Pegasus Spyware Sextortion Scams – What You Need to Know

Posted by:

|

On:

|

,

In recent years, cybercriminals have become increasingly adept at deploying a variety of phishing and extortion tactics to manipulate and intimidate unsuspecting victims. One of the more alarming threats involves the Pegasus spyware sextortion scam, a new twist on classic phishing schemes designed to frighten recipients into paying a ransom. Below, we’ll dive into the details of this scam, explore how it works, and, most importantly, provide actionable steps for protecting yourself from falling prey to it.

The Pegasus Sextortion Scam: Anatomy of the Attack

The Pegasus sextortion scam is a sophisticated phishing scheme that typically begins with an email claiming that the recipient’s device (often a smartphone or computer) has been compromised by Pegasus spyware. Pegasus, a notorious spyware tool originally developed by the NSO Group for legitimate surveillance purposes, has a fearsome reputation, and scammers exploit this to add credibility to their claims.

Here’s how a typical scam email is structured:

The Claim: The attacker alleges that they have hacked your device using Pegasus and gained access to everything—emails, contacts, camera, microphone, and more. The scam email often includes personal information or photos (sometimes of your home) to make the claim feel more authentic​.

The Threat: They threaten to release compromising videos or photos to all of your contacts unless you pay a ransom in Bitcoin. In many cases, the email will claim that they recorded you via your webcam while you were engaging in embarrassing or inappropriate behavior.

The Ransom Demand: The ransom demand is typically made in cryptocurrency, such as Bitcoin, which is notoriously difficult to trace. The scammers give a short deadline to pressure the victim into compliance.

Figure 1: The Ransom Demand

Fear Tactics: The scammers play on fears of humiliation by threatening to send the alleged videos to your friends, family, and colleagues. They may also warn against contacting authorities, saying it will trigger the release of the material​.

Figure 2: Real-World Example

Real-World Example: A typical email following this scam format might look like this:

  • “I installed spyware called Pegasus on your phone. When you were watching adult content, I accessed your camera and recorded you. I have a video of you and will send it to all your contacts unless you pay me $1950 in Bitcoin. You have 48 hours. Don’t bother contacting authorities – my malware will trigger the release of the video if you do.”
  • Scammers will often include an actual image of your home (which they can easily obtain from public sources like Google Maps or Zillow) to further scare you into thinking they know everything about you​.

The Reality: It’s All a Hoax

Despite the terrifying language used, the Pegasus sextortion scam is a hoax. No spyware has been installed on your device, and the scammers do not have access to any private material. The whole premise is based on fear and deception, with the attackers hoping that the victim will panic and pay the ransom out of fear of embarrassment.

Some common tactics that indicate this is a scam include:

  • Poor grammar or spelling in the email.
  • There is a lack of concrete evidence or screenshots backing up the claims.
  • Threats to contact all your friends and family (in reality, the attackers don’t have your contact list.
  • Demands for cryptocurrency payments are harder to trace.

The vast majority of these scams are mass email campaigns sent out indiscriminately. The attackers rely on low-cost, high-reward methods – sending thousands or millions of emails and hoping that a small percentage of recipients will pay the ransom​.

Mitigations and How to Protect Yourself

If you receive an email like this, follow these steps to protect yourself:

  1. Do Not Engage: Do not reply to the email or interact with the scammer in any way. Responding could encourage more attacks, as it shows that you’re a willing target.
  2. Do Not Pay the Ransom: The attackers are bluffing. Even if they claim to have compromising material, it’s unlikely they do. Paying the ransom only fuels further scams and doesn’t guarantee your information will be deleted.
  3. Run a Security Scan: While the claim that your device has been infected is usually false, it’s still a good idea to run a thorough malware scan on your devices. Use trusted security software like Malwarebytes or Norton to ensure your device is safe​.
  4. Report the Email: Report the scam to your local authorities or cybersecurity organizations, such as the FBI’s Internet Crime Complaint Center (IC3). This helps track and combat these scams.
  5. Block the Sender: Most email services allow you to block specific senders. This will prevent you from receiving further emails from the scammer.
  6. Educate Yourself: Stay informed about the latest phishing and extortion scams. Awareness is your best defense against falling for these types of threats.
  7. Secure Your Accounts: Change your passwords regularly and use two-factor authentication (2FA) to add an extra layer of security to your accounts. This minimizes the risk of unauthorized access.

Conclusion

The Pegasus sextortion scam is just one of many tactics that cybercriminals use to manipulate and intimidate individuals into paying ransoms. By understanding how these scams operate and taking steps to protect yourself, you can avoid falling victim. Always remember: Don’t panic, don’t pay, and report any suspicious emails to the appropriate authorities.

References:

  1. Pilici, S.,”Pegasus Spyware Scam Email.” MalwareTips, https://malwaretips.com/blogs/pegasus-spyware-scam-email/. Accessed 9 Sept. 2024.
  2. Šlekytė, I., “The Pegasus Email Scam: A New Threat That Uses Photos of Your Home.” NordVPN, https://nordvpn.com/blog/pegasus-email-scam/ . Accessed 9 Sept. 2024.
  3. “Sextortion Scams Now Include Photos of Your Home.” Krebs on Security, https://krebsonsecurity.com/2023/08/sextortion-scams-now-include-photos-of-your-home/ . Accessed 9 Sept. 2024.

Written by: Michael Ricci