A form of cybercrime called “financial sextortion” is rapidly rising in North America and Australia, with a major portion driven by a non-organized cybercriminal group in West Africa who call themselves “Yahoo Boys,” according to a new study from the Network Contagion Research Institute (NCRI).
Sextortion is “a crime that involves adults coercing kids and teens into sending explicit images online,” according to the FBI. The criminals threaten their victims with wide distribution of the explicit images, including to the victims’ friends and family, unless the victims pay them, repeatedly, through a variety of peer-to-peer payment apps, cryptocurrency transfers and gift cards.
NCRI, a nonprofit, found cybercriminals used the social apps Instagram, Snapchat and Wizz to find and connect with their marks.
Yahoo Boys’ tactics gained popularity among some as a way to get rich quickly in West Africa, where there are scant other means of earning income, according to a 2023 Atavist investigation. Popular songs referencing Yahoo Boys have lent the cybercriminal gangs cultural clout.
Despite increasing amounts of reported sextortion online over the last several years, the NCRI researchers say that platforms used by Yahoo Boys and other threat actors have been slow to moderate their materials or make changes that could help curb the spread of sextortion.
Sextortion is a “transnational crime threat that is actually causing a significant number of American deaths,” said Paul Raffile, a senior intelligence analyst with the NCRI who co-led the study. This form of crime — which has mostly impacted boys and young men, according to NCRI Director of Intelligence Alex Goldenberg — can be so devastating that it drives some victims to suicide.
In August 2023, NBC News reported that two Nigerian men were extradited to the U.S. to face charges in a sextortion scheme that authorities say prompted the suicide of a 17-year-old Michigan high school student. The men pleaded not guilty and were denied bail in September.
And in November, according to court filings obtained by CNBC and NBC News, a grand jury indicted a Nigerian man in response to allegations from the U.S. Secret Service that he engaged in Yahoo Boys tactics, including sextortion and wire fraud of $2.5 million
In this case, the indictment reads, the accused Nigerian man and unidentified co-conspirators used fake accounts on Facebook and Snapchat to pose as attractive young women, connect to young male users and gain access to their friends and follower lists, and then entice the victims into sending them explicit photos.
The accused party allegedly promised his marks, who Yahoo Boys often refer to as “clients,” that they would delete or at least refrain from distributing the photos if they would send money through apps like Venmo, CashApp and Zelle, cryptocurrency transfers through Bitcoin with a Binance account, or gift cards.
As soon as they paid, however, the victims would face new threats and pressure to keep making payments, the filings said.
NCRI’s study found that the Yahoo Boys promote their tactics and recruit new gang members, in part, by publishing training videos and guides for running a financial sextortion scam on platforms including TikTok, Scribd and YouTube.
The NCRI researchers said they found dozens of videos on TikTok and YouTube that showed self-described Yahoo Boys engaging in sextortion by using easily searchable phrases like “blackmail format” or hashtags like #YahooBoys. They also found scripts on Scribd teaching others how to extort their victims using similar search terms. The materials on the various sites had been viewed over half a million times, according to the NCRI analysis.
NBC News and CNBC reviewed some of these materials still up on all three platforms. One video posted to YouTube instructed viewers on how to “catch a client,” keep them engaged by acting “like a real girl,” and how to convince them to send increasingly explicit photos. The video contained a walk-through on how to threaten a victim and coerce them into sending payments, at which point the narrator admitted this activity would be “high risk.”
A document posted to Scribd contained a script with seductive and explicit enticements leading to escalating threats. The document said, for example, “You ready to comply with me? I will make you so miserable that you can’t even think … I will send your nude to lots of people online … Do you want this to happen – yes or no. If you do not want it to happen you will have to pay me.” And later, “How much you got there[?] If you are thinking of 200$ forget it I’m posting your nude and gonna make you die in pain.”
After NBC News asked TikTok about several Yahoo Boys videos, the company removed them. A spokesperson said in an email that they had violated the platform’s guidelines against scams.
Scribd did not reply to a request for comment.
A YouTube spokesperson, Javier Hernandez, said that the company removed several videos and one channel after NBC News asked about Yahoo Boys content on the platform.
The NCRI researchers also found detailed scripts that had been available for years, still readily available on sites like Meta’s Instagram and Snapchat.
TikTok, YouTube, Scribd and Meta prohibit content that promotes criminal activity.
A Meta spokesperson said in an email that the company has strict rules against sharing intimate images and that it already implements versions of many of NCRI’s recommendations, “including offering a dedicated reporting option so people can report threats to share private images.”
A Snapchat spokesperson said in an email, “We know that sextortion is a growing risk teens face across a range of platforms and have been ramping up our tools to combat it. We have extra safeguards for teens to protect against unwanted contact, and don’t offer public friend lists, which we know can be used to extort people. We also want to help young people learn the signs of this type of crime, and recently launched in-app education to raise awareness of how to spot and report it.”
While the Yahoo Boys and other threat actors have been operating for years on mainstream social media platforms, the parent companies of those platforms have been slow to substantially stem the activity.
NCRI’s director of intelligence, Alex Goldenberg, said that in-app education is a great start, but tech companies can do more to stop sextortion online.
Platforms like TikTok, YouTube and Scribd should actively search for and take down the sextortion how-to guides, materials and scripts that they are hosting, he said. And social media platforms should include a distinct category to report sextortion — as Snapchat did in early 2023.
Goldenberg emphasized that social apps should make it more difficult to access information about a specific users’ network. On public accounts on Instagram, for example, followers and following lists are visible to all, which enables cybercriminals to infiltrate a victim’s personal network and exert leverage over them by threatening to send photos to people they know.
Even in a private account on Instagram, the moment a user accepts a scammer’s follow request, that scammer can view and try to connect with all of their friends and followers. A design change to make or keep users’ followers and following lists private would take an important source of criminals’ leverage away.
A Meta spokesperson said that for users under 16, Meta defaults their accounts to private so that it’s only possible to see their network if they accept your follow request.
On Snapchat, users should be made aware that photos can be saved and screenshotted, Goldenberg said. Parents and educators should “combat the belief that photos sent on Snapchat disappear, which can create a false sense of security,” the NCRI study recommends.
A former Snapchat employee, who asked to remain unnamed (but whose identity is known to CNBC and NBC News) corroborated some conclusions from the NCRI study as they pertained to company. The former employee said that rising financial sextortion had been discussed at the company starting as early as 2021 and that it intensified in the years that followed. The former employee agreed that Snapchat and other social media companies have not acted strongly or swiftly enough to protect young users.
The NCRI study also strongly criticized Wizz, concluding: “Sextortion on Wizz is pervasive and dangerous. The app’s design, seemingly akin to a Tinder-like interface for minors, has fostered an environment ripe for the rampant spread of sextortion.”
In July, child safety groups told NBC News that they were receiving an alarming number of reports about the alleged sextortion of young people originating on Wizz.
A spokesperson for Wizz said in a statement after this story was published, “We have zero tolerance for scams and inappropriate behavior of any kind on the platform, and we are constantly innovating to ensure Wizz is leading the industry on user safety.”
Apple’s App Store and Google Play can also help, the NCRI study suggested, by carefully monitoring complaints about sextortion associated with social media apps, and enforcing their existing policies.
NCRI’s study comes amid heightened scrutiny of how social media is impacting young people.
New Mexico Attorney General Raúl Torrez sued Meta and CEO Mark Zuckerberg, accusing the company of enabling human trafficking and the distribution of child sexual abuse materials, and alleging that Facebook and Instagram are “breeding grounds” for predators targeting children in a formal complaint.
As NBC News previously reported, Meta responded to that lawsuit by saying it has been proactive in finding and removing accounts and content that violate its child safety policies.
CEOs from Meta, X (formerly Twitter), TikTok, Snapchat and Discord are expected to answer questions from a bipartisan Senate Judiciary Committee regarding their efforts to stop sextortion at a hearing about child safety online that is scheduled for Jan. 31.
In the U.S., people who have experienced sextortion (or their parents or guardians) can report it via the FBI’s cybercrime portal IC3.gov online, or a local FBI field office. Sextortion incidents involving a minor should also be reported to the National Center for Missing & Exploited Children or NCMEC Cypertipline at report.cybertip.org or by phone at 800–843–5678.