The Pegasus email scam is one of those annoying blackmail campaigns that just won’t die. You know the type – threatening messages claiming hackers have compromising videos of you and demanding Bitcoin payments. This particular scam stands out because it name-drops the infamous Pegasus spyware to sound more legitimate.
These scams are part of a broader category of professional hacker email scams that use similar tactics to intimidate victims. Like other sextortion email campaigns, they rely on fear and embarrassment to pressure people into paying.
But here’s the thing: it’s complete nonsense. These scammers are banking on your fear and lack of technical knowledge about how real malware works. Let’s break down exactly why this scam is fake and what you should do if you receive one of these emails.
What Makes This Scam Different
Unlike generic blackmail emails, the Pegasus scam has evolved to become more convincing through personalization. Modern versions include:
- Your real first name in the subject line
- Your phone number displayed prominently in the message
- Old passwords you may have actually used
- PDF attachments named after you (like “john.pdf”)
This personal touch makes people panic and think the threat is real. But it’s just sophisticated social engineering using leaked data that’s probably years old.
Examples of Current Pegasus Scam Emails
Here are the complete email samples that people are receiving right now. These show the full extent of the scammer’s manipulation tactics:
Version 1: The Personalized Threat
*First Name*,
I know that, XXX-6573 is too personal to reach you.
I won’t beat around the bush. You don’t know anything about me whereas I know you and you must be thinking why are you getting this e-mail, right?
I actually placed Pegasus (spyware) on p*** website and guess what, you visited same s** website to have fun (if you know what I mean). And while you were busy watching those videos, your internet browser started working as a RDP (Remote Device) that has a backdoor which provided me accessibility to your screen and also your camera controls. Immediately after that, my software program obtained all of your information and your complete contacts from device including all of your photos.
Exactly what I want?
It is simply your misfortune that I am aware of your misdemeanor. I then invested in more days than I probably should have exploring into your data and prepared a split-screen videotape. First part shows the recording you were watching and 2nd part displays the capture from your web camera (it is someone doing nasty things). In good faith, I am ready to delete everything about you and allow you to continue with your regular life. And I will present you two options which will achieve it. These two alternatives are to either turn a blind eye to this letter (bad for you and your family), or pay me a small amount.
What should you do?
Let us understand these 2 options in more details. Alternative one is to ignore my e mail. Let us see what is going to happen if you choose this path. I definitely will send your s****** to your entire contacts including friends and family, co- workers, and so forth. It will not protect you from the humiliation your household will face when relatives and buddies discover your unpleasant videotape from me in their inbox. Wise option is to pay me, and be confidential about it. We will name it my “privacy charges”. Now Lets see what will happen if you opt this path. Your dirty secret Will remain your secret. I’ll keep my mouth shut. After you pay, You go on with your daily life and family as if nothing ever happened. You will make the transfer through Bitcoin.
Required Amount: $4950
BTC ADDRESS: 15a2rbdy Xq4qRurasoxxxxxxxxxxx
(Here is QR code, scan it)
Important: You have one day to make the payment. (I have a special pixel in this email message, and now I know that you have read through this mail). The task to acquire bitcoins usually takes some efforts so don’t delay. If I don’t get the BitCoins, I will definitely send your s****** to all of your contacts including close relatives, colleagues, and so on. nevertheless, if I receive the payment, I’ll destroy the video immediately. If you really want evidence, reply with “yes!” and I will certainly send out your video to your 8 friends every day. It is a non negotiable one time offer, thus kindly do not waste my personal time & yours by replying to this e-mail. Let me remind you, my malware will be sharing what action you adopt when you are done reading this email. Let me tell you If I see any suspicious activity from your web history then I’ll share your s****** to your close relatives, coworkers even before time finishes.
Version 2: The “You Have Been Hacked” Variant
You have been hacked
Hello pervert, I’ve sent this message from your iCloud mail.
I want to inform you about a very bad situation for you. However, you can benefit from it, if you will act wisely.
Have you heard of Pegasus? This is a spyware program that installs on computers and smartphones and allows hackers to monitor the activity of device owners. It provides access to your webcam, messengers, emails, call records, etc. It works well on Android, iOS, and Windows. I guess, you already figured out where I’m getting at.
It’s been a few months since I installed it on all your devices because you were not quite choosy about what links to click on the internet. During this period, I’ve learned about all aspects of your private life, but one is of special significance to me.
I’ve recorded many videos of you jerking off to highly controversial porn videos. Given that the “questionable” genre is almost always the same, I can conclude that you have sick perversion.
I doubt you’d want your friends, family and co-workers to know about it. However, I can do it in a few clicks.
Every number in your contact book will suddenly receive these videos – on WhatsApp, on Telegram, on Skype, on email – everywhere. It is going to be a tsunami that will sweep away everything in its path, and first of all, your former life.
Don’t think of yourself as an innocent victim. No one knows where your perversion might lead in the future, so consider this a kind of deserved punishment to stop you.
Better late than never.
I’m some kind of God who sees everything. However, don’t panic. As we know, God is merciful and forgiving, and so do I. But my mercy is not free.
Transfer $1220 USD to my Bitcoin wallet: 1JVMTup4zuS1JMGXAYYRgvyr2PUmNnY6g2
Once I receive confirmation of the transaction, I will permanently delete all videos compromising you, uninstall Pegasus from all of your devices, and disappear from your life. You can be sure – my benefit is only money. Otherwise, I wouldn’t be writing to you, but destroy your life without a word in a second.
I’ll be notified when you open my email, and from that moment you have exactly 48 hours to send the money. If cryptocurrencies are unchartered waters for you, don’t worry, it’s very simple. Just google “crypto exchange” and then it will be no harder than buying some useless stuff on Amazon.
I strongly warn you against the following:
) Do not reply to this email. I sent it from a temp email so I am untraceable.
) Do not contact the police. I have access to all your devices, and as soon as I find out you ran to the cops, videos will be published.
) Don’t try to reset or destroy your devices.
As I mentioned above: I’m monitoring all your activity, so you either agree to my terms or the videos are published.
Also, don’t forget that cryptocurrencies are anonymous, so it’s impossible to identify me using the provided address.
Good luck, my perverted friend. I hope this is the last time we hear from each other.
And some friendly advice: from now on, don’t be so careless about your online security.
Threat Analysis Summary
Before we dive into why this scam is fake, here’s a comprehensive breakdown of what security researchers have documented about these campaigns:
| Threat Name | Have You Heard About Pegasus Email Scam |
| Threat Type | Phishing, Sextortion Scam, Social Engineering, Fraud |
| Fake Claims | Device infected with Pegasus spyware, compromising videos recorded, will be shared unless ransom paid |
| Ransom Amounts | $1220 – $4950 USD (or 0.035 BTC) |
| Distribution Methods | Mass email campaigns, PDF attachments with personal names, personalized subject lines |
| Target Information Used | First names, phone numbers, old passwords, email addresses from data breaches |
| Psychological Tactics | Fear of exposure, shame, artificial urgency (24-48 hour deadlines), technical intimidation |
| Potential Damage | Financial loss, emotional distress, unnecessary panic (no actual compromise occurs) |
Known Scammer Cryptocurrency Wallets
Security researchers have identified multiple Bitcoin and Litecoin addresses used in these scam campaigns:
1JVMTup4zuS1JMGXAYYRgvyr2PUmNnY6g2
12PY3MibuWtNHjszG4YMSaSEFf6Y8P2zcN
1AXNYLDEG5YEzc2eyUh7SUYYKeRUaRwseu
17KHqeibF7TWfb9dvPRrbRhvwpkYPd8R3R
1Dz3tE5mspT4fk9fxkfZk6fBcgav28XxRd
1P1muuaa35mkDDxaKZcvTSUqPAtMo1j8nr
bc1q34vjur6yxxra3mjktr2qu5wrkvelgrw47wf93k
Litecoin (LTC) Addresses:
ltc1q2yd2s2nq8vgw3swqfhudztarrfwakj96tk7s82
ltc1qughecqtek6x5mfjrhwf0wvg8cqgdehmhyxkluw
ltc1qpj5nfh4j6p7fnn5zwt8jsukz6fum2uj4use6e5
ltc1qjpua6w4zqvhdwlt7hdesshu9fgjfl0525lxvew
ltc1qpyvf4vkw8xg775jduf4uwyecesgd93g579skm7
ltc1q33rqzm8ry5q3y7nv7m8degk9smp6aqxd0lt9z4
ltc1qpvhhyl6d2lduj32apgwjwndz6xelc7s8sywscs
ltc1qzqzl6nvadwzjpx0428q7f0j86qkc56jm226d83
ltc1qcr905dtgzpvtvu2redcnmnkpme2nv0dxqw3a8r
ltc1qhv765ptm9culwmp98hwkes62htpp5hqqly75k8
Important: If you sent cryptocurrency to any of these addresses, the transaction cannot be reversed. This is why scammers prefer cryptocurrency payments.
Why This Scam is Complete BS
Now that you understand the scope of these campaigns, let me explain why every claim in these emails is fake:
Pegasus Isn’t Available to Random Scammers
Real Pegasus spyware is developed by NSO Group and sold only to governments after extensive vetting. It’s not something random criminals can buy on the dark web, despite what they claim. The actual cost runs into millions of dollars per deployment. Unlike these fake claims, real spyware threats are documented in legitimate cybersecurity research.
Technical Claims Don’t Add Up
The scammers claim Pegasus works on “Android, iOS, and Windows” – but real Pegasus primarily targets iOS and has limited Android capabilities. Windows? Not really its thing. These scammers clearly don’t know what they’re talking about.
No Actual Evidence Provided
Notice how they never include screenshots, file names, or any specific evidence? That’s because they don’t have any. Real hackers who compromise systems usually provide proof to establish credibility before demanding payment. This contrasts sharply with legitimate security warnings about actual threats like malware-spreading phishing emails.
Mass Email Campaign Logic
Think about it: if someone really spent months spying on you personally, why would they send the same generic message to thousands of people? It doesn’t make economic sense.
How They Get Your Personal Information
The scary part isn’t the fake hacking claims – it’s how they got your real information. Here’s how:
Data Breaches
Your personal details likely came from old data breaches. Companies get hacked, customer databases get stolen, and this information ends up for sale on the dark web. One breach might include your email and name, another your phone number, and yet another your old passwords. This is similar to how account verification email scams and password alert scams operate.
Data Aggregation
Scammers buy multiple breach databases and combine them to create detailed profiles. That’s how they can include your real name, phone number, and an old password you actually used years ago.
What to Do If You Receive This Scam
Don’t Panic
First and most importantly: do not send any money. These scammers have zero evidence because they never actually hacked you. Even if they included your real password or phone number, it doesn’t mean they have access to your devices.
Check If Your Data Was Breached
Visit Have I Been Pwned to see if your email address appears in known data breaches. This will help explain how scammers got your personal information. Understanding how to deal with spam emails can also help you take appropriate action.
Change Your Passwords
If the email included an old password you recognize, change the passwords on any accounts where you might have used it. Use unique, strong passwords for each account.
Scan Your Computer
While the Pegasus claims are fake, it’s still good practice to scan your system for actual malware. Use a Gridinsoft Anti-Malware to make sure your computer is clean.
Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.
After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.
Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.
While the Pegasus scam emails are fake, it’s always wise to ensure your computer is free from actual threats. For comprehensive protection, consider learning about current scam trends and online shopping fraud.
How to Protect Yourself From Future Scams
Be Skeptical of Threatening Emails
Legitimate security researchers and law enforcement don’t communicate through threatening emails demanding Bitcoin payments. If someone had real evidence of wrongdoing, they wouldn’t give you 48 hours to pay up quietly. Learn to spot other common tactics used in phishing attacks and fake security alerts.
Keep Software Updated
Real malware often exploits outdated software vulnerabilities. Keep your operating system, browsers, and security software up to date to reduce the risk of actual infections.
Use Strong, Unique Passwords
The scariest part of these scams is seeing your real password in the message. Prevent this by using unique passwords for every account and changing them regularly.
Enable Two-Factor Authentication
Even if scammers have your password from an old breach, two-factor authentication prevents them from accessing your current accounts.
Why These Scams Keep Working
Despite being obvious fakes to security professionals, Pegasus email scams continue because they exploit basic human psychology. Similar tactics are used in cryptocurrency scams and “we hacked your system” email scams:
Fear of Exposure
The threat of having private activities exposed to friends and family triggers powerful emotional responses that override logical thinking.
Technical Intimidation
Most people don’t understand how malware works, so claims about sophisticated spyware sound plausible even when they’re technically impossible. Understanding the difference between real threats like information stealing malware and fake scam claims helps build better awareness.
Artificial Urgency
The 48-hour deadline prevents victims from researching the scam or consulting with others who might recognize it as fake.
Personalization Creates Credibility
Including real personal information makes the entire message seem more legitimate, even though that data came from unrelated breaches. This personalization technique is also used in phishing attacks and social media investment scams.
The Bottom Line
The “Have you heard of Pegasus” email scam is sophisticated social engineering, but it’s still just that – a scam. The technical claims don’t hold up to scrutiny, the demands are typical of blackmail operations, and no legitimate security incident would be handled this way.
If you receive one of these emails, don’t panic. Delete it, change any passwords mentioned in the message, and move on with your day. The only real threat here is the risk of falling for the scam and losing money to criminals. Stay informed about other current threats like AI-related scams and QR code phishing.
Stay vigilant, keep your software updated, and remember: real cybersecurity threats don’t announce themselves with Bitcoin ransom demands.
Absolutely agree! Pegasus is typically used to target high-profile individuals, and unlike regular spyware, it doesn’t require you to click any link to become infected. It’s also extremely expensive and not your average spyware.