Aloha Honolulu! This is a quick post because it just happened to me. A ransom email came through to my personal email and it was trying to extort me over some pretty hilarious accusations (as you'll see in the screenshots I posted). This particular email scam is what's known as the "Pegasus Pervert Email".
What Is the "Pegasus Pervert Email" Scam?
Here is the email I received with my personal details redacted (1/2):
2/2:
How the Scam Works:
Imagine you open your email to find a threatening message that claims your device has been hacked using something called "Pegasus" spyware. The scammer says they've accessed your camera and have embarrassing footage of you doing private things (yikes!). They then demand a ransom, usually in Bitcoin, otherwise, they’ll send this footage to all your contacts or threaten to leak it online.
To make it seem more believable, they might even throw in some old passwords of yours, usually culled from previous data breaches, to scare you.
What is Pegasus Spyware?
Now, before we get consumed by panic, let’s clarify what Pegasus spyware actually is. Developed by the NSO Group, Pegasus is a powerful piece of spyware typically used by governments for targeted surveillance. It’s not something the average scammer has access to—so breathe easy; the chances that a run-of-the-mill scammer is using this on you are virtually zero.
How to React:
1. Stay Calm: First and foremost, don't panic. These emails are bulk threats sent out to scare people. It's highly unlikely that you’ve actually been hacked and had your private matters collected.
2. Don’t Pay the Ransom: Seriously, don’t even think about it. Forking over cash only encourages these scammers and funds their shady activities in the end. The scammers success relies on the fact that some people may get scared and fork over the money without a second thought.
3. Change Your Passwords: If they’ve hit a nerve by mentioning a real password of yours, change it immediately. But remember that this password was most likely from a data breach, and not a result of you being hacked. Make sure to use strong, unique passwords for different accounts. A password manager can make this simpler.
4. Check for Compromise: Just to be safe, run a security scan on your device using reputable antivirus software or get in contact with a cybersecurity professional for assistance.
5. Report & Block the Email: Flag it to your email provider, and if you feel it necessary, report it to cybersecurity authorities or local law enforcement.
How to Remove Your Personal Information from Data Brokers
Data brokers often collect and sell your personal info, sometimes ending up in the hands of scammers. Here’s how to take back control:
1. Know Thy Enemy: Identify common data brokers like Truepeoplesearch, Thatsthem, Intelius, Spokeo, and Whitepages.
2. Opt-Out: Visit the data brokers' websites and look for their opt-out forms. Fill them out to request the removal of your data.
3. Manual Requests: For brokers without easy opt-out options, you may need to send an email or postal mail request for data removal.
4. Privacy Services: Consider using services like DeleteMe to do the heavy lifting for you. They specialize in removing your information from data brokers.
5. Regular Check-Ups: Make it a habit to periodically check if your info has resurfaced and submit removal requests as needed.
To summarize:
By staying calm, not giving in to demands, and actively taking steps to protect your personal information, you can navigate these scams with confidence and keep your data safe. Feel free to share this post with anyone who might need a little extra guidance in keeping their online lives secure!
Stay safe out there!
Francis Borges
Founder / Security Engineer
Dynacomp IT Solutions
Comments