attempts, breached passwords, or malware-laced links. ESET HOME Security Premium helps stop threats before they reach you, with powerful Anti‑Phishing, Webcam Protection, and an advanced Ransomware Shield - supported by multiple additional layers of security designed to keep you safe across your digital life.

Learn how ESET HOME Security Premium keeps you protected.

Tips from ESET Expert

“Sextortion emails work because they instantly create a sense of urgency and panic, behavior which falls straight into the scammers’ hands. In the majority of cases, the criminal has no compromising images at all, and they are simply hoping fear will override logic. This is often made more convincing when they are able to share some personal details such as old, compromised passwords or a full name. Data such as this is usually scrapped from previous data breaches, but it can be very effective when used in this way. 

The worst thing you can do is engage, whether that be via conversation or by clicking anything in the message. Placing the email in the junk folder helps the algorithms know to  become aware of newer emails circling rather than blocking an email address since these criminals often recycle email addresses very quickly.”

-        Jake Moore, Global Security Advisor 

The Bottom Line

Sextortion is built on fear. Whether they’re bluffing or genuinely have compromising images/videos of you, your extorters are banking on you giving in and paying. Stand firm and call their bluff. Fear soon fades when you expose them for what they are, and seek help from friends, family, or law enforcement. Better still, minimize your online footprint, protect your accounts, and understand how these scams work. That will snuff out any opportunities digital extortionists have to target you in the future.

If you found this guide useful, the resources below may help.

Further Resources

• Report sextortion to the FBI: ic3.gov
• Check your email exposure in data breaches: haveibeenpwned.com
• Report in the UK: NCSC Suspicious Email Reporting Service at report@phishing.gov.uk
• Remove images of minors from platforms: NCMEC's Take It Down at takeitdown.ncmec.org
• FBI resources for parents on teen sextortion: fbi.gov/sextortion
• Crisis support: 988 Suicide and Crisis Lifeline, call or text 988

What is sextortion?

Sextortion is any kind of digital extortion in which a criminal tries to force their victim into handing over money and/or explicit images. They will claim, falsely or otherwise, that they have indecent images or video content that they will share if their demands are not met. Sometimes these images are real, sometimes they’ve been generated by AI, but usually they don’t exist.

Is sextortion dangerous?

For the standard email scam variant, the main danger is financial. The scammer is simply bluffing. But if you have shared images/videos online and are concerned that their claims may be legitimate, you should take action immediately.

What does a sextortion email look like?

They will typically feature your name and email address plus a real password to grab your attention (which they have obtained from a historic data breach). They will use threatening language and demand a tight deadline for payment (usually in cryptocurrency).

Should I pay the ransom?

Never. Paying might simply escalate the scammer’s demands.

What should I do if I have already paid the scammer?

Stop making further payments immediately. Save all messages and transaction records as evidence. Report the fraudulent transactions to your bank or crypto exchange and file a report with your local police or national cybercrime agency.

Do sextortion scammers actually follow through?

In the vast majority of cases, they won’t - because they never have the images they claim to be in possession of in the first place. But if they genuinely do, it’s imperative to seek help from law enforcement immediately.

What happens if I ignore a sextortion email?

In most cases, nothing happens. The scammer simply moves on. If you have shared compromising images or videos of yourself online, don’t engage with the extorter but do contact law enforcement.

Is sextortion illegal?

Yes, in every major jurisdiction. That’s why you should absolutely contact law enforcement if you suspect the extorter genuinely has images/videos of yourself.