The Pegasus Email Scam – Report

Email Scam
by Brandon Skies
November 22, 2024

If you received a message claiming that you’ve been infected by the Pegasus malware, don’t fall for it – its a scam! The message could claim there are embarrassing images and/or videos of you that will become public if you don’t pay a ransom, but it’s all a lie.

Such extortion attempts represent a very common type of scam that’s really easy to recognize as long as you know what to look out for. In this next article, I’ll explain in detail the Pegasus email scam so you know how to protect against it in the future.

Pegasus Scam Email
An excerpt of the Pegasus scam email letter.

What Is the Pegasus Email Scam?

The Pegasus Email Scam is a classic example of a sextortion scam, similar to “I Managed To Install A Spyware” or the classic Sextortion Email Scam, that relies on the victims’ fear of embarrassment. It tells you that some images or photos of you taken while you’ve been visiting adult sites have been taken and will be released to the public if you do not cooperate. Obviously, the scammers count on the fact that many Internet users do visit such sites, but it’s perfectly possible for the scam message to be sent to someone who’s never opened an adult site.

But here’s the kicker: the scammers often include an old password or basic personal information, which they’ve likely pulled from a past data breach. Seeing your old password in the email might make your heart race, but don’t be fooled. It’s all part of their psychological game to make their story seem plausible.

Even if some specific info about you is included in the email, it’s still a scam and any claims made in the message are lies. Keep on reading to learn more.

How the Pegasus Email Scam Tricks You

Although scams like the Pegasus Email Scam are relatively low effort, the people behind them do employ some deceptive tricks to make the ruse seem more believable. Once you are aware of these tricks, it becomes a lot easier to spot the scam:

  1. Fear and Urgency
    Messages like “Pay within 24 hours, or your private videos will be shared!” are designed to panic you into acting without thinking. Their goal is to cloud your judgment.
  2. Use of Real Data
    Including an old password or referencing your location adds an unsettling layer of credibility. It’s a manipulative tactic that exploits information from prior data breaches.
  3. Bitcoin Demands
    Cryptocurrency is the scammers’ preferred payment method because it’s untraceable. This alone should raise red flags—legitimate organizations don’t ask for Bitcoin payments.
  4. Spoofed Sender Addresses
    The email may appear as though it’s coming from your own account. This is a deliberate trick to make you think the scammers have complete control over your device.
dmarc fail
The DMARC “FAIL” rating indicates a likely spoofing.

If any of these appear to be used by the sender of the message, it means they are not an actual hacker who has access to your PC, but just a random scammer hoping to get lucky.

Pegasus Email Scam Red Flags to Watch For

It’s critical that you are familiar with the potential red flags typical for online scams like the Pegasus Email Scam. If you know what to look out for, you’ll be able to quickly recognize a scam and simply ignore any false claims made by whoever sent you the message. Here’s what to expect:

  • Vague accusations: The email doesn’t provide specific evidence of the alleged breach, like exact websites or timestamps.
  • Cryptocurrency payments: Demanding Bitcoin or other untraceable forms of payment is a hallmark of scams.
  • Poor language: Scams often feature sloppy grammar or awkward phrasing, which is a dead giveaway.
  • Threats of exposure: Claims that your camera has recorded compromising material are designed to scare you into compliance.

One other thing to remember is that real hackers would never bother to send you email messages with ransom demands. Instead, the malware they infect you with will do that for them. But since there’s no malware in your device, the scammers rely on emails to relay their threats.

Pegasus Scam Email Mobile
The Pegasus scam email sent to a mobile device user.

What to Do If You Receive Pegasus Email Scam Message

Let’s say you’ve received the Pegasus Email Scam message. What should you do now? not much really. Here are some recommendations, but in general, remember that the scammers have nothing on you, so there’s no need to worry:

  • Delete the email: Don’t engage, reply, or click on any links. Engaging only validates your email address as active.
  • Mark it as spam: Flagging the message helps your email provider filter similar scams in the future.
  • Stay calm: Remember, this email is a scam. The sender doesn’t have access to your device or files

Important Tip: If they referenced a password, consider it a wake-up call to strengthen your online security. Changing your passwords regularly is an easy but critical habit.

What to Do if You’ve Interacted With the Pegasus Email Scam Message

But what if you’ve already clicked a link or entered some personal information demanded by the Pegasus Email Scam message? This makes the situation trickier. Your virtual privacy might be compromised, so I recommend performing the following actions ASAP!

  1. Freeze Your Bank Accounts
    If you provided payment information, call your bank immediately. Freezing your card prevents unauthorized transactions.
  2. Update Passwords
    Change passwords for all accounts that might share the compromised credentials. Use a password manager to create strong, unique passwords moving forward.
  3. Scan Your Device
    Run a full antivirus scan to check for malware. If anything malicious is detected, follow your antivirus software’s instructions to remove it.
  4. Enable Two-Factor Authentication (2FA)
    Adding 2FA to your accounts provides an extra layer of security. Even if a scammer has your password, they’ll need an additional verification code to log in.

And if you’ve also paid the demanded sum, there’s sadly not much that can be done in such a case. I still recommend performing these four steps to secure your online accounts but as for the money, there’s not much that can be done there. You’ll just have to think of this as a rather expensive lesson on online scams.

Lessons From the Pegasus Email Scam

This Pegasus Email Scam is a stark reminder of how easily our online information can be weaponized. By understanding the methods behind these attacks, you can build stronger defenses.

Here’s how scammers exploit vulnerabilities:

  • Email spoofing: They forge email headers to appear as a trusted sender or even your own email.
  • Data from breaches: Scammers comb through leaked passwords and email addresses to use in targeted attacks.
  • Playing on emotions: Fear and guilt are their primary tools. They count on you reacting impulsively to threats.

Staying informed is the first line of defense. Knowing how these scams work arms you with the knowledge to outsmart them.

Strengthening Your Online Security

Here are some proactive steps to secure your digital life:

  • Use unique passwords: Reusing passwords across accounts increases your vulnerability. A password manager makes it easier to generate and manage unique ones.
  • Update your software: Outdated software can have security holes. Keep your operating system and apps up-to-date.
  • Be cautious with unsolicited emails: If an email feels off, trust your instincts. Research its claims before taking any action.
  • Educate yourself: Read about the latest scams and tactics to stay ahead of evolving threats.

Reporting the Pegasus Scam

Did you know that reporting the Pegasus Email Scam helps not just you but the broader online community? Here’s how to report incidents effectively:

  1. Flag it as phishing
    Your email provider likely has an option to report phishing emails. This helps refine their spam filters.
  2. Contact cybersecurity agencies
    In the U.S., you can report scams to the FBI’s Internet Crime Complaint Center (IC3). In the UK, use Action Fraud.
  3. Notify affected platforms
    If the email references a specific service or company, let them know. They may already be tracking similar reports.

Final Thoughts: Staying Ahead of Scammers

The Pegasus Email Scam reminds us how crucial it is to stay vigilant online. Scammers will always find new ways to manipulate, but their tactics rely on fear and a lack of knowledge. By understanding how these schemes work and sharing what you know, you empower yourself and others to stay safe.

Remember, online security is a practice, not a one-time effort. Take small steps daily—whether that’s updating a password, enabling 2FA, or staying informed. You don’t have to be an expert; you just have to stay alert. Don’t let scammers win. Stay smart, stay safe, and keep moving forward.


About the author

blank

Brandon Skies

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

View all posts

Leave a Comment