IT News

If you sometimes feel that the internet isn’t the same vibrant place it used to be, you’re not alone. New research suggests that most of the traffic traversing the network isn’t human at all.

Bots (software programs that interact with web sites) have been ubiquitous for years. But in its 2025 Bad Bot Report, application security company Imperva claimed this is the first time traffic from bots became more prevalent than human traffic.

The rise in bots is down to generative artificial intelligence (AI), Imperva said. This is the same technology that now flirts with people online for you and automatically writes heartfelt consolatory emails on behalf of heartless administrators. This tech has made it easier to create bots that do your bidding online. While some of those bots are benign, not all have your best interests at heart.

The rise of bad bots

Traffic from “bad bots”_—those created with malicious intent—first surpassed good bot traffic in 2016, Imperva’s research said, and it’s been getting worse. Bad bots comprised 37% of internet traffic in 2024, up from 32% the year prior. Good bots accounted for just 14% of the internet’s traffic.

Bad bots do all kinds of unpleasant things. An increasing number try to hijack peoples’ online accounts, which they often do by “credential stuffing.” This is where a bot takes a password and email address that has been stolen and leaked online, and then tries those credentials across a myriad of services in the hope that its owner will have reused the password elsewhere.

These account takeover attacks have skyrocketed lately. December 2024 saw around 330,000 such incidents, up from around 190,000 in December 2023. That could be down to a flood of data breaches that flooded the market with more stolen credentials to try, Imperva said.

Other attacks include scraping data from websites, which is a problem for businesses that don’t want their intellectual property stolen, and also for the individuals who own that data.

Cyber criminals use bots to commit payment fraud by exploiting vulnerabilities in checkout systems. There’s also a thriving business in scalping bots that buy everything from event tickets to new sneakers for high-value resale, denying legitimate customers the opportunity to buy these items for themselves.

The report also found bots targeting specific sectors. The travel industry accounted for 27% of bad bot traffic (the highest by industry) in 2024, up from 21% in 2023. These bots pull tricks such as pretending to book airline seats online and abandoning the purchase at the last minute, which skews seat pricing.

Retail was the second hardest-hit industry in 2024, accounting for 15% of bot traffic, followed by education at 11%.

Stealthy bots stay hidden

Bots are also getting better at evading detection. Faking a browser identity (effectively wearing a digital mask that makes them look like Chrome or Firefox) has been a common tactic for years, but now bots are also using other techniques. These include using IP addresses owned by residential users, which are difficult for web site administrators to spot. Bots are also using virtual private networks to cloak their origin.

AI-enabled bots are also getting far better at cracking CAPTCHAs—the tests that help you to pass as a human when accessing a web site. And malicious software developers are now coding bots that learn about the environment they’re up against and change how they approach it to fly under the radar.

Another change is in the method that these bots use to communicate with their targets. Traditionally, bots would often browse a web page directly, interacting with it in the same way that a human would. That’s changing as newer bots communicate directly with the servers running the web application behind the scenes in their own language. They do this using application programming interfaces (APIs), which are communication channels that programs can use to retrieve information from a web application.

As the bots get smarter and more ubiquitous, what can you do? Sadly, fighting bad bots is largely the job of the companies operating the web applications that serve you and use your data. However, there are a couple of things you can do as an individual to protect yourself and the community at large.

• Don’t reuse passwords. Use a different password for every service you use to stop the credential stuffing bots, and make those passwords complex to avoid brute-force attacks. Use a trusted password manager to keep those passwords safe and easily accessible.
• Protect your PC. Install anti-malware software and follow basic cyber hygiene measures. This will help to prevent attackers from compromising your machine and using it for their own online purposes.
• Don’t become a proxy. Attackers might be able to use your IP address as a proxy for their bots if you don’t protect it. Avoid using untrusted VPNs from suspicious sources, as these have been known to sell your IP address on for others to use. Similarly, take a minute to update the hardware on your home router, or ensure that your telecommunications provider does it if the router came from them. Attackers will often compromise vulnerable routers and use them for bot attacks.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

In a new version of the old “Hello pervert”  emails, scammers are relying on classic email spoofing techniques to try and convince victims that they have lost control of their email account and computer systems.

Email spoofing basically comes down to sending emails with a false sender address, a method in use in various ways by scammers. Obviously, pretending to be someone else can have its advantages, especially if that someone else holds a position of power or trust with regards to the receiver.

But sending a message to the victim’s from their own email address might convince the victim that they have lost access over their own account.

The text of the email roughly looks like this:

“As you may have noticed, I sent you an email from your email account

This means I have full access to your account

I’ve been watching you for a few months

The thing is, you got infected with a njrat through an adult site you visited

If you don’t know about this, let me explain

The njrat gives me full access and control over your device.

This means I can see everything on your screen, turn on the camera and microphone, but you don’t know it

I also have access to all your contacts and all your correspondence.

On the left half of the screen, I made a video showing how you satisfied yourself, on the right half you see the video you watched.

With a click of a mouse I can send this video to all your emails and contacts on social networks

I can also see access to all your communications and messaging programs that you use.

If you want to avoid this,

Transfer the amount of 1200 USD to my bitcoin address (“write buy bitcoin or find for bitcoin exchange if you don’t know”)

My Bitcoin address (BTC wallet): 1FJg6nuRLLv4iQLNFPTpGwZfKjHJQnmwFs

After payment is received, I will delete the video and you will not hear from me again

I’m giving you 48 hours to pay

Do not forget that I will see you when you open the message, the counter will start

If I see you’ve shared this message with someone else, the video will be posted immediately”

If the victim decides to search for “njrat” they’ll find that it’s a remote access trojan (RAT) has capabilities to log keystrokes, access the victim’s camera, steal credentials stored in browsers, upload/download files, view the victim’s desktop, and more.

Scary stuff, and it supports the claims the scammer makes.

But, as with all sextortion scams, this threat is an entirely empty one. There is more than likely no lurid video, no “njrat,” no list of contacts. Instead, there is just a threat which is meant to drive panic which is meant to drive payment.

When we checked, we were happy to see that the scammers’ Bitcoin wallet is empty, although they could have set up a separate one for each victim.

How to recognize sextortion emails

Once you know what’s going on it’s easy to recognize these emails. Remember that not all of the below characteristics have to be included in these emails, but all of them are red flags in their own right.

• The emails often look as if they came from one of your own email addresses.
• The scammer accuses you of inappropriate behavior and claims to have footage of that behavior.
• In the email, the scammer claims to have used “Pegasus” or some Trojan to spy on you through your own computer.
• The scammer says they know “your password” or compromised your account.
• You are urged to pay up quickly or the so-called footage will be spread to all your contacts. Often you’re only allowed one day to pay.
• The actual message often arrives as an image or a pdf attachment. Scammers do this to bypass phishing filters.

What to do when you receive an email like this

First of all, even if it’s only to reassure yourself, scan your computer with an anti-malware solution that can detect and remove njRAT (if present).

Second, if your computer is clean, check if your email account has not been compromised. Change the password and enable 2FA if possible.

Don’t respond to the scammer, since that will confirm that the email address is in use and the mail is read. This could invoke more emails from scammers.

Don’t let yourself get rushed into action or decisions. Scammers rely on the fact that you will not take the time to think this through and subsequently make mistakes.

Do not open unsolicited attachments. Especially when the sender address is suspicious or even your own.

For your ease of mind, turn off your webcam or buy a webcam cover so you can cover it when you’re not using the webcam.

A type of crypto scam that we reported about in 2024 has ported over to a new platform and changed tactics—a bit.

Where the old scams mostly reached me on WhatsApp, the same group of scammers is now using Direct Messages on X. However, the same old trick of “accidentally” sending you login details to a supposedly well-funded financial account is still being used by at least one cybercriminal gang.

“Sean, your financial management account has been opened. {account details}. Please keep your accoount password safe and do not share it with anyone.”

What’s interesting is that this tactic, which we reported on previously, is coming from a different group than the one included in previous coverage from last year. That earlier gang has now changed their messaging, including references to “follow” a person through cyberspace.

“Follow me to unlock a lucky prize! Click the link below to claim $500!

No conditions, just follow me! “

In this version, the scammers will also send you the login details for a fake crypto exchange with access to a healthy wallet.

The idea is to give the targets of the scam the impression that they can move that wealth to a wallet of their own. After all, they have the login details for this account. But many others might have those too, since the message was sent to 148 other people. So, you’ll have to hurry and not overthink things too much, right?

Wrong! At some point you’ll find out that you will have to buy a VIP account to transfer the funds to your own account. And that’s what this scam is all about.

Don’t fall for scammers

• Any unsolicited Direct Messages from an unknown person are suspect. No matter how harmless or friendly it may seem. Remember, most pig butchering scams start with what seems a misdirected message.
• Don’t follow links that reach you in any unexpected way, and certainly not from an untrusted source.
• If it’s too good to be true, then it probably is.
• Scammers bank on the fact that the more time and money you have invested, the more determined you will become to get to the desired end result.
• Use a web filtering app to shield you from known malicious websites, such as Malwarebytes Premium or Malwarebytes Browser Guard.

In light of these campaigns, Malwarebytes products block these domains:

oxlop[.]com

bjscx[].com

bjtlm[.]com

bmstw[.]com

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

The Hertz Corporation, on behalf of Hertz, Dollar, and Thrifty brands, is sending breach notifications to customers who may have had their name, contact information, driver’s license, and—in rare cases—Social Security Number exposed in a data breach.

The car rental giant’s data was stolen in a ransomware attack leveraging a vulnerability in Cleo file sharing products.

In 2023, the CL0P ransomware gang broke the scalability barrier and shook the security world with a series of short, automated campaigns, hitting hundreds of unsuspecting targets simultaneously with attacks based on zero-day exploits in file sharing software like MOVEit Transfer and GoAnywhere MFT.

In 2024, CL0P repeated this method using a zero-day exploit against Cleo, a business-to-business (B2B) tech platform provider that specializes in managed file transfer (MFT) solutions, like Cleo Harmony, VLTrader, and LexiCom.

Hertz acknowledged that it was one of the victims:

“On February 10, 2025, we confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zeroday vulnerabilities within Cleo’s platform in October 2024 and December 2024.”

We were already aware of the fact, since CL0P posted about it on their leak site.

This leak site is also where the stolen data is available for download. Malwarebytes Labs was unable to figure out how many people were affected, but the number of available archives for download is in the tenfolds.

After a full data analysis, Hertz is sending notifications to affected customers. The type of stolen data varies per customer, but could include:

• Name
• Contact information
• Driver’s license
• Social Security Number (in rare cases according to Hertz)

“A very small number of individuals may have had their Social Security or other government identification numbers, passport information, Medicare or Medicaid ID (associated with workers’ compensation claims), or injury-related information associated with vehicle accident claims impacted by the event.”

While Hertz says it’s not aware of any misuse of stolen personal information for fraudulent purposes, it offers affected customers two years of identity monitoring services by Kroll for free.

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

• Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
• Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
• Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
• Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
• Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
• Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
• Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check your digital footprint

Malwarebytes has a free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.

European Facebook users have so far avoided having their public posts used to train parent company Meta’s AI model. That’s about to change, the company has warned. In a blog post today, it said that EU residents’ data was fair game and it would be slurping up public posts for training soon.

Facebook, which launched its AI service for EU users last month, said that it needs that user data to make its AI service more relevant to Europeans.

“That means everything from dialects and colloquialisms, to hyper-local knowledge and the distinct ways different countries use humor and sarcasm on our products,” the company said. It continued:

“This is particularly important as AI models become more advanced with multi-modal functionality, which spans text, voice, video, and imagery.”

Meta originally planned to start training its AI on user posts in the EU in June last year, but it pressed pause after pushback from the Irish Data Protection Commission (DPC) and the UK’s Information Commissioner’s Office (ICO). This came after European privacy advocacy group NOYB (which informally stands for “none of your business”) complained about the move to several regulators in the region.

Meta had claimed that the data collection was in its legitimate interest, stating that it would allow users to opt out of the AI training. NOYB responded that the company should ask users before using their data to train its AI models (which would make it an opt-in arrangement).

The EU handballs the issue back to national regulators

The DPC’s delay was apparently just a speed bump. The Irish DPC asked the European Data Protection Board (EDPB) to mull the issue further, specifically asking several questions. When can an AI model be considered anonymous, it asked? And how can a company demonstrate legitimate interest when collecting data to develop and deploy such a model?

On December 17 of last year, the Board issued a ruling, Opinion 28/2024, that answered those questions by passing them back to regulators. They would have to look at anonymity on a per-case basis, the ruling said. It advised them to consider whether it would be possible to extract personal information from the model, and to look at what the company did during development to prevent personal data from being used in the training or to make it less identifiable.

To determine whether an interest is legitimate, a regulator should decide whether the company’s interest is lawful and with real-world application, rather than just being speculative. Developing an AI model would likely pass that test, it added. Then, they should evaluate whether the data collected is necessary to fulfill it, and then see whether that collection overrides the users’ fundamental rights.

Finally, the DPC asked the Board what the effect on an AI model’s operation would be if a company was found to have used personal data unlawfully to train it. The Board once again handed that to the regulators on a per-case basis.

Onward and downward

Meta felt that this opinion was enough.

“We welcome the opinion provided by the EDPB in December, which affirmed that our original approach met our legal obligations,” the company said in the blog post about the forthcoming reintroduction of AI training. “Since then, we have engaged constructively with the IDPC and look forward to continuing to bring the full benefits of generative AI to people in Europe.”

The social media giant appears to have dodged NOYB’s opt-out vs opt-in question. It said that notifications about the AI training—which will arrive via email or via the platform—will include a link to an objection form.

“We have made this objection form easy to find, read, and use, and we’ll honor all objection forms we have already received, as well as newly submitted ones,” Meta said. In short, it’s still an opt-out arrangement.

But objection forms were a concern for NOYB in its original complaint.

“Meta makes it extremely complicated to object, even requiring personal reasons,” NOYB warned last June. “A technical analysis of the opt-out links even showed that Meta requires a login to view an otherwise public page. In total, Meta requires some 400 million European users to ‘object’, instead of asking for their consent.”

It remains to be seen whether the objection forms will be different this time around. Perhaps the real worry here is that we’re about to get an EU AI model trained on traditional Facebook fodder: food pictures, obvious political opinions, an endless stream of vacuous fortune-cookie life lessons, and your cousins’ ongoing feud over what Julie said about Brian’s egg salad at the family barbecue last March.

We don’t just report on threats – we help protect your social media

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.

In a new update for the guide concerning CVE-2025-21204 Microsoft told users they need the new inetpub folder for protection.

As part of April’s patch Tuesday updates, Microsoft released a patch to a link following flaw in the Windows Update Stack. Applying the patch creates a new %systemdrive%inetpub folder on the device.

Users who noticed the new folder asked questions because they were concerned about its origin and purpose. Since the empty folder is generally associated with an Internet Information Services (IIS) feature that most users will not be running, this called for an explanation.

Internet Information Services (IIS) is a web server platform created by Microsoft to host websites, web applications, and services on Windows systems. The platform is not installed by default but can be enabled through the Windows Features dialog.

Microsoft states in the update:

“This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device. This behavior is part of changes that increase protection and does not require any action from IT admins and end users.”

CVE-2025-21204, when successfully exploited, allows an authorized attacker to elevate privileges locally.

Per Microsoft:

“An authenticated attacker who successfully exploits this vulnerability gains the ability to perform and/or manipulate file management operations on the victim machine in the context of the NT AUTHORITYSYSTEM account.”

The “link following flaw” means that the product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

As a resolution, denying access to a file can prevent an attacker from replacing that file with a link to a malicious file. Denying access can be done by assigning file/folder permissions. When you set permissions while creating a folder, you specify what users are allowed to do within that folder, such as limiting their ability to “Read-only” which means it allows the user to open and read files within the folder, but not add or edit existing files in the folder.

Short answer: the inetpub folder is there to protect you from an attacker exploiting a vulnerability, and it’s hardly taking up any space, so best leave it alone.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Horn tooting time: We’re excited to say we’ve earned a coveted spot in PCMag’s “Best Antivirus Software for 2025” list, and been recognized as the “Best Malware Removal Service 2025” by CNET.   

PCMag’s rigorous evaluation process takes into account a range of factors, including real-world, hands-on testing, independent lab tests, and decades of experience in the field. 

Malwarebytes Premium proved highly effective in malware protection and defending against malicious and fraudulent web pages.  

PCMag recognized Malwarebytes Premium for its speed and effectiveness, stating:

“Anyone who’s used Malwarebytes Free to remedy another antivirus tool’s slip-up will appreciate the full-powered Malwarebytes Premium. Even if you never needed that kind of rescue, this app’s speedy scan and excellent hands-on test results are a big draw.”  

Reprinted with permission. (c) 2025 Ziff Davis, LLC. All Rights Reserved. 

PCMag awarded Malwarebytes: 

• 2025 Best Antivirus 

• 2025 Best Malware Removal 

• 2025 Best Protection Software 

In our second recent award, CNET awarded Malwarebytes “Best Malware Removal Service 2025” after researching and testing antivirus software on setup, features, look and feel, and performance.  

CNET highlighted several standout features, including: 

• Top-tier malware removal   

• Comprehensive Browser Guard web protection   

• An easy-to-use, customizable interface 

We are super grateful to receive these awards and thank the teams of experts at PCMag and CNET for their thorough testing and valuable insights. 

Download Malwarebytes Premium today to get the “best” protection.

Last week on Malwarebytes Labs:

• The Pall Mall Pact and why it matters
• Child predators are lurking on dating apps, warns report
• Your 23andMe genetic data could be bought by China, senator warns
• WhatsApp for Windows vulnerable to attacks. Update now!
• Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home
• 72% of people are worried their data is being misused by the government, and that’s not all…
• Tax deadline threat: QuickBooks phishing scam exploits Google Ads
• Google AI taken for a ride by April Fools’ Day joke
• Google fixes two actively exploited zero-day vulnerabilities in Android
• Is your phone listening to you? (Lock and Code S06E07)
• Toll fee scams are back and heading your way

Last week on ThreatDown:

• April 2025 Patch Tuesday includes one zero-day
• One in five Fortune 500 companies had leaked credentials in the past 30 days

Stay safe!

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

The US State Department reportedly plans to sign an international agreement designed to govern the use of commercial spyware known as the Pall Mall Pact.

The Pall Mall Pact, formally known as the Pall Mall Process, was initiated by France and the United Kingdom in February 2024. The goal of the Pall Mall Pact is to regulate Commercial Cyber Intrusion Capabilities (CCICs), or what we usually refer to as spyware and surveillance tools.

Signed by France, the UK, Japan, and 18 other EU member states, the Code of Practice is a voluntary non-binding agreement establishing “best practices” among governments in relation to the development, facilitation, purchase, transfer, and use of commercial cyber intrusion tools and services.

Primarily, it aims to tackle the misuse of powerful cybertools sold on the open market. These tools, often developed by private companies like the NSO Group and Paragon Solutions, have been exploited by state and non-state actors to surveil journalists, human rights defenders, activists, and even government officials. The misuse of spyware has raised concerns about its impact on democracy, human rights, and national security.

By promoting international collaboration among governments, combined with industry players like Google and Microsoft, civil society organizations, and academics, the pact represents a collective effort to regulate an industry that has operated almost without reins.

The ongoing proliferation of spyware poses existential risks to privacy and civil liberties. Commercial hacking tools have enabled intrusive surveillance practices that undermine fundamental freedom and human rights. For example, spyware can infiltrate smartphones and computers, granting unauthorized access to sensitive data such as messages, emails, and location information.

Initially, countries like the United States opted not to sign the Pall Mall Pact but to pursue similar initiatives independently. However, this fragmentation could dilute global efforts to regulate spyware effectively. Not ideal, since its voluntary nature already raises questions about its effectiveness.

While not legally binding, the Code offers building blocks for the future and builds momentum for further development. It also offers the participating states a framework for further discussion and national implementation into laws.

In an increasingly digital world, privacy is a growing concern. As our recent research showed, a majority of people feel isolated in securing their sensitive information from companies, governments, AI models, and scammers.

Privacy is more than a personal concern. It’s a cornerstone of democracy and human rights. The Pall Mall Pact offers a roadmap for protecting these values against the misuse of powerful surveillance technologies. No one should be subject to arbitrary or unlawful interference with their privacy, as set out in the International Covenant on Civil and Political Rights and other applicable international and regional treaties.

We don’t just report on privacy—we offer you the option to use it.

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

Using a dating app? Beware of your potential partner’s motives. A report from Edinburgh University warns that child abusers are using these apps to find single parents with vulnerable children.

The Searchlight 2025 report, from the University’s Childlight Global Child Safety Institute, analyses the tools and techniques that child abusers use to reach their prey. It found that more than one in five (22%) of male abusers use dating apps daily, compared to 8.1% of other men.

With this in mind, the report suggests increasing safeguards such as ID verification on dating apps, along with developing tools such as automated recognition of grooming language and more reporting of suspicious behavior by the app companies.

A network of child abusers

While child abuse is often purely for the abuser’s own gratification, the Institute also documented how abusers frequently profit from their crimes by producing child sexual abuse material (CSAM).

“They groom single parents via dating apps to access their children. They target displaced children in conflict zones like Ukraine. And they trade images using sophisticated payment methods, including cryptocurrencies, to evade detection,” warned Paul Stanfield, CEO of Childlight, in the report.

Alongside the use of dating apps, the report also points to the growing humanitarian crisis around the world as an opportunity for abusers. As millions of children are displaced, it cites growing searches for content involving displaced women and children, along with increased trafficker activity targeting displaced victims in Ukraine and Turkey, which hosts Syrian refugees.

The path to illicit profit

One way that abusers profit is by sharing images and video of the abuse. Networks for the exchange and sale of these materials are rife, and abusers have taken to producing specific CSAM content on demand to fit a buyer’s requirements. Files of this type can fetch up to $1,200, the report found. Abusers will also often livestream their abuse sessions for money.

Some organizations that create CSAM are often relatively small, with individuals in single figures, according to the report. They operate on a traditional corporate model, dividing responsibilities between specific people. Individuals will specialize in recruitment, control of the children, finding locations for the abuse, marketing the material, and financial management.

Children producing CSAM

Children themselves are now becoming more involved in the provision of CSAM. In some cases, they will gather images and video of their peers for sale, the report said. In others, children are recruited to provide images of themselves – sometimes willingly for money, and sometimes via sextortion.

Late last month the UK’s National Crime Agency warned about a surge in online networks of mostly teenaged boys that are procuring and sharing CSAM. Reports of these networks, often known collectively as the Com, increased sixfold between 2022 and 2024, the NCA said. They often groom their peers online and then extort them after persuading them to send compromising images of themselves.

While the Com’s members will sell such material, the abuses are also often for their own gratification. Members have been arrested for encouraging victims to commit suicide.

Teenaged boys themselves can also be victims of sextortion, alongside girls. The NCA launched an awareness campaign last month for boys between 15 and 17, whom it says are frequently targeted. It warned that sextortion is often perpetrated by gangs in West Africa or South East Asia, and are purely money-motivated.

The NCA’s CEOP Safety Centre received 380 reports of sextortion in 2024, while the the US National Centre for Missing & Exploited Children (NCMEC) has documented 28,000 global cases per year.

What can you do?

Parents can take action to help protect their children.

Vet potential dates. While the majority of online dating app users are legitimate, it pays to be extra vigilant when forming a relationship – especially when introducing new romantic partners to your family.

Talk to your children. You might think your children understand sextortion, but they might not. The NCA found that 74% of boys did not fully understand what sextortion was, and didn’t see requests for nude images as a warning sign. Educating both girls and boys on the risks is crucial. That in turn takes a relationship built on trust. Explain that if they are in trouble they can tell you anything and they are not to blame.

Get help. The NCA operates a site offering more resources and education for parents, children, and professionals.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.