From MIL OSI

Major platforms have the tools to stop sexual extortion, but they’re not using them – new report

Source: The Conversation (Au and NZ)

Constantinis/Getty Images

It begins with a follow request. An 18-year-old male accepts one on Instagram from an attractive female stranger. She likes his posts, messages him first, friendly, flattering, quick to move the chat to a messaging app.

Within an hour she has shared an intimate image and asked for one in return. The moment he sends it, the flirtation stops: pay, or his image goes to his mother and every friend the blackmailer has found on his profile. A countdown begins.

This is a fictional scenario, but in 2025 the eSafety Commissioner received more than 3,300 reports of sexual extortion or “sextortion”. The vast majority of reports were made by male victims.

A national survey by the Australian Institute of Criminology found more than one in ten Australian adolescents have experienced sexual extortion, over half of them before they’d turned 16. Two in five were targeted with digitally manipulated material, and two-thirds by someone they had only ever met online.

In addition, new national research published last week found that among young people who had sexual images shared without consent, one in four said AI was involved.

eSafety’s latest transparency report, released today, draws on answers platforms must provide under Australia’s Online Safety Act. It reveals many platforms are still not using available tools to detect this crime. Yet sexual extortion is arguably the most predictable serious crime on the internet. It follows a script.

A crime that follows a script

Sextortion is a form of blackmail in which someone threatens to share a nude or sexual image (real or AI-fabricated), unless the victim pays or provides more intimate material. When the target is under 18, it is child sexual exploitation.

Offenders – frequently organised criminal networks overseas – work through a well-documented sequence. First contact usually happens on social media before the conversation is moved to another service, such as Snapchat or WhatsApp. The offender fast-tracks trust by sharing an intimate image, sometimes using images taken from earlier victims.

Once the target shares their image, the demands begin, often with countdowns engineered to cause panic. Meanwhile the offender searches their social accounts for family and friends to threaten to contact.

Each stage leaves linguistic “fingerprints”. eSafety’s investigators have compiled the gangs’ most common scripts, language indicators and recycled fake imagery, and supplied them directly to the major platforms.

The pattern is so recognisable, eSafety built a public campaign around it. “If sextortionists were honest”, launched in June, uses AI-generated characters to act out the script in advance so young men can spot it in their own messages.

If a short video can teach a teenager to recognise a sexual extortion script, why can’t the largest tech companies teach their systems to do the same?

What the report shows

The new report puts sexual extortion at its centre and shows the detection gap persists across all seven providers.

In the second half of 2025 alone, eSafety received more than 2,000 sexual extortion complaints: men aged 18 to 24 were the largest cohort, and Instagram and WhatsApp the services most named.

Horizontal stacked bar graph showing the top 10 services with the highest number of sexual extortion reports to eSafety.
While Telegram and TikTok are not part of this reporting series, eSafety has previously given transparency notices to both.
eSafety

Yet Instagram used no language analysis in private messages. It relies on user reports, even though Meta removed end-to-end encryption from private messages in May this year, clearing the way for detection tools.

WhatsApp – where messages are encrypted – used none either and offered no dedicated way to report sexual extortion.

Apple’s iMessage also used none. Its nudity-blurring Communication Safety feature can’t detect extortion scripts or threats and is on by default only for self-declared under-18s.

Snapchat ran language analysis only on material reported by users and did nothing proactive, even on the unencrypted parts of its service. Discord used no language analysis at all, despite most of its service not being encrypted. Google used none on Messages or Gmail.

Microsoft illustrates both the possibility and the failure: it uses language analysis to detect sexual extortion on Xbox, yet applies no equivalent tools on Teams.

Vertical bar chart showing the top 6 services where 'threats' of sexual extortion occurred.

eSafety

If a service encrypts messages, it can make proactive detection of sextortion scrips difficult, although not impossible. And it can’t explain the detection gap on unencrypted services like Instagram, Discord, Gmail, Teams, or the parts of Snapchat that are not end-to-end encrypted.

When blackmail occurs in plain text, the barrier to detection is simply the platform’s priorities.

Where to from here?

Three steps would make an immediate difference.

First, platforms should deploy language analysis across every unencrypted service. It should be calibrated to protect both children and adults, using the indicators eSafety has already supplied. The regulator has collected the threat intelligence for them.

Second, detection should trigger intervention. If the victim receives a warning or interruption at certain moments the script predicts, it can interrupt the crime and redirect them to receive support. A legislated digital duty of care would make such safety-by-design a legal obligation rather than an optional extra.

Design matters, as the report found only 0.3% of teens who received Snapchat’s warning about a risky contact chose to block or report. However, good warning message design can work, and such interventions must be evaluated and continuously improved, not just switched on.

Third, companies need to share more information across platforms. This crime deliberately migrates between services – for example, from Instagram to WhatsApp (both owned by Meta) – precisely to exploit the gaps between them.

Social media and messaging platforms should share more threat intelligence across sectors such as finance, which is more regulated and has stronger connections to law enforcement. Currently, that’s not happening at a level needed to disrupt the criminal networks of sextortion.

Sexual extortion announces itself in plain text. The playbook has been recorded, studied, and delivered to the companies that host the crime. Detecting it does not require a breakthrough, but a decision to act.

The Conversation

Joel Scanlan is the academic co-lead of the CSAM Deterrence Centre, which is a partnership between the University of Tasmania and Jesuit Social Services, which operates Stop It Now! Australia, a therapeutic service providing support to people who are concerned with their own, or someone else’s, feelings towards children. He has received funding from the Australian Research Council, Australian Institute of Criminology, the eSafety Commissioner, Lucy Faithfull Foundation and the Internet Watch Foundation.

Original source: https://analysis1.mil-osi.com/2026/07/14/major-platforms-have-the-tools-to-stop-sexual-extortion-but-theyre-not-using-them-new-report/