Exposed: Don’t Fall for the Pegasus Spyware Extortion Scam Email

A deceptive new scam email has emerged threatening victims that the powerful Pegasus spyware was used to infect their devices and record illicit videos through their webcam. The message then demands Bitcoin payment to avoid sending the supposed videos to your contacts.

This viral extortion scheme is completely fabricated, with no truth behind its bold claims and threats meant to scare victims into paying. The scammers are leveraging the notoriety of real Pegasus malware to make their espionage charade seem plausible.

This article provides an in-depth look at how the Pegasus spyware scam operates, why their threats are empty, and most crucially, how to protect yourself.

BTC Scam

Overview of the Pegasus Spyware Scam

The Pegasus spyware scam email starts by claiming that the notorious Pegasus malware was secretly installed on all of your devices, allowing the sender total access to monitor your activity without you realizing it. The email pretends they’ve been watching you for months through your webcam, microphone, and by logging your calls, messages, browsing history, and more.

Leveraging Pegasus’ real capabilities for sophisticated monitoring, the email tries to convince recipients that their privacy has been utterly compromised over an extended period of time. The message then claims that during this surveillance, the sender recorded inappropriate or embarrassing videos of you as blackmail material.

Threatening to spread edited together clips of you in compromising positions to all your contacts, the scammer demands payment of around $1,200 in untraceable Bitcoin within 48 hours. They insist that sending this hush money will cause them to delete the supposed videos, uninstall the Pegasus malware from your devices, and disappear from your life forever.

To create urgency, they warn not to contact authorities or try factory resetting devices, making vague but ominous threats about destroying your life if their demands aren’t met exactly. The email tries to create an aura of being an unstoppable omniscient force that has total power over you through technology.

In reality, of course, this is all an elaborate bluff, with no truth behind the supposed access or video recordings. The criminals have no leverage over you or ability to monitor your devices – it is all smoke and mirrors. However, the Pegasus name lends this scam a feeling of plausibility that tricks victims into fearing their data has been breached.

Pegasus spyware is real malware developed by the NSO Group that can infiltrate iOS and Android devices. Once installed, it grants complete remote access to hack phones and computers without the owner’s knowledge. However, distributing Pegasus requires exploiting rare vulnerabilities and costs millions of dollars only accessible to nation-states.

These random scammers do not possess the sophistication or resources to distribute Pegasus malware. Their claims of infecting all your gadgets and recording you for months are technologically implausible fiction. The real Pegasus is used for targeted monitoring of high-profile figures, not broad webcam blackmail schemes.

By piggybacking off Pegasus spyware’s dangerous real-world reputation, the scammers hope victims will believe their devices were compromised and urgent payment is needed. But in reality, remote installation of professional military-grade malware is highly unlikely. The threats in this viral scam are empty fabrications relying entirely on tricking you with fictional warnings.

As long as you take time to scrutinize instead of reacting hastily out of fear, the total lack of evidence supporting their supposed access or videos of you becomes clear. Do not allow scammers to intimidate you with technological espionage fiction or vague threats of life destruction. By reporting these attempts and warning others, we can shut down these schemes that rely on trickery and deception around the Pegasus name.

How the Pegasus Spyware Scam Unfolds

To avoid falling victim when targeted by online extortion schemes, it helps to dissect how the criminals strategically operate. Understanding the anatomy of viral scams enables you to see through their tricks. Here is a step-by-step breakdown of how the Pegasus spyware email scam typically operates:

Step 1: Send Mass Emails Impersonating Hackers

The scammers obtain lists of email addresses and use disposable accounts to send the Pegasus malware message en masse. Recipients are selected indiscriminately, with no actual prior knowledge or access to their devices or accounts. This shotgun style blanketing of inboxes maximizes reach.

Here is how the email scam looks:

Hello pervert,
I want to inform you about a very bad situation for you. However, you can benefit from it, if you will act wisely.
Have you heard of Pegasus? This is a spyware program that installs on computers and smartphones and allows hackers to monitor the activity of device owners. It provides access to your webcam, messengers, emails, call records, etc. It works well on Android, iOS, and Windows. I guess, you already figured out where I’m getting at.
It’s been a few months since I installed it on all your devices because you were not quite choosy about what links to click on the internet. During this period, I’ve learned about all aspects of your private life, but one is of special significance to me.
I’ve recorded many videos of you jerking off to highly controversial porn videos. Given that the “questionable” genre is almost always the same, I can conclude that you have sick perversion.
I doubt you’d want your friends, family and co-workers to know about it. However, I can do it in a few clicks.
Every number in your contact book will suddenly receive these videos – on WhatsApp, on Telegram, on Skype, on email – everywhere. It is going to be a tsunami that will sweep away everything in its path, and first of all, your former life.
Don’t think of yourself as an innocent victim. No one knows where your perversion might lead in the future, so consider this a kind of deserved punishment to stop you.
Better late than never.
I’m some kind of God who sees everything. However, don’t panic. As we know, God is merciful and forgiving, and so do I. But my mercy is not free.

Transfer $1220 USD to my bitcoin wallet: 1JVMTup4zuS1JMGXAYYRgvyr2PUmNnY6g2

Once I receive confirmation of the transaction, I will permanently delete all videos compromising you, uninstall Pegasus from all of your devices, and disappear from your life. You can be sure – my benefit is only money. Otherwise, I wouldn’t be writing to you, but destroy your life without a word in a second.

I’ll be notified when you open my email, and from that moment you have exactly 48 hours to send the money. If cryptocurrencies are unchartered waters for you, don’t worry, it’s very simple. Just google “crypto exchange” and then it will be no harder than buying some useless stuff on Amazon.

I strongly warn you against the following:
) Do not reply to this email. I sent it from a temp email so I am untraceable.
) Do not contact the police. I have access to all your devices, and as soon as I find out you ran to the cops, videos will be published.
) Don’t try to reset or destroy your devices.
As I mentioned above: I’m monitoring all your activity, so you either agree to my terms or the videos are published.

Also, don’t forget that cryptocurrencies are anonymous, so it’s impossible to identify me using the provided address.
Good luck, my perverted friend. I hope this is the last time we hear from each other.

And some friendly advice: from now on, don’t be so careless about your online security.

Step 2: Make Bold Claims of Comprehensive Access

The email leverages the real capabilities of Pegasus spyware to assert complete backdoor monitoring access to all your devices. The message pretends the sender has logged everything – calls, messages, camera, browsing history – depicting total breach of privacy over months.

Step 3: Threaten Exposure Through Intimate Videos

The scammers then threaten to create embarrassment and scandal by claiming they recorded inappropriate videos of you as blackmail material. The details are left vague, allowing victims’ imagination to fill in the worst.

Step 4: Warn Against Contacting Authorities

The email insists that involving law enforcement will trigger the automatic release of the supposed sex tapes to all your contacts. This scare tactic aims to deter scrutiny from authorities who could expose the scam.

Step 5: Demand Untraceable Ransom Payment

Payment in anonymous cryptocurrency allows scammers to avoid tracking or consequences for their extortion racket, while quickly moving funds abroad. The short 48 hour deadline adds urgency.

Step 6: Vaguely Threaten Severe Retaliation

Ominous but unspecified warnings of destroying your life or similar consequences for non-compliance help generate fear of grave harm if demands aren’t met exactly as dictated.

Step 7: Pretend to Be Untraceable

The scammers pretend the temporary email account makes them digital ghosts who can’t be pursued or identified. This is more fiction to avoid scrutiny.

Step 8: Give Warning Before Going Silent

After the initial email, the scammers go silent and cease all communication, relying on fear already instilled doing the work for them.

Step 9: Quietly Collect Any Ransoms Paid

The scammers monitor their Bitcoin payment address to collect ransoms from anyone scared into compliance, while leaving the majority who wisely ignored empty threats unaffected.

Step 10: Vanish Without a Trace

With Bitcoin in hand, the scammers disappear back into internet obscurity, ready to target more victims. No real effort to follow through on threats is ever made.

As you can see, most of the scam’s power derives from dramatic fiction designed to instill fear – not any actual leverage over victims. By merely sending a mass email, the scammers hope to trick a percentage of recipients into urgent action by piggybacking on Pegasus spyware’s dangerous reputation.

What to Do if You Receive the Pegasus Spyware Email

If targeted by this viral extortion scheme, following these steps protects you without giving in to fabricated threats:

  1. Do not communicate with the sender in any way. Completely ignore all future contact attempts.
  2. Avoid paying anything being demanded. Funding criminals enables more scamming and could lead to further extortion.
  3. Run malware and virus scans using security software to check for anything suspicious. Update passwords if concerned.
  4. Report the scam attempt to the FBI IC3 at www.ic3.gov and forward email headers to authorities.
  5. Warn contacts about the scam email in case they also receive it.
  6. File a report about the scam with the Anti-Phishing Working Group to aid tracking of these schemes.

Remember, alleged recordings of you do not exist. The scammers’ only leverage is smoke and mirrors. Avoid reactionary choices and instead take steps to protect yourself and others from this scam.

Is Your Device Infected? Check for Malware

If your device is running slowly or acting suspicious, it may be infected with malware. Malwarebytes Anti-Malware Free is a great option for scanning your device and detecting potential malware or viruses. The free version can efficiently check for and remove many common infections.  

Malwarebytes can run on Windows, Mac, and Android devices. Depending on which operating system is installed on the device you’re trying to run a Malwarebytes scan, please click on the tab below and follow the displayed steps.

Malwarebytes For WindowsMalwarebytes For MacMalwarebytes For Android

Scan your computer with Malwarebytes for Windows to remove malware

Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.

  1. Download Malwarebytes for Windows

    You can download Malwarebytes by clicking the link below.

    MALWAREBYTES FOR WINDOWS DOWNLOAD LINK
    (The above link will open a new page from where you can download Malwarebytes)
  2.  

    Install Malwarebytes

    After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.

    MBAM1
  3. Follow the On-Screen Prompts to Install Malwarebytes

    When the Malwarebytes installation begins, the setup wizard will guide you through the process.

    • You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.

      MBAM3 1
    • Malwarebytes will now begin the installation process on your device.

      MBAM4
    • When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.

      MBAM6 1
    • On the final screen, simply click on the Open Malwarebytes option to start the program.

      MBAM5 1
  4. Enable “Rootkit scanning”.

    Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.

    MBAM8

    In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.

    MBAM9

    Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.

  5. Perform a Scan with Malwarebytes.

    To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.

    MBAM10
  6. Wait for the Malwarebytes scan to complete.

    Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.

    MBAM11
  7. Quarantine detected malware

    Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.

    MBAM12

    Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.

    MBAM13

  8. Restart your computer.

    When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.

    MBAM14

Your computer should now be free of trojans, adware, browser hijackers, and other malware.

If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future.
If you are still having problems with your computer after completing these instructions, then please follow one of the steps:

Scan your computer with Malwarebytes for Mac to remove malware

Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.

  1. Download Malwarebytes for Mac.

    You can download Malwarebytes for Mac by clicking the link below.

    MALWAREBYTES FOR MAC DOWNLOAD LINK
    (The above link will open a new page from where you can download Malwarebytes for Mac)
  2. Double-click on the Malwarebytes setup file.

    When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.

    Double-click on setup file to install Malwarebytes

  3. Follow the on-screen prompts to install Malwarebytes.

    When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.

    Click Continue to install Malwarebytes for Mac

    Click again on Continue to install Malwarebytes for Mac for Mac

    Click Install to install Malwarebytes on Mac

    When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.

  4. Select “Personal Computer” or “Work Computer”.

    The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
    Select Personal Computer or Work Computer mac

  5. Click on “Scan”.

    To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
    Click on Scan button to start a system scan Mac

  6. Wait for the Malwarebytes scan to complete.

    Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
    Wait for Malwarebytes for Mac to scan for malware

  7. Click on “Quarantine”.

    When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
    Review the malicious programs and click on Quarantine to remove malware

  8. Restart computer.

    Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
    Malwarebytes For Mac requesting to restart computer

Your Mac should now be free of adware, browser hijackers, and other malware.

If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future.
If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.

Scan your phone with Malwarebytes for Android to remove malware

Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.

  1. Download Malwarebytes for Android.

    You can download Malwarebytes for Android by clicking the link below.

    MALWAREBYTES FOR ANDROID DOWNLOAD LINK
    (The above link will open a new page from where you can download Malwarebytes for Android)
  2. Install Malwarebytes for Android on your phone.

    In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.

    Tap Install to install Malwarebytes for Android

    When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
    Malwarebytes for Android - Open App

  3. Follow the on-screen prompts to complete the setup process

    When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options.
    This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue.
    Malwarebytes Setup Screen 1
    Tap on “Got it” to proceed to the next step.
    Malwarebytes Setup Screen 2
    Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue.
    Malwarebytes Setup Screen 3
    Tap on “Allow” to permit Malwarebytes to access the files on your phone.
    Malwarebytes Setup Screen 4

  4. Update database and run a scan with Malwarebytes for Android

    You will now be prompted to update the Malwarebytes database and run a full system scan.

    Malwarebytes fix issue

    Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.

    Update database and run Malwarebytes scan on phone

  5. Wait for the Malwarebytes scan to complete.

    Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
    Malwarebytes scanning Android for Vmalware

  6. Click on “Remove Selected”.

    When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
    Remove malware from your phone

  7. Restart your phone.

    Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.


Your phone should now be free of adware, browser hijackers, and other malware.

If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future.
If you are still having problems with your phone after completing these instructions, then please follow one of the steps:

Frequently Asked Questions About the Pegasus Spyware Scam Email

1. How do I know if a Pegasus malware email I received is a scam?

Real Pegasus warnings come from software companies or authorities, not unknown senders making threats and demands. Scam emails have no proof of device access and threaten consequences for not paying an untraceable ransom.

2. Could my phone really be infected with Pegasus spyware?

It’s extremely unlikely. Distributing Pegasus costs millions and requires exploiting rare vulnerabilities. Random scammers do not possess the sophistication to remotely hack your devices and monitor your activity.

3. I’m scared. Should I pay the ransom just in case?

We understand the fear, but paying incentivizes more criminal scams and could lead to further extortion attempts down the line. The threats are a bluff – protect yourself and others by reporting instead.

4. What will happen if I don’t pay the ransom?

Nothing. The scammers cannot follow through on threats of leaking videos or destroying your life since they have no access. Their only leverage is smoke and mirrors deception. Simply ignore their demands.

5. How can I avoid falling for tech support scams?

  • Never open emails from unknown senders
  • Use strong unique passwords and enable two-factor authentication
  • Don’t believe bold claims in messages without proof
  • Keep devices updated and run regular malware scans
  • Cover your webcam when not in use

6. What should I do if I already paid the ransom?

Contact your bank immediately to possibly stop the transaction, then report the incident to the FBI IC3 at www.ic3.gov. Notify contacts who could also receive scam emails. Do not communicate with the scammer anymore.

The Bottom Line on the Pegasus Spyware Extortion Scam

Being targeted by online criminals using real malware like Pegasus to fabricate threats can be disconcerting. However, arming yourself with knowledge on their tactics helps avoid hasty decisions.

This scam exploits Pegasus’ dangerous reputation to make invasive threats seem real. But critical thought exposes the lack of any actual evidence or access to you.

Don’t let them intimidate you with technological espionage fiction. Stop their scheme by reporting the attempt and warning your loved ones. Sharing awareness protects the public from falling for this deception.

By scrutinizing the signs of sextortion scams, understanding their empty threats, and refusing to be pressured, you can stand up to extortionists misusing Pegasus’ name. Your power comes through seeing past their false warnings and acting wisely.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Leave a Comment