The FBI issued a cybersecurity public service announcement concerning the growing use of digitally manipulated images (known colloquially as ‘deepfakes’) in sextortion scams.

“Sextortion, which may violate several federal criminal statutes, involves coercing victims into providing sexually explicit photos or videos of themselves, then threatening to share them publicly or with the victim’s family and friends. The key motivators for this are a desire for more illicit content, financial gain, or to bully and harass others. Malicious actors have used manipulated photos or videos with the purpose of extorting victims for ransom or to gain compliance for other demands (e.g., sending nude photos).

As of April 2023, the FBI has observed an uptick in sextortion victims reporting the use of fake images or videos created from content posted on their social media sites or web postings, provided to the malicious actor upon request, or captured during video chats. Based on recent victim reporting, the malicious actors typically demanded: 1. Payment (e.g., money, gift cards) with threats to share the images or videos with family members or social media friends if funds were not received; or 2. The victim send real sexually-themed images or videos.”

The FBI recommends the public consider the following when sharing content (e.g., photos and videos) or engaging with individuals online:

• Monitor children’s online activity and discuss risks associated with sharing personal content
• Use discretion when posting images, videos, and personal content online, particularly those that include children or their information.
  • Images, videos, or personal information posted online can be captured, manipulated, and distributed by malicious actors without your knowledge or consent.
  • Once content is shared on the internet, it can be extremely difficult, if not impossible, to remove once it is circulated or posted by other parties.
• Run frequent online searches of you and your children’s information (e.g., full name, address, phone number, etc.) to help identify the exposure and spread of personal information on the internet.
• Apply privacy settings on social media accounts—including setting profiles and your friends lists as private—to limit the public exposure of your photos, videos, and other personal information.
• Consider using reverse image search engines to locate any photos or videos that have circulated on the internet without your knowledge.
• Exercise caution when accepting friend requests, communicating, engaging in video conversations, or sending images to individuals you do not know personally. Be especially wary of individuals who immediately ask or pressure you to provide them. Those items could be screen-captured, recorded, manipulated, shared without your knowledge or consent, and used to exploit you or someone you know.
• Do not provide any unknown or unfamiliar individuals with money or other items of value. Complying with malicious actors does not guarantee your sensitive photos or content will not be shared.
• Use discretion when interacting with known individuals online who appear to be acting outside their normal pattern of behavior. Hacked social media accounts can easily be manipulated by malicious actors to gain trust from friends or contacts to further criminal schemes or activity.
• Secure social media and other online accounts using complex passwords or passphrases and multi-factor authentication.
• Research the privacy, data sharing, and data retention policies of social media platforms, apps, and websites before uploading and sharing images, videos, or other personal content.

The full public service announcement is available at https://www.ic3.gov/Media/Y2023/PSA230605

For more information about sextortion scams and to view real world examples of these email messages visit Sextortion Scam: What to Do If You Get the Latest Phishing Spam Demanding Bitcoin