The FBI is warning of a particular aspect of sextortion scams: Supposed organisations that offer "help" to remove stolen images, often at a significant financial cost (and no guarantee of success).
Sextortion, the act of blackmailing individuals for cash in return for not leaking sensitive imagery and videos, has been a problem for many years. Sometimes it's done by criminals, other times it's by people known to the target. The imagery may be stolen from online cloud storage, leaked from a server, or obtained by compromising a PC with malware. The end result is the same: blackmail, and the threat of sending the images to friends and family, or just dumping them online.
A sub-industry of sorts has grown up around the sextortion marketplace. Companies which can supposedly help you remove sextortion content or shut down blackmailers, offer to help those in need of assistance. These organisations may be contacted by the victims directly (for example, via adverts or search engine results) or they may make contact by another method.
The FBI believes at least some of these entities may be involved in sextortion attacks themselves. However you stack it up, these supposed businesses have no real way to get material taken offline and kept offline. Unless the people holding on to the stolen content are somehow chased offline forever, there's nothing stopping them from putting it back or reconnecting with their target.
This is somewhat similar to those mugshot sites, which scrape mugshots and place them online along with the details of the person in the photograph. They offer to take them down, for a price, but more often than not once the victim pays up the images reappear on a related site and they're back to square one.
As the FBI notes, law enforcement assistance is free (and there's slightly more chance of the people responsible getting into trouble for their actions). Here's some examples provided by the FBI with regard to what bogus assistance looks like in practice, and how the “assistance” can make things worse:
Here at Malwarebytes, we've seen numerous examples of sextortion help advertised online which may (or more likely, may not) be of use to the person being targeted. Back in 2019 we spotted an ad making some bold claims about "keeping explicit images off the internet". Sure, it might be legitimate, or it could just as easily be designed to suck someone in still further from a problem they can no longer escape. There's never any real way to know for sure, and this is a primary reason why your first port of call should be law enforcement.
The FBI has some recommendations when dealing with sextortion scams where anything assistance related is concerned. Supposed business entities may lean into your sense of fear, shame, and desperation to get the problem "solved". In other words, they'll act in a manner very similar to those performing the extortion in the first place. Signs to watch out for:
We have many tips for all aspects of romance and sextortion attempts, and here's some of the main things you can do to help yourself avoid sextortion fraud:
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.