Pegasus scam examples

Most versions of this scam up until the last year or two followed the format of:

  1. Telling the victim they infected their computer
  2. Telling the victim they recorded said victim fapping off to nasty porn
  3. Demanding payment for not sharing the videos of same with their friends and collagues.

All very generic, a few versions of how you were infected but that’s it. Still caused some worry, but not as much, I think, as the scammers hoped.

Nowadays, this often starts with a bit of “personal” information (pulled from one data breach or another). This is to freak out a victim, and based on what I see regularly in various places, it does the trick:


(NAME), I know that visiting (ADDRESS) would be a better way to reach if you don't cooperate

Nice location btw

This is the most common version as of the writing of this post (in September 2024). Addresses are common public information, and breaches can include addresses, so it’s not that difficult to associate an email address with a postal address. The image is pulled from Google Maps or similar.

I know that (Phone number) is convenient to talk to you in case you don't cooperate.

Again, pulled from a data breach - and not that hard to discover.

I know that (Password) is one of your passwords.

Again, from a data breach where a cleartext (human-readable) password was included.

Then of course, the scam email goes into the next section. Sometimes they skip the ‘personal information’ - the generic versions still get reported, but show up less in the places where scared people reach out for help.

Hello Pervert, I've sent this from your Microsoft address.
I want to inform you about a very bad situation for you. However, you can benefit from it, if you will act wisely.
Have you heard of Pegasus?
This is a spyware program that installs on computers and smartphones and allows hackers to monitor the activity of device owners.
It provides access to your webcam, messengers, emails, call records, etc. It works well on Android, iOS, and Windows.
I guess, you already figured out where I'm getting at.
It's been a few months since I installed it on all your devices because you were not quite choosy about what links to click on the internet.

Now, every version of this scam does have the ‘hacker’ accessing all/some of the victim’s devices. However, this particular one is rather hilarious because Pegasus is mobile-only and sold only to governments/intelligence agencies. Pegasus cannot install on a computer.

I installed a Malware on pom website and you know what, you visited this sex website to experience fun (you get my drift). And while you were busy enjoying our videos, your system began operating as a RDP (Remote Device) with a key logger which allowed me access to your display screen and your camera access.

RDP stands for Remote Desktop Protocol, not Remote Device. It’s a Microsoft protocol. While there are RDP implementations for non-Microsoft operating systems, they’re far less common. While it is possible to use RDP as a RAT (Remote Access Trojan), making this one a bit more plausible than the Pegasus example, it’s not likely for one very simple reason.

And that reason is that if I have hacked into your device(s), I am not going to tell you I’ve done so. Real hackers do not want you to find their backdoor into your device(s). They want you to keep doing what you’re doing so they can exfiltrate sensitive data. Telling you that I’ve ‘hacked’ your device in return for a simple crytocurrency payment is, honestly, rather stupid. A real hacker would understand it. Undereducated scammers in India and Nigeria would not.

Around several months ago I obtained access to the devices that you were using to browse the internet.
Subsequently, I have proceeded with tracking down your internet activities of yours.

Below, is the sequence of past events:
In the past, I have bought access from hackers to numerous email accounts (today, that is a very straightforward task that can be done online).
Clearly, I have effortlessly logged in to your email account of (redacted)
Here is the proof I hacked this email. your password at the time when I got access to your email: (redacted)
A week after that, I managed to install a Trojan virus on the Operating Systems of all your devices that are used for email access.

Actually, that was quite simple (because you were clicking the links in inbox emails).
all smart things are quite straightforward. (>_<)
My software allows me to access all controllers in your devices, such as video camera, microphone, and keyboard.

So this is an interesting mish-mash of things.

  1. Buying passwords to email accounts does not equal control of someone’s computer.
  2. The password they give is - again - one exposed in a data breach.
  3. There is no such thing as a universal trojan that runs on all operating systems. Trojans, like most viruses, have to be written to work on a particular operating system - a Windows trojan will not infect an Android device, for example.
So I suggest you read this message carefully. Take a minute to relax, breathe, and really dig into it. 'Cause we're about to discuss a deal between you and me, and I need you to be on point. You do not know anythingabout me whereas I know you and you must be thinking how, correct?
You've been a bit careless lately, clicking through those girlie videos and venturing into the darker corners of cyberspace. I actually placed a Malware on a porn website and you accessed it to watch(you know what I mean). When you were busy watching videos, your smartphone started operating as a RDP (Remote Protocol) which provided me total access to your smartphone. I can peep at everything on your screen, switch on your camera and mic, and you wouldn't even notice. Oh, and I've got access to all your emails, contacts, and social media accounts too.
  1. It’s obvious that the last thing that the scammer wants the victim to breathe and relax.
  2. You don’t ‘place a malware on a porn site’.
  3. Again, RDP is a freaking Microsoft protocol and is used on desktop operating systems.

Let’s move onto the threats:

Been keeping tabs on your pathetic life for a while now. Extracted quite a bit of juicy info from your system. Got videos and screenshots where on one side of the screen, there's whatever trash you're indulging in, and on the other, your dumb face. With just a click, I can send this filth to every single one of your contacts.

You don't know squat about this, and you never even had a hint. My moves are slick, and the embedded code keeps refreshing every 30 minutes, so your antivirus software remains none the wiser.

I get your concern and confusion, bro. That video was straight up blunt, and I can't even wrap my head around the humiliation you'll face when your crew, your buddies, and your kin peep it out. But hey, that's life, ain't it? Don't be playing the victim here.

Let's put our heads together and find a way out of this.

I got the means to wipe you out and move on, but I'm not gonna do it unless there's something in it for me. How about a $1000 in my bitcoin wallet to keep me motivated?

The whole “I have put together a video of the porn you’re watching with you fapping off” is actually very common, just usually phased a little bit less slangy.

The “embedded code keeps refreshing every 30 minutes so your antivirus software remains none the wiser” is likely someone taking the concept of polymorphic viruses (which do and can change to evade detection) and explaining it poorly. Anybody intelligent enough to use a Polymorphic Remote Access Trojan would not be blackmailing you for supposedly watching porn.

It's just your hard luck that I noticed your misdemeanor. I then gave in more time than I should've investigating into your personal life and created a two view sextape. 1st half displays the recording you had been viewing and next part displays the video of your cam (its someone doing dirty things). In good faith, I'm ready to forget all about you and allow you to continue with your life. And I am going to give you two options that will accomplish it. The two choices are to either turn a deaf ear to this email (not recommended), or pay me a small amount.
What should you do? Let’s understand these two options in more detail. First Choice is to ignore this e-mail. Let me tell you what is going to happen if you opt this path. I will, no doubt send out your sextape to your entire contacts including members of your family, coworkers, and so forth. It doesn't save you from the humiliation you and your family will face when relatives and buddies learn your unpleasant video in their inbox.

Similar to the last one, same “I created a video of the porn site and you fapping” and the threat to release the video to all your friends and family. The hilarious bit is “sextape” - really? Really? Who calls them sextapes in the age of digital, that’s an old fart, pre-digital thing.

(This is not the only version where the scammer threatens to release a “videotape” in the age of digital- come on scammers, stop making me feel old.)

After giving an amount and a cryptocurrency amount - along with instructions on how to get crypto by some oh-so-helpful scammers - there’s one last piece:

Notice: You now have one day to make the payment. (I have a special pixel in this email, and now I know that you have read through this email). The method to have bitcoins can take some time so don't wait. If I don't receive the Bitcoins I will definately send your sextape to all contacts including your family members, colleages, and so on. nonetheless, if I do get paid, I will destroy the videotape immediately. If you need proof, reply with "yes!" and I will definitely send out your sextape to 13 of your friends everyday. It is a one time offer, thus kindly don't waste my perosnal time and yours by replying to this email. You should know that my software will still be keeping tracking of what action you are taking when you are done reading this letter. To be honest, If you try to act smart then I am going to send your sextape to your friends, coworkers before time finishes.

(All scammer typos left in)
To break the stupidity down:

  1. The 1 day can be variable; some do 12 hours, some 2 days (48 hours).
  2. Yes, there are transparent 1x1 pixels known as web trackers. No, the scammer has not embedded one.
  3. Sextape and videotape again! Seriously, join the digital age scammers.
  4. How are you supposed to reply with ‘yes’ if the email is from ‘yourself’ - admittedly they could be using a reply-to, but that’s not normal for this type of blackmail. Besides, replying will have the scammer ‘send out your sextape to 13 of your friends everyday’ - why would anybody reply?
  5. The word ‘kindly’ strikes its ugly head, sure sign of a person whose first language isn’t english and hails from a country that’s a former British possession.
  6. Again, the scammer doesn’t have access to your computer/phone and cannot mail anybody anything.