What to Do If Someone Is Blackmailing You Online

Posted: March 31, 2026 to Cybersecurity.

What to Do If Someone Is Blackmailing You Online: A Complete Guide

Online blackmail, also called cyber extortion, is the act of threatening to release private information, images, videos, or data about a person unless they comply with demands for money, additional content, or other concessions. It is a federal crime under multiple U.S. statutes and a felony under North Carolina state law. Online blackmail takes many forms, including sextortion, ransomware threats, data exposure extortion, reputation attacks, and business email compromise, but the core mechanism is always the same: a threat to cause harm unless the victim pays or complies.

The FBI's Internet Crime Complaint Center (IC3) received over 880,000 cybercrime complaints in 2023 with reported losses exceeding $12.5 billion, and extortion-related complaints ranked among the fastest-growing categories. The actual number of victims is far higher because most people who are blackmailed online never report it. Shame, fear of exposure, and confusion about where to turn keep the majority of victims silent, which is exactly what the blackmailer counts on.

If someone is blackmailing you right now, you need to know three things immediately: do not pay, preserve every piece of evidence, and report the crime. This guide walks you through every step in detail, explains the federal and state laws that protect you, and describes how professional digital forensics investigators can trace your attacker, preserve evidence for prosecution, and help you end the threat.

Types of Online Blackmail

Understanding the type of blackmail you are dealing with helps determine the right response, the right authorities to contact, and the kind of evidence that matters most. The following are the most common forms of online extortion reported to law enforcement and digital forensics teams.

Sextortion

Sextortion is the most widely reported form of online blackmail. The attacker obtains or claims to possess intimate images or videos of the victim and threatens to send them to the victim's family, friends, employer, or social media contacts unless the victim pays or sends additional explicit content. In many cases, the attacker obtained the images through a fake online relationship, a hacked cloud account, or by using AI deepfake technology to fabricate explicit content from public photos. The FBI has identified sextortion as one of the fastest-growing cyber threats, with complaints more than doubling between 2022 and 2024. For a detailed breakdown of sextortion tactics and response steps, see our sextortion help guide.

Ransomware Threats

Ransomware is a form of digital extortion in which an attacker encrypts a victim's files, databases, or entire computer systems and demands payment (typically in cryptocurrency) for the decryption key. Ransomware attacks increasingly target individuals, not just businesses. Home users who lose access to personal photos, financial records, or work documents face the same impossible-sounding choice: pay or lose everything. Some ransomware variants also threaten to publish stolen data publicly if the ransom is not paid, combining encryption with data exposure extortion.

Data Exposure Threats

In data exposure extortion, the attacker claims to have obtained sensitive personal information, such as financial records, medical data, private communications, browser history, or login credentials, and threatens to release the data publicly or sell it on dark web marketplaces unless the victim pays. This tactic is common in email-based extortion campaigns where attackers send mass emails claiming to have hacked the victim's computer, recorded them through their webcam, or obtained their browsing history. While many of these emails are bluffs sent to millions of addresses, some are backed by real stolen data from previous data breaches, making them credible enough to terrify victims into paying.

Reputation Attacks

Reputation-based blackmail targets the victim's professional or public image. The attacker threatens to post damaging reviews, fabricated accusations, or manipulated content on platforms where the victim's reputation matters: Google Business reviews, social media, professional forums, news tip lines, or industry-specific websites. Business owners, medical professionals, attorneys, and public figures are frequent targets. The demand is usually financial, but some attackers want services, favorable treatment, or the removal of content that exposes their own misconduct.

Business Email Compromise

Business email compromise (BEC) extortion occurs when an attacker gains access to a business email account and uses the information found inside to blackmail the account holder or the organization. The attacker may discover confidential deals, internal disputes, financial irregularities, or personal communications and threaten to forward them to clients, partners, regulators, or the press. BEC-related losses exceeded $2.9 billion in 2023 according to the FBI, making it one of the costliest forms of cybercrime. Organizations facing BEC-related extortion need both cybersecurity incident response and forensic investigation to determine the scope of the compromise.

Immediate Steps: What to Do If You Are Being Blackmailed

If someone is blackmailing you online, follow these steps in order. Acting quickly and methodically in the first 24 to 48 hours significantly affects the outcome. Every step matters.

1. Do Not Pay the Blackmailer

This is the most important step. Do not send money, cryptocurrency, gift cards, or anything else of value. Research from the Thorn organization and multiple law enforcement agencies confirms that more than 80% of victims who pay a blackmailer receive additional demands, often for larger amounts. Payment does not end the threat. It proves that you are willing to pay, and the blackmailer escalates. Many victims who pay once are contacted again within days. Some are targeted by the same criminal organization months or years later. There is no transaction that buys your safety because the blackmailer has no incentive to stop once they know you will comply.

2. Preserve All Evidence

Before you block the attacker or take any other action, capture and save every piece of evidence. This documentation is what law enforcement, forensic investigators, and prosecutors need to identify and prosecute the blackmailer. Take screenshots or screen recordings of:

• All threatening messages, including full conversation threads with timestamps
• The attacker's usernames, profile names, and profile photos on every platform
• Email addresses, phone numbers, and any other contact information the attacker used
• Payment instructions: cryptocurrency wallet addresses, Venmo handles, Cash App cashtags, wire transfer details, gift card redemption codes
• URLs of any websites, social media profiles, or forums where the attacker threatened to post your information
• Your own messages in the conversation (to establish the complete timeline)
• Any files, images, or attachments the attacker sent you

Store this evidence in a secure location: a password-protected folder, an encrypted USB drive, or encrypted cloud storage. Do not rely solely on the platform retaining the messages. Attackers delete accounts and conversations to cover their tracks.

3. Block the Blackmailer on All Platforms

After you have preserved evidence, block the attacker on every platform, messaging app, email service, and phone number they used to contact you. Blocking removes the attacker's ability to continue pressuring you and eliminates the psychological toll of receiving ongoing threats. If the attacker creates new accounts to reach you, screenshot those messages first, then block the new accounts as well. Each new account they create is additional evidence of criminal harassment.

4. Secure Your Accounts

Change passwords immediately on every account associated with your email address, especially email, social media, cloud storage, banking, and any professional platforms. Use a password manager to generate strong, unique passwords for each service. Enable two-factor authentication (2FA) using an authenticator app such as Google Authenticator, Authy, or Microsoft Authenticator. Do not use SMS-based 2FA, as it is vulnerable to SIM swapping attacks. Review your social media privacy settings and restrict who can see your friends list, followers, contact information, and tagged photos. If the blackmailer gained access through a compromised account, these steps prevent further access and limit what they can use against you.

5. Report to the FBI Internet Crime Complaint Center (IC3)

File a report at ic3.gov. The FBI's IC3 is the primary federal reporting mechanism for all internet-based crimes, including blackmail, extortion, and cyberstalking. Your report enters a federal database that tracks criminal operations across jurisdictions. When multiple victims report the same attacker, phone number, email address, or cryptocurrency wallet, it builds the case for a federal investigation. Include every piece of evidence you collected: screenshots, usernames, payment addresses, and a detailed chronological account of what happened.

6. File a Local Police Report

Contact your local police department and file a formal report. Even if local law enforcement does not have the technical capacity for a full cyber investigation, the police report creates an official record that serves multiple purposes: it documents the crime for future legal proceedings, supports platform takedown requests, provides documentation for insurance claims or employer notifications, and creates a paper trail if the blackmailer escalates to physical threats. Ask for the case number and the name of the officer assigned to the report.

7. Report to the Platform

Every major platform has dedicated reporting mechanisms for extortion, blackmail, and intimate image abuse. File reports on every platform the attacker used to contact you. Platform reports trigger internal investigations that can result in the attacker's account being suspended, content being removed, and data being preserved for law enforcement. Many platforms, including Meta (Instagram, Facebook, WhatsApp), Snapchat, Google, Discord, and X, have expedited review processes for extortion reports and cooperate with law enforcement subpoenas to provide attacker account data including IP addresses, login history, and linked phone numbers.

8. Contact a Digital Forensics Team

Professional digital forensics investigators bring capabilities that victims and general-purpose law enforcement often lack: IP tracing across platforms, metadata analysis, forensic evidence preservation that meets courtroom standards, device examination for malware or unauthorized access, dark web monitoring for leaked data, and direct coordination with platform legal teams and law enforcement agencies. The earlier a forensic team is engaged, the more evidence is available before the attacker deletes accounts and covers their tracks. If you are being blackmailed, contact Petronella's incident response team for an immediate confidential consultation.

Is Blackmail Illegal? Federal and State Laws That Protect You

Blackmail and extortion are serious crimes under both federal and state law. Understanding the legal framework helps victims recognize that the full weight of the criminal justice system is behind them and that blackmailers face severe penalties. The person committing the blackmail is the criminal, not the victim, regardless of what information or content the blackmailer is threatening to release.

Federal Laws

18 U.S.C. § 873 — Blackmail: This statute directly criminalizes blackmail in any form. It makes it a federal offense to demand or receive money or anything of value by threatening to inform, or withholding information about, a violation of any law of the United States. Conviction carries a penalty of up to 1 year in federal prison and a fine.

18 U.S.C. § 875 — Interstate Extortion: This broader extortion statute criminalizes transmitting any communication in interstate or foreign commerce containing a threat to injure the reputation of another person, or a threat to kidnap, injure, or harm, with intent to extort money or anything of value. Online blackmail almost always crosses state lines through internet communications, triggering federal jurisdiction. Penalties range from 2 to 20 years in federal prison depending on the nature of the threat.

18 U.S.C. § 1030 — Computer Fraud and Abuse Act (CFAA): When online blackmail involves unauthorized access to a victim's computer, phone, cloud accounts, or email to obtain the material used as leverage, the attacker also violates the CFAA. This applies to cases involving hacked accounts, stolen data, or malware-based extortion including ransomware. Penalties range from 5 to 20 years in federal prison depending on the specific subsection and the severity of harm caused.

18 U.S.C. § 1951 — The Hobbs Act: The Hobbs Act prohibits extortion that affects interstate or foreign commerce. Federal prosecutors use this statute in blackmail cases involving businesses, professionals, and any scenario where the extortion has an economic impact beyond the immediate victim. Penalties include up to 20 years in federal prison.

North Carolina State Laws

N.C. Gen. Stat. § 14-118.4 — Extortion: North Carolina criminalizes extortion as obtaining or attempting to obtain property, services, or any advantage by threatening to accuse a person of a crime, injure a person or their property, or expose any secret affecting their reputation. This statute covers all forms of online blackmail where the attacker demands payment or compliance in exchange for not releasing damaging information. Classified as a Class F felony, carrying 10 to 41 months of imprisonment.

N.C. Gen. Stat. § 14-190.5A — Disclosure of Private Images: North Carolina specifically criminalizes the nonconsensual disclosure of intimate images. This law applies to both actual distribution and threats to distribute private images. It is particularly relevant to sextortion cases and any blackmail involving photos or videos. Classified as a Class H felony, carrying 4 to 25 months of imprisonment.

N.C. Gen. Stat. § 14-458.2 — Cyber-Stalking: When online blackmail involves ongoing threats, repeated contact, or surveillance of the victim, North Carolina's cyberstalking statute provides additional criminal exposure for the attacker, including when the blackmailer monitors the victim's online activity or creates fake profiles to maintain contact after being blocked.

Victims should understand clearly: you are not in legal trouble for being blackmailed. Even if the material the blackmailer is threatening to release involves something embarrassing or something you regret, the crime is committed by the person making the threat. Prosecutors and law enforcement focus on the blackmailer, not the victim.

Why You Should Never Pay a Blackmailer

The decision not to pay is difficult, especially when the threat feels urgent and the potential consequences of exposure feel devastating. But the data, law enforcement experience, and victim outcomes consistently show that paying makes the situation worse, not better.

More than 80% of victims who pay get re-extorted. The Thorn organization, which works with law enforcement on technology-facilitated exploitation, has documented that the vast majority of victims who comply with demands receive additional demands. The blackmailer knows you have both the means and the willingness to pay. They increase the amount. They invent new threats. They contact you again weeks or months later. Paying once makes you a permanent target.

Payment does not result in deletion. There is no mechanism to verify that the blackmailer deleted your data, images, or information after receiving payment. In most cases, the material is retained specifically because it has proven valuable. Criminal organizations that run blackmail operations maintain databases of victim material and rotate it among operatives. Your payment funds an operation that will continue to victimize you and others.

Payment funds criminal organizations. Online blackmail is not typically carried out by lone individuals. The FBI, Europol, and INTERPOL have identified organized criminal networks, many based in West Africa, Southeast Asia, and Eastern Europe, that run industrialized sextortion, ransomware, and extortion operations. Payments from victims fund these operations, enabling them to develop better tools, recruit more operatives, and target more victims. Your payment directly contributes to the continuation and expansion of the criminal enterprise.

Payment creates additional legal and financial complications. Depending on where the payment is sent, victims who pay ransom or extortion demands may inadvertently violate sanctions laws if the recipient is in a sanctioned country or is a designated person under OFAC regulations. While enforcement against victims is rare, the legal exposure is real. Additionally, cryptocurrency payments are extremely difficult to reverse, and gift card payments are effectively untraceable once redeemed.

What actually works: The combination of evidence preservation, law enforcement reporting, platform reporting, and professional forensic investigation is the approach with the best documented outcomes. This path leads to account takedowns, content removal, and in many cases, criminal prosecution of the attacker. It does not require paying the blackmailer a single dollar.

How Digital Forensics Helps Blackmail Victims

When you are being blackmailed online, the attacker appears anonymous and untouchable. Professional digital forensics changes that dynamic by applying investigative tools and techniques that can unmask the person behind the threat and build the evidence needed for criminal prosecution or civil action.

IP Tracing and Account Attribution: Every online interaction leaves digital traces. Forensic investigators analyze email headers, message metadata, login records, and platform data to identify IP addresses associated with the attacker. When combined with geolocation databases, ISP records obtained through law enforcement subpoenas, and cross-platform correlation, IP tracing can narrow an attacker's identity and location. Even when attackers use VPNs or Tor, behavioral analysis, timing patterns, and device fingerprinting can provide attribution leads.

Forensic Evidence Preservation: Digital evidence is fragile. Messages can be deleted, accounts deactivated, and metadata altered within hours. Forensic investigators use write-blocking tools, cryptographic hash verification, and certified forensic imaging software to create tamper-proof copies of all evidence. Every step is documented with timestamps and verification to maintain chain of custody. This level of preservation is essential because improperly handled evidence can be challenged and excluded in court proceedings.

Device and Account Analysis: If the blackmail involved unauthorized access to your devices or accounts, forensic examination can determine how the attacker gained access, what data they viewed or copied, whether malware or spyware was installed, and whether the compromise is ongoing. This analysis is critical for closing the access point, understanding the full scope of exposure, and documenting the intrusion for law enforcement.

Dark Web Monitoring: When a blackmailer threatens to release data or has already done so, forensic investigators can monitor dark web forums, paste sites, file-sharing networks, and image boards for your content. When leaked material is identified, investigators work with hosting providers and law enforcement to issue takedown requests and identify who uploaded the content.

Law Enforcement Coordination: Petronella's forensic team prepares investigation packages formatted for FBI, Secret Service, and local law enforcement use. These packages translate technical findings into language that non-technical investigators and prosecutors can act on, while maintaining the forensic detail needed to support search warrants, arrest warrants, and prosecution. Having a professional forensic intermediary typically results in faster law enforcement engagement and more effective investigations.

Platform-Specific Reporting for Online Blackmail

Report the blackmail on every platform the attacker used to contact you, even if you have already blocked them. Platform reports trigger internal investigations, content removal, account suspension, and data preservation that supports law enforcement investigations.

Email-Based Blackmail

If the blackmail came via email, report the message as phishing or abuse through your email provider (Gmail: click the three-dot menu and select "Report phishing"; Outlook: select "Report" then "Phishing"). Forward the email, including full headers, to the FBI at tips.fbi.gov. For mass extortion emails claiming to have hacked your computer or webcam, also report to the Anti-Phishing Working Group at reportphishing@apwg.org. Do not click any links or download any attachments in the blackmail email.

Social Media Blackmail

On Instagram, go to the attacker's profile, tap the three-dot menu, and select "Report." Meta has dedicated sextortion and extortion reporting tools in the Help Center. On Facebook, report the conversation through the three-dot menu and also use the non-consensual intimate image reporting tool at facebook.com/safety/notwithoutmyconsent. On X (Twitter), use the three-dot menu on the offending messages, select "Report," and choose the appropriate violation. On Snapchat, press and hold the attacker's name in your chat list, tap "More," then "Report." On TikTok, long-press the message and select "Report."

Messaging App Blackmail

On WhatsApp, open the chat, tap the contact's name, scroll down, and select "Report contact." On Telegram, tap the attacker's name, select the three-dot menu, and choose "Report." On Discord, right-click the message and select "Report Message," or for serious cases email abuse@discord.com directly. On Signal, block the contact and report the phone number to law enforcement, as Signal does not retain message content or user data.

Dating App Blackmail

If the blackmail originated on a dating platform (Tinder, Bumble, Hinge, Grindr, or others), report the user through the app's built-in reporting feature. Most dating apps have specific categories for extortion and harassment. Also contact the app's support team directly with screenshots and details. Dating apps cooperate with law enforcement and can provide account registration details, IP logs, and conversation records in response to legal process.

Protecting Yourself From Online Blackmail Going Forward

While no prevention measure eliminates all risk, the following practices significantly reduce your exposure to online blackmail and limit the damage if you are targeted.

Use strong, unique passwords and 2FA on every account. Account compromise is the entry point for many blackmail schemes. Use a password manager and enable authenticator-based two-factor authentication on all accounts, especially email, cloud storage, social media, and financial services. This single step blocks the majority of account-based attacks.

Be skeptical of new online contacts who escalate quickly. Whether on dating apps, social media, or professional platforms, be cautious with anyone who moves the conversation rapidly toward personal, financial, or intimate topics. Reverse image search their profile photos. If they refuse video calls or always have an excuse for not meeting in person, treat the interaction as suspicious.

Limit the personal information you share publicly. Attackers build leverage by gathering information about your life, relationships, career, and reputation. Review your social media privacy settings. Restrict who can see your friends list, employer, and tagged photos. The less information publicly available about you, the less ammunition a blackmailer has.

Never share intimate content with anyone you have not met in person. This applies to photos, videos, and live video chat. Deepfake technology means even a single clear photo of your face can be used to generate fabricated explicit content, but there is no substitute for the real thing from the attacker's perspective. Not sharing intimate content eliminates the most common sextortion entry point.

Keep software and devices updated. Ransomware and malware-based extortion exploit known vulnerabilities in operating systems, browsers, and applications. Enable automatic updates on all devices. Run reputable endpoint protection software. These measures block the technical attacks that can give blackmailers access to your files and accounts.

Monitor for data breaches. Use services like Have I Been Pwned (haveibeenpwned.com) to check whether your email addresses and passwords have appeared in known data breaches. If your credentials have been compromised, change those passwords immediately and enable 2FA. Blackmailers frequently use credentials from old data breaches to access victim accounts.

For businesses: train employees. Business email compromise and corporate extortion often begin with a single employee clicking a phishing link or reusing a compromised password. Regular cybersecurity awareness training and enforced security policies significantly reduce organizational exposure to blackmail and extortion threats.

North Carolina and Raleigh-Durham Resources

Victims in North Carolina and the Triangle area have access to both state and federal resources for reporting and recovering from online blackmail.

• FBI Charlotte Field Office — Covers the Raleigh-Durham area for federal cybercrime investigations. Call 704-672-6100
• North Carolina State Bureau of Investigation (SBI) — Computer Crimes Unit handles online exploitation and extortion cases statewide
• North Carolina Attorney General's Office — Consumer Protection Division accepts complaints related to online fraud and extortion at ncdoj.gov/file-a-complaint or 877-566-7226
• Raleigh Police Department — Cyber Crimes Unit handles local reports of online extortion and harassment
• Wake County Sheriff's Office — Accepts reports for incidents in unincorporated Wake County
• InterAct of Wake County — Crisis intervention and counseling for victims of exploitation. 24-hour crisis line: 919-828-3005
• 988 Suicide and Crisis Lifeline — Call or text 988 if you or someone you know is in emotional crisis

Petronella Technology Group is headquartered at 5540 Centerview Dr., Suite 200, Raleigh, NC 27606 and works directly with local and federal law enforcement on cybercrime investigations. Our proximity to agencies and courts in the Triangle area means same-day response, in-person meetings with investigators, and the ability to testify in North Carolina state and federal courts.

Key Takeaways: What to Do If Blackmailed

• Do not pay. More than 80% of victims who pay receive escalated demands. Payment does not end the threat and funds criminal operations
• Preserve all evidence before blocking the attacker: screenshot messages, usernames, payment instructions, and a full timeline of events
• Block the blackmailer on every platform after preserving evidence to stop ongoing psychological pressure
• Secure your accounts with new passwords and authenticator-based 2FA on email, social media, cloud storage, and financial accounts
• Report to the FBI IC3 at ic3.gov and file a local police report to create official records and support potential prosecution
• Report to every platform the attacker used to trigger account suspensions, content removal, and data preservation
• Online blackmail is a serious crime under both federal law (18 U.S.C. 873, 875, 1030) and North Carolina law (14-118.4, 14-190.5A) with penalties including years of imprisonment
• Professional digital forensics can trace attackers, preserve court-admissible evidence, monitor for leaked data, and coordinate with law enforcement to stop the threat
• You are the victim, not the criminal. Regardless of what material the blackmailer is threatening to release, the law protects you and penalizes the person making the threat

Being blackmailed online is a frightening experience, but you have far more legal protection and more options than most victims realize. The blackmailer depends on your silence, shame, and isolation to maintain control over you. Breaking that cycle by refusing to pay, preserving evidence, reporting the crime to federal and local law enforcement, and engaging professional forensic investigators is the most effective path to ending the threat and holding the attacker accountable.

If you or someone you know is being blackmailed, contact Petronella Technology Group for a confidential consultation. Our digital forensics team has the tools, the experience, and the law enforcement relationships to investigate online blackmail cases and help victims regain control. Call 919-348-4912 or visit our incident response page for immediate assistance. If you are dealing with a related scam such as a pig butchering investment fraud, see our guide on pig butchering scam recovery.