|
SAFE-T-0083
|
Account Takeover
|
Gaining full control of victim's accounts including email, social media, banking, government services, or utilities by changing credentials and recovery options. Complete takeover denies victim access while giving perpetrator full control over the account, including stored data, communications, and financial functions.
|
|
SAFE-T-0091
|
Administrative Access Abuse
|
Using parental controls, family administrator privileges, or enterprise MDM capabilities to exert control over an adult victim's devices and accounts. Exploits legitimate administrative tools designed for child safety or corporate security to restrict an adult's digital autonomy.
|
|
SAFE-T-0151
|
Age/Identity Deception
|
Misrepresenting age, identity, appearance, occupation, or circumstances to build trust. Includes catfishing, using stolen photos, creating false personas, and age misrepresentation by adults targeting minors or by scammers targeting adults. The deception is the foundation on which the exploitative relationship is built.
|
|
SAFE-T-0153
|
AI-Assisted Grooming
|
Using AI chatbots, LLMs, or automated messaging to maintain multiple grooming relationships simultaneously at scale. AI enables personalised, varied manipulation conversations that adapt to each target's responses. The 'pig butchering' industrial model uses AI to manage hundreds of simultaneous relationships, with human operators stepping in for hi...
|
|
SAFE-T-0159
|
AI-Assisted Targeting Discovery
|
Using AI tools (ChatGPT, Claude, search engines, coding assistants) to research surveillance methods, learn how to track someone, or develop manipulation strategies. AI lowers the skill barrier — someone who couldn't write code can now generate a keylogger. AI platforms actively try to prevent this but it remains a cat-and-mouse game.
|
|
SAFE-T-0162
|
AI-Generated Evidence Fabrication
|
Using AI to create fake text message screenshots, fabricated legal documents, forged emails, synthetic audio recordings, or manipulated metadata for use in legal proceedings, custody disputes, or reputation attacks. Distinct from Deepfake Creation (visual media) — this is documentary evidence fabrication. AI lowers the skill barrier for creating co...
|
|
SAFE-T-0088
|
Backup/Cloud Access
|
Accessing victim's personal data through cloud backup services such as iCloud, Google Drive, OneDrive, or device backups. Cloud backups often contain comprehensive copies of messages, photos, contacts, browsing history, and app data, providing extensive surveillance capability from a single access point.
|
|
SAFE-T-0131
|
Benefits/Payments Interception
|
Redirecting victim's income, government benefits, tax refunds, insurance payments, or other financial entitlements to perpetrator-controlled accounts. May involve changing direct deposit information, intercepting physical mail, controlling online government portals, or filing fraudulent claims.
|
|
SAFE-T-0148
|
Boundary Testing & Desensitisation
|
Making incrementally escalating requests to test compliance and normalise boundary violations. Starts small (share your location, send a photo, stay up late talking) and escalates (send intimate content, meet in person, transfer money, cut off contact with friends). The request-demand-threaten-force escalation sequence. Each compliance makes the ne...
|
|
SAFE-T-0079
|
Calendar/Schedule Surveillance
|
Accessing victim's calendar applications, booking systems, medical appointment portals, or work schedules to track movements and anticipate whereabouts. May exploit shared family calendars, compromised account access, or work systems to build a detailed picture of victim's routine.
|
|
SAFE-T-0111
|
Catfishing/Romance Fraud
|
Creating a false online identity to build a fraudulent romantic relationship with victim for purposes of financial exploitation, emotional manipulation, intelligence gathering, or other harm. May involve elaborate fake personas maintained over months or years, including stolen photos, fabricated life stories, and manufactured emotional bonds.
|
|
SAFE-T-0145
|
Child Custody Tech Abuse
|
Using location sharing requirements, court-ordered communication apps, parenting coordination platforms, or children's devices to extend surveillance, control, and abuse beyond separation. Exploits legitimate co-parenting technology to maintain perpetrator's access to and control over victim's life through the children.
|
|
SAFE-T-0161
|
Child Device Monitoring Abuse
|
Using parental monitoring on children's devices to surveil an ex-partner's activities, location, and communications through the child. The child's device becomes a surveillance tool against the other parent. Distinct from Child Custody Tech Abuse (SAFE-T-0145) where the child is the target — here the child is the vector.
|
|
SAFE-T-0129
|
Coerced Transactions
|
Using threats, intimidation, or manipulation to force victim to transfer money, sign financial documents, take on debt, or make purchases. Digital coercion may include threatening messages, threatening to share intimate images, threatening custody action, or other leverage to compel financial compliance.
|
|
SAFE-T-0076
|
Communication Interception
|
Accessing victim's emails, text messages, voicemails, and other communications through compromised accounts, email forwarding rules, message mirroring, or linked devices. Perpetrator reads, copies, or monitors communications without victim's knowledge, gaining intelligence about victim's plans, support network, and emotional state.
|
|
SAFE-T-0115
|
Communication Interception & Response
|
Reading and responding to victim's messages while impersonating the victim, without their knowledge. Perpetrator intercepts communications from victim's friends, family, support services, or legal representatives and responds as the victim, undermining support networks and controlling information flow.
|
|
SAFE-T-0121
|
Communication Monitoring Disclosure
|
Deliberately telling victim that all their communications are being monitored to create a chilling effect of self-censorship. Victim becomes afraid to reach out for help, discuss the abuse, or communicate honestly, effectively isolating themselves out of fear. May be truthful or bluffed.
|
|
SAFE-T-0094
|
Contact After Blocking
|
Creating new accounts, using alternative platforms, borrowing others' devices, or finding other channels to continue contacting victim after being blocked. Demonstrates persistent intent to circumvent victim's boundaries and platform safety features.
|
|
SAFE-T-0116
|
Contact Blocking/Filtering
|
Blocking victim's contacts or filtering their incoming communications without victim's knowledge or consent. Perpetrator may block specific people on victim's phone, set up email filters to auto-delete messages from support contacts, or manipulate device settings to prevent certain calls or messages from reaching victim.
|
|
SAFE-T-0102
|
Contact Bombing
|
Signing victim up for large volumes of spam, unwanted subscriptions, mailing lists, or services to overwhelm their communications and cause distress. May also include signing victim up for politically sensitive, embarrassing, or compromising services.
|
|
SAFE-T-0109
|
Context Manipulation
|
Sharing genuine content — real messages, photos, videos, or statements — stripped of essential context to create a misleading impression of victim's character, actions, or intentions. Includes selective quoting, cropping images, sharing old content as if current, or presenting content without the circumstances that explain it.
|
|
SAFE-T-0095
|
Coordinated Harassment Campaign
|
Organizing or inciting multiple people to simultaneously harass victim through pile-ons, brigading, coordinated reporting, mass messaging, or targeted online mob behavior. Perpetrator may directly recruit participants or create conditions that provoke organic harassment from communities.
|
|
SAFE-T-0082
|
Credential Theft
|
Obtaining victim's passwords, PINs, or authentication credentials through shoulder surfing, guessing based on personal knowledge, social engineering, checking common password patterns, or accessing written password records. Intimate partners often have enough personal knowledge to guess passwords or know where credentials are stored.
|
|
SAFE-T-0082.001
|
|
Coerced Biometric Access
|
Forcing or tricking the victim into unlocking devices with fingerprint or face recognition while asleep, intoxicated, or under duress. May include physically placing the victim's finger on the sensor while they sleep. Bypasses all password security and leaves no digital trace — the unlock looks legitimate to the device.
|
|
SAFE-T-0132
|
Credit/Identity Theft
|
Opening financial accounts, taking on debt, applying for credit, or conducting financial transactions using victim's personal information and identity without consent. Damages victim's credit score, creates legal liability, and may take years to resolve. Often not discovered until victim is denied credit or contacted by collectors.
|
|
SAFE-T-0130
|
Crypto/Investment Fraud
|
Deceiving victim into fraudulent cryptocurrency investments, fake trading platforms, or other financial schemes. Often involves building trust, demonstrating fake returns, and gradually escalating investment amounts. May also involve coerced cryptocurrency transfers that are difficult to trace or recover.
|
|
SAFE-T-0107
|
Deepfake Creation
|
Creating synthetic intimate, compromising, or damaging media of victim using AI-powered deepfake technology. Generated content may be indistinguishable from real imagery and can be used for extortion, reputational harm, or psychological abuse. Includes face-swapping onto pornographic content, synthetic voice generation, or fabricated video.
|
|
SAFE-T-0086
|
Device Lockout
|
Remotely locking victim's phone, tablet, or computer through device management features such as Find My iPhone, Google Find My Device, or enterprise MDM tools. Can render devices completely unusable, cutting victim off from communication, navigation, banking, and emergency services.
|
|
SAFE-T-0090
|
Device Sabotage
|
Deliberately damaging, corrupting, factory-resetting, or wiping victim's devices or data. May involve physical damage, remote wipe commands, malware installation, or deliberate corruption of important files. Destroys evidence, disrupts victim's ability to communicate, and causes emotional and financial harm.
|
|
SAFE-T-0118
|
Device Time/Access Restrictions
|
Using parental controls, screen time management, MDM features, or physical control to restrict when and how victim can use their own devices. Limits victim's ability to communicate, access information, seek help, or maintain independence.
|
|
SAFE-T-0105
|
Digital Gaslighting
|
Manipulating digital records, device settings, files, or other digital artifacts to make victim doubt their own memory, perception, or sanity. Includes moving or deleting files, editing shared documents, changing device settings, manipulating photo timestamps, or altering digital records the victim relies on.
|
|
SAFE-T-0092
|
Direct Threat Messaging
|
Sending threatening messages to victim via any digital platform, including text messages, emails, direct messages, voice messages, or comments. Threats may be explicit (threatening violence, harm, or consequences) or implicit (veiled references to harm, ominous statements, or threatening imagery).
|
|
SAFE-T-0092.001
|
|
Coded Threat Language
|
Threats disguised as benign messages that only the victim understands the meaning of. 'I drove past your favourite park today.' 'Saw someone who looked like you at the shops.' Looks innocent to police, courts, and anyone else — but the victim knows exactly what it means. The shared history between perpetrator and victim is the cipher.
|
|
SAFE-T-0096
|
Doxxing
|
Publishing victim's private information (home address, phone number, workplace, family members, daily routines) publicly or to targeted audiences with intent to enable harassment, stalking, or physical harm. Doxxing weaponizes personal information by removing the victim's control over who has access to it, often resulting in coordinated harassment,...
|
|
SAFE-T-0124
|
Email/Communication Rerouting
|
Setting up email forwarding rules, message redirects, or call forwarding to intercept victim's incoming communications without their knowledge. Allows perpetrator to monitor all communications and selectively prevent messages from reaching victim, particularly from support services or legal representatives.
|
|
SAFE-T-0144
|
Emergency Service Manipulation
|
Filing false police reports, fabricating evidence for protective orders, making false welfare check requests, or otherwise weaponizing emergency and legal services against victim. Uses digital tools to create false evidence, coordinate false reports, or manipulate authorities into taking action against victim.
|
|
SAFE-T-0134
|
Employment Sabotage
|
Interfering with victim's employment through manipulation of work communications, sending messages to employers, sabotaging job applications, damaging professional online presence, or disrupting work-related accounts. Aims to undermine victim's economic independence and professional reputation.
|
|
SAFE-T-0114
|
Fake Evidence Creation
|
Fabricating digital evidence including fake emails, text messages, documents, receipts, screenshots, or records to frame victim for misconduct, support false legal claims, or manipulate decision-makers. May involve sophisticated forgeries using editing tools or simple fabrication of documents.
|
|
SAFE-T-0108
|
False Narrative Campaigns
|
Systematically spreading false information about victim to their social network, workplace, community, or online audiences. False narratives may portray victim as unstable, abusive, dishonest, or dangerous, serving to isolate victim from support, preemptively discredit their accounts of abuse, and build sympathy for perpetrator.
|
|
SAFE-T-0125
|
Financial Account Lockout
|
Changing passwords, removing authorized users, or otherwise denying victim access to shared or individual financial accounts. Cuts victim off from their own money, savings, investments, or financial records, creating immediate economic vulnerability and dependence.
|
|
SAFE-T-0081
|
Fitness/Health Tracker Surveillance
|
Monitoring victim through health and fitness applications, wearable trackers, period tracking apps, sleep monitors, or medical portals. These platforms often contain highly sensitive data about location, physical activity, health conditions, reproductive status, and daily routines.
|
|
SAFE-T-0157
|
Forum & Community Technique Sharing
|
Learning specific abuse techniques from online forums, Reddit communities, Facebook groups, or messaging channels where perpetrators share methods. Includes 'how to catch a cheating partner' communities that teach surveillance, tracking forums, and groups sharing stalkerware recommendations.
|
|
SAFE-T-0157.001
|
|
Domestic Surveillance Forum Pipeline
|
Specific subreddits, Facebook groups, and forums framed as 'catching a cheating partner' that teach surveillance and control techniques. The framing as 'justified' surveillance normalises the behaviour. Users don't self-identify as perpetrators — they see themselves as victims of infidelity exercising reasonable vigilance.
|
|
SAFE-T-0113
|
Historical Content Weaponization
|
Surfacing old posts, photos, messages, or other historical digital content to harm victim in their current context. Includes finding embarrassing teenage posts, old dating profiles, past political statements, or previously private content that can be taken out of context to damage victim's current relationships, employment, or reputation.
|
|
SAFE-T-0123
|
Identity Document Control
|
Controlling access to digital copies of victim's important identification documents including passport scans, birth certificates, tax records, medical records, immigration documents, or legal paperwork. Restricts victim's ability to access services, prove identity, or leave the relationship.
|
|
SAFE-T-0100
|
Impersonation Harassment
|
Creating fake accounts impersonating victim to damage their reputation, relationships, or employment. Fake accounts may send messages to victim's contacts, post inappropriate content, engage in harmful activities, or create the appearance that victim is behaving erratically or antisocially.
|
|
SAFE-T-0141
|
IoT Device Weaponization
|
Using smart home devices to create fear, disorientation, or physical discomfort. Includes randomly triggering alarms, playing sounds through speakers, turning lights on/off, changing temperature extremes, activating cameras, or other manipulations of the smart home environment designed to terrorize victim.
|
|
SAFE-T-0149
|
Isolation from Protective Networks
|
Encouraging or engineering the target's separation from friends, family, or online communities who might recognise the grooming pattern. 'They don't understand us.' 'Your parents wouldn't get it.' 'Your friends are jealous.' Undermines existing relationships to increase dependency on the perpetrator.
|
|
SAFE-T-0164
|
Legal System Abuse / Litigation Abuse
|
Using repeated court applications, vexatious claims, subpoenas, discovery requests, or procedural motions as financial and psychological weapons. Filing and withdrawing AVOs, repeated custody variations, dragging out property settlements, issuing subpoenas to employers or therapists. Each action costs the victim money and emotional energy. The lega...
|
|
SAFE-T-0152
|
Livestream Exploitation
|
Using livestreaming platforms (Twitch, YouTube Live, TikTok Live, Instagram Live) to make initial contact with minors, build relationships through donations/gifts, engage in chat, and move to private communication. Livestreaming provides a parasocial dynamic where the viewer feels a personal connection to the streamer, which groomers exploit.
|
|
SAFE-T-0136
|
Location-Based Assault
|
Using GPS tracking, location sharing, or other surveillance techniques to determine victim's real-time location and then physically approaching or assaulting them. Technology enables perpetrator to find victim at any location, negating traditional safety measures like staying with friends or varying routines.
|
|
SAFE-T-0156
|
Manosphere & Misogynist Content Exposure
|
Exposure to online content promoting control, surveillance, and abuse of partners as normal or desirable. Includes 'red pill' communities, incel forums, Andrew Tate ecosystem, pickup artist material, and 'alpha male' content. These communities normalise coercive control, frame surveillance as rational, and teach manipulation techniques as 'relation...
|
|
SAFE-T-0142
|
Medical Device Interference
|
Tampering with victim's connected medical devices, health monitoring equipment, or health data. May include altering medication reminder settings, manipulating health data to affect treatment decisions, disabling monitoring devices, or interfering with telehealth appointments. Creates direct physical health risks.
|
|
SAFE-T-0104
|
Message/Evidence Tampering
|
Editing, deleting, selectively screenshotting, or fabricating screenshots of conversations, messages, or digital records to misrepresent what was communicated. Used to create false evidence, destroy exculpatory evidence, or support false narratives in legal proceedings and social contexts.
|
|
SAFE-T-0150
|
Migration to Private/Encrypted Platforms
|
Moving communication from public or monitored platforms to private, encrypted, or ephemeral channels (Telegram, Signal, Snapchat, WhatsApp) to avoid detection by parents, platform moderation, or law enforcement. Framed as 'more personal' or 'more private' but the purpose is removing safety infrastructure.
|
|
SAFE-T-0150.001
|
|
Snapchat Exploitation
|
Using Snapchat's disappearing messages and Snap Map features specifically because content auto-deletes, reducing evidence. Quick Add and Snap Map enable contact with minors based on location proximity. The ephemeral nature of Snapchat makes it the platform of choice for grooming conversations that the perpetrator doesn't want recorded.
|
|
SAFE-T-0138
|
Movement Interception
|
Using location tracking data to intercept victim during travel, at appointments, or at known destinations. Perpetrator uses real-time or predicted location information to position themselves along victim's route or at their destination. Creates a sense of inescapable surveillance and control.
|
|
SAFE-T-0119
|
Network Poisoning
|
Contacting victim's support network (friends, family, colleagues, therapist, legal counsel) to spread lies, create conflict, or undermine trust. Perpetrator strategically reaches out to key support people to isolate victim from help sources, often preemptively positioning themselves as the reasonable party.
|
|
SAFE-T-0078
|
Network Traffic Monitoring
|
Monitoring victim's internet activity through router administrative access, DNS logs, or network monitoring tools. Perpetrator can see websites visited, search queries, app usage patterns, and connected devices. May install network-level monitoring tools or exploit existing router features.
|
|
SAFE-T-0106
|
Non-Consensual Intimate Image Distribution
|
Sharing or threatening to share intimate, sexual, or nude images of victim without their consent. Commonly known as 'revenge porn,' this technique weaponizes intimate content to humiliate, control, or coerce victim. Includes sharing via private messages, posting publicly, uploading to pornographic websites, or sending to victim's contacts, family, ...
|
|
SAFE-T-0106.002
|
|
AI-Enhanced NCII
|
Taking non-intimate photos (social media photos, selfies, professional headshots) and using AI to generate nude or intimate versions. The victim never took or consented to an intimate image — the intimate image was fabricated from a clothed photo. Growing legal gap as some jurisdictions' laws require an 'original intimate image.'
|
|
SAFE-T-0146
|
Online Target Identification
|
Using social media, dating platforms, forums, or gaming platforms to identify and select potential victims based on vulnerability indicators such as loneliness, recent breakup, financial difficulty, age, or naivety. The perpetrator scouts for targets before making contact, often reviewing profiles, post history, and public information to assess sus...
|
|
SAFE-T-0146.001
|
|
Dating Platform Target Selection
|
Using dating apps (Tinder, Bumble, Hinge, Grindr) to identify targets, often filtering for vulnerability signals in profiles such as recently single status, mentions of loneliness, or indicators of financial situation.
|
|
SAFE-T-0146.002
|
|
Gaming Platform Target Selection
|
Identifying targets (often minors) via gaming platforms (Roblox, Minecraft, Fortnite, Discord) based on age indicators, activity patterns, in-game behaviour, and willingness to engage in chat. Groomers look for children who seem isolated, eager for attention, or responsive to gifts.
|
|
SAFE-T-0146.003
|
|
Social Media Target Selection
|
Identifying targets via Instagram, TikTok, Snapchat, Facebook based on public posts, follower counts, content themes, geographic indicators, or visible vulnerability. Both child and adult targeting occurs through social media.
|
|
SAFE-T-0084
|
Password/Recovery Change
|
Changing passwords and recovery options (backup email, phone number, security questions) on victim's accounts to lock them out and prevent recovery. This technique ensures persistent denial of access even if victim attempts account recovery procedures.
|
|
SAFE-T-0158
|
Peer-to-Peer Technique Transfer
|
Learning surveillance or control techniques from friends, family members, colleagues, or social contacts who share what 'worked' for them. Informal knowledge transfer in social settings. 'My mate told me about this app that tracks your partner's location.' The technique is normalised because it comes from a trusted source.
|
|
SAFE-T-0093
|
Persistent Unwanted Contact
|
Repeatedly contacting victim despite clear requests to stop, across one or multiple communication platforms. Volume and persistence are used to exhaust, intimidate, and demonstrate that the victim cannot escape the perpetrator's reach. May include hundreds of messages, calls, or contact attempts per day.
|
|
SAFE-T-0073
|
Physical Tracker Planting
|
Placing GPS tracking devices such as AirTags, Tile trackers, or vehicle GPS units in victim's belongings, vehicle, or on their person without consent. These commercially available devices are inexpensive, small, and designed for long battery life, making covert placement easy. Perpetrators use them to monitor victim's movements, identify frequented...
|
|
SAFE-T-0073.001
|
|
AirTag / SmartTag Planting
|
Hiding Apple AirTags, Samsung SmartTags, or Tile trackers in bags, vehicles, clothing pockets, or children's belongings to track location. Consumer Bluetooth trackers are cheap, small, and easy to hide.
|
|
SAFE-T-0073.002
|
|
Vehicle GPS Tracker Installation
|
Installing dedicated GPS tracking devices in a vehicle's OBD-II port, under the chassis (magnetic mount), in wheel wells, or hardwired into vehicle electronics. Dedicated vehicle trackers can be harder to detect than consumer Bluetooth trackers and don't trigger phone alerts.
|
|
SAFE-T-0073.003
|
|
Find My / Google Find My Device Misuse
|
Exploiting Apple Find My or Google Find My Device through shared family accounts, left-behind devices, or compromised credentials to track location in real time. Uses legitimate platform features — harder to classify as 'stalkerware' because it's built into the operating system.
|
|
SAFE-T-0098
|
Platform Abuse Reporting
|
Weaponizing platform content moderation and reporting systems to get victim's accounts banned, restricted, or content removed. Perpetrator files false or exaggerated reports about victim's content, coordinating multiple reports to trigger automated enforcement. Silences victim and removes their online presence.
|
|
SAFE-T-0120
|
Platform Banning Coordination
|
Orchestrating victim's removal or banning from online platforms, groups, or communities where they have established support networks. Uses coordinated mass reporting, false claims of terms of service violations, or manipulation of community moderators to silence and isolate victim.
|
|
SAFE-T-0165
|
Post-Separation App Weaponisation
|
Exploiting court-mandated communication apps (OurFamilyWizard, AppClose, Talking Parents) for microcontrol, excessive documentation demands, or manipulative communication that technically complies with court orders but is designed to exhaust and control. Weaponising the 'paper trail' feature to create false evidence of the other parent's non-compli...
|
|
SAFE-T-0103
|
Proxy Harassment via AI
|
Using AI tools including large language models, voice cloning, or text generation to create and distribute harassing content at scale. AI enables perpetrators to generate personalized, varied harassment content more quickly and in greater volume than manual methods, and may disguise the perpetrator's authorship.
|
|
SAFE-T-0099
|
Public Humiliation Posts
|
Posting embarrassing, mocking, degrading, or humiliating content about victim on public platforms. Content may include unflattering images, private information, personal struggles, or fabricated scenarios designed to damage victim's social standing and cause emotional harm.
|
|
SAFE-T-0112
|
Reputation Destruction SEO
|
Creating websites, blog posts, social media content, or other material specifically designed to rank highly in search results for victim's name, damaging their reputation to anyone who searches for them. Content may include false accusations, embarrassing information, intimate images, or misleading narratives.
|
|
SAFE-T-0101
|
Review/Rating Attacks
|
Posting false negative reviews of victim's business, professional profiles, or services across review platforms. Damages victim's professional reputation, income, and career prospects. May coordinate multiple fake reviews to appear credible.
|
|
SAFE-T-0137
|
Safe Location Disclosure
|
Revealing the location of victim's shelter, safe house, refuge, or hidden address to the perpetrator or others. May involve sharing information publicly, telling mutual contacts, or using technology to discover and disclose the protected location, directly endangering victim's physical safety.
|
|
SAFE-T-0160
|
Scam Compound Recruitment & Training
|
Being recruited into organised fraud/scam operations (often through false job advertisements) and trained in romance fraud, sextortion, and social engineering techniques at scale. Recruited individuals are often themselves trafficked and exploited. The 'Nigerian Prince' industrial pipeline — from recruitment to training to operation. Some operators...
|
|
SAFE-T-0085
|
Session Hijacking
|
Maintaining persistent access to victim's logged-in sessions by keeping devices logged in, copying session tokens, or exploiting 'remember this device' features. Allows perpetrator to monitor accounts without triggering new login alerts, making detection more difficult.
|
|
SAFE-T-0110
|
Sextortion
|
Threatening to release intimate content (real or fabricated) unless victim complies with demands for money, further intimate content, sexual acts, or other concessions. Combines elements of sexual exploitation, financial fraud, and psychological coercion, creating a cycle of escalating demands.
|
|
SAFE-T-0154
|
Sextortion-as-Grooming
|
The pattern where initial sextortion of a minor transitions into ongoing control and exploitation. The first coerced image becomes permanent leverage for escalating demands — more images, sexual acts, money, or compliance. The perpetrator uses shame and fear of parental discovery as ongoing leverage. This is the intersection of grooming and sextort...
|
|
SAFE-T-0074
|
Shared Account Surveillance
|
Exploiting legitimately shared accounts or location sharing services (Find My Friends, Google location sharing, family phone plans) to monitor victim beyond the scope of original consent. Often occurs in relationships where sharing was mutual but continues after separation, or where the perpetrator coerces ongoing access under the guise of reasonab...
|
|
SAFE-T-0089
|
Shared Account Weaponization
|
Using legitimately shared accounts for streaming services, utilities, subscriptions, or household management to exert control or punish victim. Includes changing shared passwords, cancelling shared services, monitoring usage patterns, or using account features to track victim's activity and preferences.
|
|
SAFE-T-0133
|
Smart Home Resource Control
|
Controlling heating, cooling, electricity, water, locks, lighting, or other utilities through smart home systems to coerce, punish, or make the home environment hostile. Perpetrator with administrative access can remotely control living conditions, creating physical discomfort or danger.
|
|
SAFE-T-0077
|
Smart Home Surveillance
|
Using shared smart home devices including cameras, video doorbells, baby monitors, voice assistants, and other IoT devices to monitor victim's presence, activities, conversations, and visitors. Often exploits devices installed during cohabitation where perpetrator retains administrative access after separation.
|
|
SAFE-T-0139
|
Smart Lock Manipulation
|
Remotely locking victim inside or outside of their residence, changing access codes, or manipulating smart lock systems to control victim's physical movement and access to shelter. May also include granting access to others or monitoring entry/exit patterns.
|
|
SAFE-T-0117
|
Social Media Control
|
Controlling who victim can follow, friend, interact with, or be visible to on social media platforms. May involve demanding victim unfriend specific contacts, monitoring follower/following lists, requiring approval before posting, or demanding social media passwords to vet all interactions.
|
|
SAFE-T-0075
|
Social Media Monitoring
|
Systematic observation of victim's public and semi-public social media activity, connections, check-ins, likes, comments, and tagged posts. May include creating fake accounts to follow private profiles, monitoring friends' posts for references to victim, or using social media analytics tools to track patterns of activity and connections.
|
|
SAFE-T-0127
|
Spending Restrictions
|
Using account controls, card limits, transaction blocks, or approval requirements to restrict what victim can spend money on, how much, and where. May exploit joint account features, parental controls on youth accounts applied to adults, or business account administrative features.
|
|
SAFE-T-0072
|
Stalkerware Installation
|
Installing hidden monitoring software on victim's device to track location, messages, calls, photos, and keystrokes. Stalkerware (also called spouseware or creepware) is commercially available software marketed for 'parental monitoring' or 'employee tracking' but frequently used for intimate partner surveillance. These apps typically hide their pre...
|
|
SAFE-T-0072.001
|
|
Commercial Stalkerware (mSpy, FlexiSpy, etc.)
|
Installation of commercially available stalkerware products specifically marketed for monitoring. Products like mSpy, FlexiSpy, Cocospy, and Spyic offer subscription-based phone monitoring with features including message reading, call recording, location tracking, and keylogging.
|
|
SAFE-T-0072.002
|
|
Dual-Use Parental Control Abuse
|
Repurposing legitimate parental control apps (Qustodio, Bark, Google Family Link, Apple Screen Time) for adult partner surveillance. These apps are designed for child safety but provide comprehensive monitoring when applied to an adult's device.
|
|
SAFE-T-0072.003
|
|
Enterprise MDM Stalkerware
|
Using enterprise mobile device management (MDM) tools for intimate partner monitoring. MDM profiles can be installed that provide comprehensive device control including location tracking, app management, message access, and remote wipe capability.
|
|
SAFE-T-0072.004
|
|
Accessibility Service Abuse
|
Android stalkerware that uses the Accessibility Service API to read screen content from any app, including encrypted messengers like Signal and WhatsApp. This technique defeats end-to-end encryption because it reads the screen after decryption. The stalkerware reads what's displayed, not the network traffic.
|
|
SAFE-T-0155
|
Stalkerware Marketing Discovery
|
Encountering commercial stalkerware products through advertising, search results, or app store listings. Products marketed as 'parental monitoring' or 'employee tracking' normalise surveillance and provide accessible tools for intimate partner abuse. The marketing language ('keep your family safe,' 'know where your kids are') frames surveillance as...
|
|
SAFE-T-0143
|
Stalking Coordination
|
Using technology to plan, coordinate, and execute physical stalking of victim. Includes using location data to track patterns, mapping victim's routine, coordinating with others to maintain surveillance, and using digital tools to avoid detection. Technology amplifies traditional stalking by providing real-time intelligence.
|
|
SAFE-T-0135
|
Subscription/Service Cancellation
|
Cancelling victim's essential services including phone plans, internet service, insurance, utility accounts, or subscriptions without consent. Disrupts victim's daily life, communication ability, and access to essential services. May be timed to cause maximum impact such as during extreme weather or when victim is isolated.
|
|
SAFE-T-0122
|
Support Resource Blocking
|
Blocking victim's access to helplines, support websites, crisis services, legal aid resources, or domestic violence organizations. May involve website blocking through router controls, removing helpline numbers from victim's phone, or intercepting communications with support services.
|
|
SAFE-T-0097
|
Swatting
|
Making false emergency reports (bomb threats, hostage situations, active shooter calls) to provoke armed law enforcement response at victim's location. Swatting creates immediate physical danger to victim and household, causes severe psychological trauma, and may result in injury or death from police response.
|
|
SAFE-T-0080
|
Third-Party Monitoring Recruitment
|
Enlisting friends, family members, mutual contacts, or acquaintances (sometimes called 'flying monkeys') to monitor and report on victim's activities, location, companions, and emotional state. May involve deliberately maintaining relationships with victim's contacts for intelligence gathering purposes.
|
|
SAFE-T-0126
|
Transaction Monitoring
|
Tracking all of victim's financial transactions through shared bank account access, transaction alert notifications, statement monitoring, or financial app access. Creates comprehensive surveillance of victim's spending, location (from merchant addresses), social activities, and any attempts to prepare for leaving.
|
|
SAFE-T-0147
|
Trust Building & Love Bombing
|
Overwhelming the target with attention, affection, compliments, gifts, or constant communication to create emotional dependency and false intimacy. In romance fraud, this is the 'fattening' phase. In child grooming, this is the befriending stage. The perpetrator mirrors the target's interests, validates their feelings, and positions themselves as u...
|
|
SAFE-T-0147.001
|
|
Gift & Financial Grooming
|
Sending gifts, game currency, gift cards, small amounts of money, or paying for things to build obligation and emotional debt. In gaming contexts, buying in-game items for minors. In romance fraud, sending flowers or small transfers. Creates reciprocity pressure — the target feels they 'owe' something in return.
|
|
SAFE-T-0087
|
Two-Factor Interception
|
Intercepting two-factor authentication codes through SIM swapping, access to victim's authenticator app, interception of SMS codes, or control of backup codes. Defeats security measures designed to protect accounts, enabling unauthorized access even when victim has changed passwords.
|
|
SAFE-T-0128
|
Unauthorized Transactions
|
Making purchases, transfers, or withdrawals from victim's financial accounts without consent. May drain savings, make extravagant purchases, transfer funds to perpetrator-controlled accounts, or take on debt in victim's name. Often escalates during separation when perpetrator seeks to deplete shared resources.
|
|
SAFE-T-0140
|
Vehicle Sabotage
|
Remotely disabling, manipulating, or monitoring victim's connected vehicle. Modern connected cars may be remotely controlled through manufacturer apps, including locking/unlocking, starting/stopping engine, tracking location, and in some cases controlling speed or braking. May also include disabling vehicle through telematics systems.
|
|
SAFE-T-0140.001
|
|
Connected Vehicle Remote Control
|
Using manufacturer apps (Tesla, BMW Connected, MySubaru, FordPass) to remotely lock/unlock, start/stop engine, honk horn, flash lights, adjust climate, or disable a connected vehicle. Modern connected cars provide extensive remote control capabilities through smartphone apps, and the person who set up the app retains control even after separation.
|
|
SAFE-T-0163
|
Weaponised Welfare Checks
|
Repeatedly calling police or child protection services to conduct welfare checks on the victim, using state agencies as a harassment tool. Reports are technically 'concerned' but the pattern is punitive — using volume and frequency to exhaust, intimidate, and signal that the perpetrator can deploy the state against the victim at any time. Distinct ...
|