Online blackmail and digital extortion work because they create urgency and shame. Attackers want you isolated, reacting quickly, and paying before you think. Your advantage is the opposite: slow the situation down, preserve evidence, secure the accounts that control your identity, and move reporting into official channels.
Safety note: if there is any threat of physical harm, child safety risk, or immediate self-harm risk, treat it as an emergency and involve local emergency services.
Start here: the 30-minute containment checklist
| Goal | Do this now | Why it matters |
|---|---|---|
| Stop escalation | Do not pay, do not send more material, and stop responding | Payment often increases targeting and does not guarantee deletion |
| Preserve evidence | Screenshot messages, usernames, profiles, payment requests, and URLs | Evidence enables takedowns, disputes, and reporting |
| Secure the control plane | Secure your primary email, phone recovery, and main social accounts | Attackers pivot into resets and impersonation when leverage weakens |
| Reduce reach | Lock down privacy settings and restrict who can message you | Extortion often spreads through DMs and contact lists |
| Report through official paths | Report on the platform and file an official complaint where appropriate | Creates a record and can speed removals |
If you suspect any account compromise, start with been hacked: take these steps immediately.
1) Identify what kind of extortion you are dealing with
Different extortion styles require different containment. Common patterns:
- Sextortion: threats to share intimate images or videos.
- Impersonation-based extortion: an attacker pretends to be you and threatens reputational harm.
- Data extortion: threats based on stolen files or screenshots.
- Fake leverage scams: the attacker claims to have material they do not have and uses fear to extract money.
Your first move is the same in all cases: preserve evidence, secure accounts, and stop feeding the attacker.
Common mistake: trying to "explain" or "reason" with the extortionist. The attacker is optimizing for money and control, not fairness.
2) Preserve evidence without making it worse
Evidence should be complete enough to prove identity and intent, without spreading the content further.
- Screenshot the conversation, profile, usernames, and payment requests.
- Record the platform, timestamps, and any email addresses or phone numbers used.
- If the attacker shares links, do not log into accounts through those links. Treat them as phishing.
Use how to identify scam emails as a verification model. Extortion messages often include fake "support" links or fake legal threats.
3) Secure accounts and recovery channels
Extortion frequently turns into account takeover when the attacker loses leverage. Secure the control plane first:
- Secure your primary inbox and remove suspicious forwarding rules and unknown recovery options.
- Change passwords to unique values stored in a password manager.
- Enable stronger sign-in and treat unexpected prompts as incident signals.
If the extortion started from a text message or messaging app, review how to avoid SMS text scams. Many extortion campaigns begin with a smishing pretext.
4) Reduce distribution leverage
Even when content is not yet public, attackers often threaten to message your contacts. Reduce that leverage:
- Restrict who can message you and who can see your friend or follower lists.
- Review public profile data and remove phone numbers, personal email addresses, and address clues.
- If private information is already exposed, parallelize cleanup with how to remove personal information from Google.
5) Report through official channels
Platform reports are necessary but not always sufficient. If the extortion is material, file an official report. The FBI and IC3 publish dedicated guidance for sextortion and online extortion reporting:
- IC3 public service announcement on sextortion: ic3.gov PSA 2024
- FBI sextortion resources: FBI sextortion
Reporting creates a timeline and can support removal requests and future disputes.
6) Know when this becomes an incident response problem
If the attacker claims they have access to your device, email, or cloud accounts, treat it as compromise until proven otherwise. That means malware checks, session revocation, and recovery hardening, not just blocking one username. The manipulation pattern is a form of social engineering and often comes bundled with phishing.
Extortion succeeds when you feel alone and rushed. It fails when you preserve evidence, control the reset channels, and move response into official systems that are slower than panic but faster than damage.
Over time, the biggest win is reducing leverage. Less exposed data, stronger authentication on control-plane accounts, and better verification habits make you a harder target to pressure.
Once you do those things, most extortion attempts degrade into noise: annoying, stressful, but not controlling.