The Pegasus email scam: A new threat that uses photos of your home

What is the Pegasus email scam, and how does it work?

The Pegasus email scam is a large-scale cyber extortion campaign in which threat actors send intimidating emails to victims to pressure them into paying a ransom in cryptocurrency, such as Bitcoin or Litecoin. In these emails, scammers spread false claims that they’ve hacked into your phone using Pegasus spyware and threaten to expose compromising video or audio unless you pay up.

It’s a scary and convincing threat because Pegasus is a notorious spyware that exploits vulnerabilities through “zero-click” attacks on iOS and Android. Once it infiltrates your smartphone, it can secretly access your messages, calls, photos, and videos and even activate your phone’s camera and microphone without your knowledge.

Since Pegasus runs secretly, it’s easy to believe claims that your phone was hacked, especially if you receive a very convincing email.

What are Pegasus scam emails?

Pegasus scam emails are emails that cybercriminals use to frighten you into paying a ransom. To make their threats more convincing, criminals mention your name, phone number, and address in the email. Sometimes, they may even include a photo of your home to make the threat appear more credible and create a sense of urgency.

Typically, criminals take the Pegasus scam to a full-on sextortion campaign. They might claim they’ve recorded explicit content on your malware-infected camera, like videos and audio, while you were visiting adult websites. Then, they threaten to share those recordings with your family, friends, and other contacts on your phone.

Most Pegasus scam emails include:

1. Your personal information, like your phone number or email address.
2. An announcement that criminals have hacked your phone.
3. A claim that they have explicit material coupled with a threat to expose it.
4. A ransom demand.
5. An address (and/or a QR code) for sending cryptocurrency.

Now, let’s explore some real-life examples of these scam emails.

Examples of Pegasus scam emails

Have a look at some examples of Pegasus scam emails to know what you’re dealing with if you ever get one. The first thing you’ll notice is poor grammar, which should always be a red flag that you’re being targeted by scammers.

Pegasus scam email example No. 1

*First Name*,

I know that, XXX-6573 is too personal to reach you.

I won’t beat around the bush. You don’t know anything about me whereas I know you and you must be thinking why are you getting this e-mail, right?

I actually placed Pegasus (spyware) on pxxx website and guess what, you visited same sxx website to have fun (if you know what I mean). And while you were busy watching those videos, your internet browser started working as a RDP (Remote Device) that has a backdoor which provided me accessibility to your screen and also your camera controls. Immediately after that, my software program obtained all of your information and your complete contacts from device including all of your photos.

Exactly what I want?

It is simply your misfortune that I am aware of your misdemeanor. I then invested in more days than I probably should have exploring into your data and prepared a split-screen videotape. First part shows the recording you were watching and 2nd part displays the capture from your web camera (it is someone doing nasty things). In good faith, I am ready to delete everything about you and allow you to continue with your regular life. And I will present you two options which will achieve it. These two alternatives are to either turn a blind eye to this letter (bad for you and your family), or pay me a small amount.

What should you do?

Let us understand these 2 options in more details. Alternative one is to ignore my e mail. Let us see what is going to happen if you choose this path. I definitely will send your sxxxxxx to your entire contacts including friends and family, co- workers, and so forth. It will not protect you from the humiliation your household will face when relatives and buddies discover your unpleasant videotape from me in their inbox. Wise option is to pay me, and be confidential about it. We will name it my “privacy charges”. Now Lets see what will happen if you opt this path. Your dirty secret Will remain your secret. I’ll keep my mouth shut. After you pay, You go on with your daily life and family as if nothing ever happened. You will make the transfer through Bitcoin.

Required Amount: $4950

BTC ADDRESS: 12PY3MibuWtNHjszG4xxxxxxxxxxxxxxxx

(Here is QR code, scan it)

Important: You have one day to make the payment. (I have a special pixel in this email message, and now I know that you have read through this mail). The task to acquire bitcoins usually takes some efforts so don’t delay. If I don’t get the BitCoins, I will definitely send your sxxxxxx to all of your contacts including close relatives, colleagues, and so on. nevertheless, if I receive the payment, I’ll destroy the video immediately. If you really want evidence, reply with “yes!” and I will certainly send out your video to your 8 friends every day. It is a non negotiable one time offer, thus kindly do not waste my personal time & yours by replying to this e-mail. Let me remind you, my malware will be sharing what action you adopt when you are done reading this email. Let me tell you If I see any suspicious activity from your web history then I’ll share your sxxxxxx to your close relatives, coworkers even before time finishes.

Pegasus scam email example No. 2

You have been hacked

Hello pervert, I’ve sent this message from your iCloud mail.

I want to inform you about a very bad situation for you. However, you can benefit from it, if you will act wisely.

Have you heard of Pegasus? This is a spyware program that installs on computers and smartphones and allows hackers to monitor the activity of device owners. It provides access to your webcam, messengers, emails, call records, etc. It works well on Android, iOS, and Windows. I guess, you already figured out where I’m getting at.

It’s been a few months since I installed it on all your devices because you were not quite choosy about what links to click on the internet. During this period, I’ve learned about all aspects of your private life, but one is of special significance to me.

I’ve recorded many videos of you jxxxxxx off to highly controversial pxxx videos. Given that the “questionable” genre is almost always the same, I can conclude that you have sick pxxxxxxxxx.

I doubt you’d want your friends, family and co-workers to know about it. However, I can do it in a few clicks.

Every number in your contact list will suddenly receive these videos- on WhatsApp, on Telegram, on Instagram, on Facebook, on email – everywhere. It is going to be a tsunami that will sweep away everything in its path, and first of all, your former life.

Don’t think of yourself as an innocent victim. No one knows where your pxxxxxxxx might lead in the future, so consider this a kind of deserved punishment to stop you.

I’m some kind of God who sees everything. However, don’t panic. As we know, God is merciful and forgiving, and so do I. But my mercy is not free.

Transfer 850 USD to my Litecoin (LTC)

wallet: ltc1qjpua6w4zqvhdwlt7hxxxxxxxxxxxxxxxxxxxxx

Once I receive confirmation of the transaction, I will permanently delete all videos compromising you, uninstall Pegasus from all of your devices, and disappear from your life. You can be sure – my benefit is only money. Otherwise, I wouldn’t be writing to you, but destroy your life without a word in a second.

I’ll be notified when you open my email, and from that moment you have exactly 48 hours to send the money. If cryptocurrencies are unchartered waters for you, don’t worry, it’s very simple. Just google “crypto exchange” or “buy Litecoin” and then it will be no harder than buying some useless stuff on Amazon.

I strongly warn you against the following:

* Do not reply to this email. I’ve sent it from your iCloud mail.

* Do not contact the police. I have access to all your devices, and as soon as I find out you ran to the cops, videos will be published.

* Don’t try to reset or destroy your devices. As I mentioned above: I’m monitoring all your activity, so you either agree to my terms or the videos are published. Also, don’t forget that cryptocurrencies are anonymous, so it’s impossible to identify me using the provided address.

Good luck, my perverted friend. I hope this is the last time we hear from each other.

Pegasus scam email example No. 3

Hello, I'm going to share important information with you.

Have you heard about Pegasus?

You have become a collateral victim. It's very important that you read the information below.


Your phone was penetrated with a “zero-click” attack, meaning you didn't even need to click on a malicious link for your phone to be infected.

Pegasus is a malware that infects iPhones and Android devices and enables operator of the tool to extract messages, photos and emails,

record calls and secretly activate cameras or microphones, and read the contents of encrypted messaging apps such as WhatsApp, Facebook, Telegram and Signal.


Basically, it can spy on every aspect of your life. That's precisely what it did.

I am a blackhat hacker and do this for a living. Unfortunately you are my victim. Please read on.


As you understand, I have used the malware capabilities to spy on you.

And by that I mean that I have collected your parts of your private life.


My only goal is to make money. And I have perfect leverage for this.

As you can imagine in your worst dream, I have videos of you exposed during the most private moments of your life, when you are not expecting it.


I personally have no interest in them, but there are public websites, that have perverts loving that content.

As I said, I only do this to make money and not trying to destroy your life. But if necessary, I will publish the videos.

If this is not enough for you, I will make sure your contacts, friends and everybody you know see those videos as well.


Here is the deal. I will delete the files after I receive 0.035 Bitcoin (about 1600 US Dollars).

You need to send that amount here 1AXNYLDEG5YEzc2eyUh7SUYYKeRUaRwseu


I will also clear your device from malware, and you keep living your life.

Otherwise, shit will happen.



The fee is non negotiable, to be transferred within 2 business days.


Obviously do not try to ask for any help from anybody unless you want your privacy to be violated.

I will monitor your every move until I get paid. If you keep your end of the agreement, you wont hear from me ever again.

Take care.

The scam emails typically mention these crypto wallet addresses:

• 12PY3MibuWtNHjszG4YMSaSEFf6Y8P2zcN
• 1AXNYLDEG5YEzc2eyUh7SUYYKeRUaRwseu
• 17KHqeibF7TWfb9dvPRrbRhvwpkYPd8R3R, ltc1q2yd2s2nq8vgw3swqfhudztarrfwakj96tk7s82 ltc1qughecqtek6x5mfjrhwf0wvg8cqgdehmhyxkluw ltc1qpj5nfh4j6p7fnn5zwt8jsukz6fum2uj4use6e5
• 1Dz3tE5mspT4fk9fxkfZk6fBcgav28XxRd
• Ltc1qjpua6w4zqvhdwlt7hdesshu9fgjfl0525lxvew
• 1P1muuaa35mkDDxaKZcvTSUqPAtMo1j8nr ltc1qpyvf4vkw8xg775jduf4uwyecesgd93g579skm7 bc1q34vjur6yxxra3mjktr2qu5wrkvelgrw47wf93k ltc1q33rqzm8ry5q3y7nv7m8degk9smp6aqxd0lt9z4

These are the most popular email and crypto wallet address examples, but scammers may change them at any time. Nevertheless, the emails will still reference the Pegasus malware and include an address for transferring the ransom payment. But should you really be worried about a hack if you receive an email like that?

Have you really been hacked?

No, you have not been hacked. There is no evidence to support that cybercriminals actually use Pegasus spyware to hack into your phone. Mentioning Pegasus is just a scare tactic to pressure you into acting impulsively and paying the ransom. The criminals only have the information about you that they’ve likely obtained from data breaches.

Pegasus is a very expensive malware. In 2016, the cost of installing Pegasus on ten phones was over $650,000, plus a $500,000 set-up fee. Due to its high operational costs, Pegasus is primarily used against high-profile targets, such as journalists, politicians, and business leaders, which means that the cost of launching it against regular people is unrealistically high.

How did hackers get your data?

Hackers typically get your data from previous data breaches. For example, your information could have been compromised through a breach of an online retailer’s website. Imagine you register on an online shopping platform by providing your delivery details, like your full name, address, phone number, and email. If someone hacks that retailer, they might leak or sell your personal information on the dark web.

In some cases, hackers also release your login credentials and password for that website. Now, all Peagsus scammers need to do is get your details from the dark web.

Unfortunately, data breaches are very common, and any information you provide online is at risk.

How to protect yourself from a Pegasus email scam

To protect yourself from a Pegasus email scam, you should ignore any suspicious emails that claim your device has been hacked, especially those demanding a ransom. Don’t worry if you’ve accidentally opened a phishing email — it won’t harm you if you don’t interact with its content. Just make sure you don’t engage with the sender and never click on links, download attachments, or scan QR codes in suspicious emails because they may contain malicious software.

If you receive an email mentioning Pegasus, block the email and report it to your email provider. Then, delete the email immediately.

Be proactive in protecting your online privacy. Update your passwords regularly and use a password manager to create and store strong, unique passwords for each account.

To boost your cybersecurity, start using advanced cyber protection tools like a VPN. A VPN encrypts your online traffic, ensuring that any data you send or receive is protected from snoopers. Encryption makes it much harder for anyone to intercept and use your personal information in scams, such as the Pegasus email scam.

For example, the most comprehensive NordVPN subscriptions come bundled with the Threat Protection Pro™ feature, which blocks your access to malicious websites, including fake online stores. With Threat Protection Pro, you won’t accidentally stumble upon a scam website or provide your personal information on it, which scammers might then use in their cyber extortion schemes.

Even with the strictest security measures in place, there is still a slight chance of a data breach. That’s why you should consider using NordVPN’s Dark Web Monitor, which notifies you if it finds your data on the dark web. This way, you’ll be able to secure your accounts immediately by changing their passwords.