What is the “Have you heard about Pegasus” email scam

“Have you heard about Pegasus” email scam falls into the sextortion scam category because it threatens to publicly release a non-existent explicit video of users unless they agree to pay. The contents of the email are fake and the email itself can be ignored.

 

 

The “Have you heard about Pegasus” email is classified as a sextortion scam because it tries to extort money from users by claiming that sexually explicit videos of them will be released if users do not pay the requested sum of money. These videos don’t actually exist and the entire email is a scam. Most sextortion emails are more or less identical to one another and follow the same pattern. Different campaigns may be operated by different scammers but the emails claim the same thing even if they use different words.

If users open this sextortion email, they will be greeted with an alarming declaration that they’ve become a victim of the Pegasus malware. Supposedly, the email recipient’s phone was “penetrated with a zero-click attack”, which resulted in the device becoming infected with the Pegasus malware. This supposedly allowed the malicious actor to fully access the infected device, steal files/data, as well as turn on the camera, microphone, etc. According to the email, the malicious actor was able to make videos of the user “during the most private moments” of their life. They threaten to release this video publicly as well as send it to all stolen contacts unless the user agrees to pay 0.035 Bitcoin ($2,022 at the time of writing). The requested sum is to be transferred within 2 business days. This is nothing more than a scam so there is no need to pay anything. Users’ computers are not infected with malware, nor have explicit videos been made of them.

Below is the full text from the “Have you heard about Pegasus” email scam:

Hello, I’m going to share important information with you.
Have you heard about Pegasus?
You have become a collateral victim. It’s very important that you read the information below.

Your phone was penetrated with a “zero-click” attack, meaning you didn’t even need to click on a malicious link for your phone to be infected.
Pegasus is a malware that infects iPhones and Android devices and enables operator of the tool to extract messages, photos and emails,
record calls and secretly activate cameras or microphones, and read the contents of encrypted messaging apps such as WhatsApp, Facebook, Telegram and Signal.

Basically, it can spy on every aspect of your life. That’s precisely what it did.
I am a blackhat hacker and do this for a living. Unfortunately you are my victim. Please read on.

As you understand, I have used the malware capabilities to spy on you.
And by that I mean that I have collected your parts of your private life.

My only goal is to make money. And I have perfect leverage for this.
As you can imagine in your worst dream, I have videos of you exposed during the most private moments of your life, when you are not expecting it.

I personally have no interest in them, but there are public websites, that have perverts loving that content.
As I said, I only do this to make money and not trying to destroy your life. But if necessary, I will publish the videos.
If this is not enough for you, I will make sure your contacts, friends and everybody you know see those videos as well.

Here is the deal. I will delete the files after I receive 0.035 Bitcoin (about 1600 US Dollars).
You need to send that amount here 1AXNYLDEG5YEzc2eyUh7SUYYKeRUaRwseu

I will also clear your device from malware, and you keep living your life.
Otherwise, shit will happen.

The fee is non negotiable, to be transferred within 2 business days.

Obviously do not try to ask for any help from anybody unless you want your privacy to be violated.
I will monitor your every move until I get paid. If you keep your end of the agreement, you wont hear from me ever again.
Take care.

Sextortion emails may seem very alarming but they are nothing more than scams, an attempt by low-level cybercriminals to make easy money. The emails are written in a very mocking way, with a strong emphasis put on users’ supposed porn viewing habits. Scammers pressure users into paying by mocking those supposed habits and shaming them. This is, unfortunately, an effective tactic even on users who have never even visited a pornography website. The thought that a pornographic video associated with their name would be sent to their contacts makes users anxious enough to pay in many cases. The scammer also uses the name of malware that exists so that when users research it they would come across legitimate results. Pegasus malware is a notorious piece of malicious software but users’ computers are not infected with it. Sextortion email contents are always fake. There’s never a need to pay or even engage with these scammers.

We should also mention that some sextortion emails can seem more convincing because they reveal users’ passwords. If users do not change their passwords regularly, those passwords may be ones users still use, which is why their revelation may seem very alarming. Users who are not aware that passwords can get leaked may believe scammers’ claims that the passwords were stolen when they hacked users’ devices. In reality, passwords are stolen during cyberattacks or leaked by companies with very poor security. Some services store users’ passwords in plain text, which means they can easily be stolen during a cyberattack. These stolen passwords end up on hacker forums where they are bought by other cybercriminals.

“Have you heard about Pegasus” email scam removal

If users receive this sextortion email, they can remove “Have you heard about Pegasus” email scam from their inboxes. Users can always ignore the contents of these sextortion emails because they will never be legitimate. They’re also not dangerous as long as users do not engage with them and send money.