How to stop Pegasus Spyware email spam?

There have been multiple variations of this scam for at least two years. I especially like when it says they captured me doing naughty things on my computer's video camera. That would be literally magical since I don't have any kind of camera on my Mac.

Delete and ignore. They do not have the information about you they claim.

lewisp002 wrote:

is this definitely a hoax? the pegasus spy ware software is real apparently

Of course it is a scam. You should also be aware of the many other emails, messages, or calls that are meant to turn over your money to them. By clicking a link in a message/email or responding at all to any of them will instantly mark you as a target, since it will then be known that you will believe these scams. You can then expect to receive many more of these type of scams. In an effort to help educate you on the practice of these criminals, I have included a couple other examples:

• A person may call you claiming to be a FBI agent or Police Officer claiming you have a warrant for arrest and the only way to avoid being arrested is to immediately purchase Gift Cards and send them the codes.
• You may receive a call that a foreign Prince has died and the family needs to move the money into a US bank account. They claim to pay you a percentage if you allow them to transfer it to your account.
• You may receive a fake invoice claiming you have made a large purchase and will include a phone number to cancel the purchase. They just want your personal/financial information.

Here are some more examples:

https://blog.usecure.io/the-most-common-examples-of-a-phishing-email

lewisp002 wrote:

is this definitely a hoax? the pegasus spy ware software is real apparently

Pegasus and other espionage tools are real, yes.

If you were targeted by those, your adversaries would not need to send you a plebeian mail message begging for cryptocurrency.

Your adversaries would have full control of your device, and would have stolen everything already.

And the security vulnerability claimed here would be getting wall-to-wall coverage. (As Pegasus gets, and the other similar espionage tools to a lesser extent.)

Truth? The best advertisements, the best propaganda, the best scams, all of these will contain truth. That’s the hook.

One of the more successful political strategies a while back contained a one-sentence quote, and it enraged many listeners. Until they learned the subsequent sentence, or the full context of the quote, and the wisdom, that is. But they were too busy getting mad at the out-of-context quote to check on that. Getting mad, getting angry, getting scared, strong emotions make us dumb, vulnerable, and all too willing to spend money on sketchy products or on sketchy claims.

Yes, Pegasus exists. But that allows deep access into your device, access that would allow directly stealing everything, money, payment cards, everything. Sending out spam using social engineering requires a much smaller investment, too.

A few of the many other scams: Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support

Linz23deport wrote:

This just happened to me an hour ago. Requesting money or a video will be released.

It’s a scam.

If the scammers had the compromising info they claim and not spamming based on some database dump such as from AT&T or some other data breach, they’d show it to you.

If you want to see which services leaked your email address, enter it here: https://haveibeenpwned.com

Might want to adjust your current trust and credulousness settings to values more appropriate for 2024, too.

KI7PBG wrote:

scam my mail program marked as junk but the mail did not come from you he sticks your email as a header, if you view the source of his email , or the alleged one that came from your account you will see it actually come from this address from (me942.com unknown [109.172.38.168]) <==== with this IP. clearly not icloud. delete it and move on with your day nothing will happen.

That’s just not where that spam is actually from.

If it were, this whole spam campaign would have been over years ago.

That’s “just” somebody’s compromised equipment, or compromised credentials.

That and many other examples are being controlled from elsewhere.

Part of a botnet.

Malware and spam is a business, and quite often with a lot of “borrowed” computer resources.

All sending out creative fiction solicitations in this case, or propaganda, or pharmaceutical ads, or whatever is profitable. Or other attacks against re-used passwords, or weak or compromised passwords, or known and unpatched vulnerabilities. Or phishing for credentials at millions-scale, as one recent legal case and arrests has alleged. Or running distributed denials of service against individuals or organizations, overrunning their network bandwidth, or filling their mailboxes, or whatever.

sophia2939 wrote:

I also received this. Has anything else happened since that email you received?

Nothing happens.

• It is a scam.
• They did not use Pegasus software
• They don't have any sensitive photos
• They don't know your internet activity
• The email did not come from your account. It was spoofed to make you think you have been hacked.
• This same email has gone out to thousands of people and it cost them nothing to do it, but if they just convince a small percentage of people to give them money, then it has enriched their pockets.

sophia2939 wrote:

I also received this.

You and most of the Internet.

Has anything else happened since that email you received?

Yes, I then got another copy. And another copy. And another. And yet more copies.

It is a scam.

It gets spammed.

There is no malware.

You're not targeted by Pegasus.

No camera access and no video.

No compromising photos.

(If the scammers had that, they'd show you some.)

One of various discussions of this and similar scams:

https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/

Highlighting added: "Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims."

This particular scammer lied. That's the no-leverage" part. They do not have compromising photos or videos.

Mark as spam, and move on.

For other discussions, see previous replies, and search for the word "pervert" in the Apple Community postings.

Here are a few other of the many scams around:

Recognize and avoid social engineering schemes including phishing messages, phony support calls, and other scams - Apple Support

scam my mail program marked as junk but the mail did not come from you he sticks your email as a header, if you view the source of his email , or the alleged one that came from your account you will see it actually come from this address from (me942.com unknown [109.172.38.168]) <==== with this IP. clearly not icloud. delete it and move on with your day nothing will happen.

no they can't do anything to you they don't have access to your account Pegasus is not on your mac, mac security would ketch that, you are find delete the scam mail and move on. people saying pegasus is real yes it is very real but think about it why would it be on your mac, in order to install something on your mac you would yourself had to install it threw some link, but you would have known if you did for sure. or he would have had to have direct access to your mac. nothing is on your mac you are find. if you want peace of mind download the free version of malwarebytes run it and call it a day.

MahMah103 wrote:

I just opened the exact e-mail they sent you. Is it a scam or not?

SCAM

So the folks that sent that message included no photos or videos they claimed to possess so no included proof, and the folks that claimed total control of your equipment didn’t simply swipe your credit card info and other sensitive info and go on a spending spree?

Yeah. It’s a scam.

Some of the older versions of this spam scam included your chosen password from some old service breach, which definitely spooked some folks, and very effectively showed the risks of password reuse.

A few of the many other scams: Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support

Yes, of course it's a hoax. Using Pegasus as the scare tactic is just the latest version.

This email started out at least two years ago (more like three) with claims that FBI or CIA had found criminal activity on your computer. Then for a long time, the claim was they had installed an impossible Trojan virus on your computer. Impossible because there's no such thing as a Trojan virus. It's one or the other. The latest version is the claim they've installed Pegasus on your computer.

Otherwise, the text is virtually the same from one scam to the next. All involving sending some randomly chosen amount of money to a Bitcoin, or other cryptocurrency account.

Honestly, all you need to do is spend 15 seconds looking this kind of thing up to get the answer.

214oKutaFvo wrote:

I’ve had an email sent from my own email address threatening contact everyone who has my address. They say they are using Pegasus and will release my information in two day. Would they normally send proof of what they say they have?

The “hey pervert” scam is being spammed to most of the internet. You can use DuckDuckGo or another search engine and search for other discussions. It’s a very common topic.

I’ve been getting copies of that scam for months. Multiple copies.

Variations of that scam go back to 2018, and earlier. From 2018:

https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

More info? See my replies above, among others.

Yep, entirely possible to gain that information from data on the internet. There have been many data breaches from a multitude of companies and you can find out if your data has been compromised by entering your email address. Some of the sites provided by those companies will give partial information so you can confirm if that data is actually yours. They even include partial SS# which may be correct or incorrect. Once they are able to get your address, then a Google Street view of your house is very easy.

These steps have all been automated by scammers and will gather this information and send it to you in an email to make you believe they have more information and demand money. This is a typical scare tactic and they do not have the information that they are claiming.

Yes, I too received the one about how they caught me doing naughty things on my camera and they asked me for a lot of money. I deleted it and have not heard from them again. They send multiple emails all over the place because they know they will find someone who will panic and fall for their scam

Swimteam71 wrote:

I got the same thing but mine has my phone number, first and last name and a google image of my house. they said they have my camera hacked and my mic. is it still a scam or should I be worried.

It’s still a scam. If they had what they claim, they’d show you.

All of what you’ve been provided is widely available thanks to multiple data breaches, or, with Street View, available to all and easily automated.

Again, they haven’t shown you anything not already in what (in 2024) amounts to the public record.

If they had hacked your equipment, they’d show you that.

Panic works though, and I’m sure this’ll be profitable to the scammers, assuming they can retain access to Street View and other parts of the scam. Breached data though, is endemically available.

TL;DR: higher effort, same scam.