Sextortion is coercion using actual or alleged intimate images, video, or sexual information: an offender threatens to publish or send it to contacts unless the victim pays, provides more material, or complies with another demand. Online cases may begin with grooming, a fake relationship, phishing, or account takeover; the content may be stolen, obtained through deception, or fabricated. Cases involving minors require especially careful safeguarding and legal handling.
For security teams, the key risks are compromise of private accounts and devices, exposure of contact lists or cloud-stored media, and rapid redistribution after an initial threat. Defenses include unique passwords, phishing-resistant multifactor authentication where available, updated devices, and limiting public profile and contact information; these reduce access but cannot guarantee prevention. When reported, preserve messages, URLs, payment details, and relevant logs without forwarding intimate material, avoid paying or negotiating, secure affected accounts, and use appropriate platform, law-enforcement, and safeguarding channels. Organizations should restrict access to victim data and document its handling to protect privacy.