Red flags for financially motivated sextortion
Financial institutions play a vital role in recognizing the transaction patterns associated with sextortion schemes. While many financial crimes share similar indicators, this typology has several distinctive hallmarks:
- Unusual payment memos or notes
Many P2P platforms allow users to include a description or memo with a transaction. Sextortion-related payments have included phrases like:
- "delete video"
- "release"
- "for blackmailing"
- "please, I don't want to die"
Perpetrators may also instruct victims to use misleading memo lines such as "for tutoring" or "gift," which can be an attempt to bypass detection. Transactions with emotionally charged, unusual, or vague descriptors warrant scrutiny, especially from teen-linked accounts.
- High-risk activity on teen accounts
Many platforms offer limited real-time parental controls even when teen accounts are sponsored by parents or guardians (as in Cash App or Venmo teen accounts). Watch for:
- Transactions outside of regular hours (late night or early morning)
- Multiple small transfers in quick succession
- New recipient accounts with no history of prior interaction
- Attempts to override parental settings or rapidly turn off alerts
- Gift card purchases followed by digital redemption
Teens often purchase gift cards in-store and send codes to perpetrators via messaging apps. This physical-to-digital payment conversion is a hallmark of many scams, but its prevalence among teens makes it a critical red flag. Unusual spikes in gift card purchases by minors, particularly gaming or retail cards like Steam, Apple, or Amazon, could signal sextortion.
- Rapid movement of funds internationally
Some sextortion proceeds are sent to international recipients, often via cryptocurrency or P2P transfers. Transactions originating in teen-linked accounts quickly converted to crypto or routed through Zelle or Cash App accounts linked to non-U.S. phone numbers or IP addresses may suggest laundering activity.
- Behavioral anomalies
Accounts exhibiting sudden changes in behavior, such as an uptick in transaction volume or new connections to flagged geographies, should be evaluated. Financial institutions should leverage behavioral analytics to detect anomalies in teen accounts or parent-sponsored accounts.
What financial institutions can do
As TCOs become increasingly sophisticated in targeting teens for financially motivated sextortion, community banks and credit unions are uniquely positioned to serve as first-line defenders. Detecting and reporting this activity does not heighten the risk of a perpetrator releasing the explicit content; doing so would eliminate their leverage and attract greater law enforcement attention. For offenders, especially those engaged in crimes involving minors, the added exposure to child sexual abuse material charges significantly raises the stakes, making discretion far more beneficial than retaliation.
Here's financial institutions can make a difference:
- Incorporate typology training
Financially motivated sextortion should be included as a specific typology in anti-money laundering/countering the financing of terrorism (AML/CFT) training programs. Front-line staff and compliance teams should understand how this scheme differs from traditional fraud.
- Enhance transaction monitoring
Update rulesets in your fraud detection and AML software to flag:
- Memo lines with high-risk keywords
- Gift card purchase patterns by underage users
- Repeated small-value transactions from teen-linked accounts
- Transactions to or from known high-risk geographies
Advanced tools like Abrigo Fraud Detection can help automate these detections using pattern recognition and behavioral analytics.
- Implement better parental controls
For institutions offering teen-linked accounts, ensure customers understand the controls available to limit P2P transfers or set spending thresholds. Partner with payment app providers to provide education on managing sponsored accounts and monitoring activity.
- File timely SARs
When indicators of sextortion are identified, file suspicious activity reports (SARs) promptly with FinCEN, including specific payment memos, recipient information, and behavioral details. Highlight the potential involvement of a minor to prioritize law enforcement response.
- Educate customers and communities
Banks and credit unions are trusted voices in their communities. Use that influence to educate parents and youth on digital safety, safe payment practices, and how to report suspicious activity. Include tips on verifying social media connections and keeping accounts private.
The NCMEC's "Take It Down" initiative and other programs offer resources to support victimized families and can be promoted through your institution's website, social channels, and newsletters.
Protecting the vulnerable, preventing tragedy
Financially motivated sextortion is more than a financial crime; it's a devastating form of child exploitation that often ends in emotional trauma or worse. The payment systems that power these crimes are the same systems financial institutions touch daily.
When banks and credit unions take proactive steps to detect and report red flags, they do more than stop fraud. They prevent abuse, disrupt transnational criminal networks, and they protect children in their communities from irreversible harm. Financial institutions can help stop this exploitation at its source by investing in education, transaction monitoring, and community outreach. It’s the right thing to do.