I received a email from someone using my iPhone account. This email came from myself, to me. Stated that I have been hacked, and they are watching everything I do. Threatened to send personal information and videos to all my contacts if I don’t pay. Used the word Pegasus malware. I reset my iPhone id password, and sign on password. Changed my email password, and restarted my phone. I don’t know what else to do
Sounds like an extortion scam – maybe even a sextortion scam.
The criminals don't have the ability to watch everything that you do. They may not know anything that you've done (or haven't done). They're just betting that if they send horrible, frightening blackmail messages to thousands upon thousands of potential victims, some people who receive the messages will panic enough to give the criminals their much-hoped-for and completely unearned "payday."
Change any passwords that the criminals claim they have compromised – just in case they have. Don't interact with the message or its criminal senders.
U. K. National Cyber Security Centre – Sextortion phishing scams: How to protect yourself
Sounds like an extortion scam – maybe even a sextortion scam.
The criminals don't have the ability to watch everything that you do. They may not know anything that you've done (or haven't done). They're just betting that if they send horrible, frightening blackmail messages to thousands upon thousands of potential victims, some people who receive the messages will panic enough to give the criminals their much-hoped-for and completely unearned "payday."
Change any passwords that the criminals claim they have compromised – just in case they have. Don't interact with the message or its criminal senders.
U. K. National Cyber Security Centre – Sextortion phishing scams: How to protect yourself
Nothing. It’s a scam. Delete it and move in.
E-mail often includes both a "From" address, and a human-readable string that e-mail clients may display in place of the "From address".
The scammers can put anything they want into a field that is just a human-readable string. I also assume that it is possible (if less common) for spammers and scammers to forge "From:" addresses. In the early days of computer networks, the focus would have been on "look at this neat new way we can communicate: e-mail" and there would have been an assumption that most or all of the people using it were reasonable people. Not criminals who would be trying to deliberately "game the system."
Presumably there is more security now – but I would not assume that e-mail is as secure as U.S. Postal Mail. You may have noticed that when banks have new monthly statements, or health care providers have new lab results, they often send e-mail telling you to log into their secure electronic portals … rather than sending the information in the e-mail itself. This seems likely to be due, in part, to security concerns.
Hughes71 wrote:
That’s reassuring. But how did they send me a email from me?
Here's an article that goes into a little more detail about e-mail spoofing and related attacks. (I am not affiliated with this vendor, and this is not a recommendation of their services. The article just looked interesting.)
CloudFlare – What is e-mail spoofing?
The issue is that the standard e-mail transmission protocol SMTP (Simple Mail Transmission Protocol) "does not have a built-in method for authenticating email addresses." People have been devising new security methods to combat e-mail spoofing, but getting to the point where everyone uses these methods will take some time.
You did the right thing. They are scammers. I’m not sure how they could have sent you an email from you. Unless they had your email which you can but in the send and from boxes.
That’s reassuring. But how did they send me a email from me?
iPhone hacked
