{
	"id": "b963afac-71ca-409d-88dc-b7073a10d209",
	"created_at": "2026-04-06T00:09:14.556577Z",
	"updated_at": "2026-04-10T03:30:57.304872Z",
	"deleted_at": null,
	"sha1_hash": "e45144a03efb5a9ebe970506f796d037671afefa",
	"title": "“Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 53496,
	"plain_text": "“Hello pervert” sextortion scam includes new threat of Pegasus—\r\nand a picture of your home\r\nBy Pieter Arntz\r\nPublished: 2024-09-04 · Archived: 2026-04-05 22:05:53 UTC\r\nAfter using passwords obtained from one of the countless breaches as a lure to trick victims into paying, the\r\n“Hello pervert” sextortion scammers have recently introduced two new pressure tactics: Name-dropping the\r\ninfamous Pegasus spyware and adding pictures of your home environment.\r\nThey do this to add credibility to the false claims that the scammers have been watching your online behavior and\r\ncaught you red-handed during activities that you would like to keep private amongst your friends and family.\r\nThe email usually starts with “Hello pervert” and then goes on to claim that the target has been watching\r\npornographic content. The scammers often claim to have footage of what you were watching and what you were\r\ndoing while watching.\r\nTo stop the sender from spreading the incriminating footage, the target will have to pay the scammer, or else they\r\nwill send it to everyone in their email contacts list.\r\nMore recently, scammers have started increasing their threats by mentioning a powerful spyware called “Pegasus.”\r\nSeveral versions of these scam emails have included the following text:\r\nHave you heard of Pegasus? This is a spyware program that installs on computers and smartphones and\r\nallows hackers to monitor the activity of device owners. It provides access to your webcam,\r\nmessengers, emails, call records, etc. It works well on Android, iOS, and Windows.\r\nThough Pegasus is indeed a powerfully invasive spyware tool, the threat of its use, as included in these scam\r\nemails, is entirely empty. This is because Pegasus has never been observed outside of a surveillance campaign\r\ncarried out, specifically, by governments. Time and time again, Pegasus has been used by oppressive government\r\nregimes to spy on political dissidents, human rights activists, and watchdog journalists. There is essentially no\r\nproof that such a closely-guarded spyware has ended up in the hands of everyday scammers.\r\nBut the pressure tactics don’t end with Pegasus, as many of these emails include an old (or active) password that a\r\nscam target has used in the past. Here, this isn’t some act of advanced hacking. Instead, it is likely that the\r\nscammers bought your password from other cybercriminals that obtained them during one of the countless data\r\nbreaches that hit company after company every week.\r\nWhen scammers have access to such data, it may also include your physical address. With that knowledge,\r\nscammers have increased their threats by simply adding a photograph of your personal neighborhood by looking it\r\nup online. For most places in inhabited areas, you can grab such pictures from Google Maps or similar apps.\r\nhttps://www.malwarebytes.com/blog/news/2024/09/hello-pervert-sextortion-scam-includes-new-threat-of-pegasus-and-a-picture-of-your-home\r\nPage 1 of 3\n\nA Reddit user demonstrated this by finding that such a scammer used an old PO box address. But it’s true that this\r\nadds a convincing argument to the claim that the sender has been spying on you.  \r\nAs an extra threat the email may include something like:\r\n“Or is visiting [your physical address] a more convenient way to contact if you don’t take action. Nice\r\nlocation btw.”\r\nImplying that they know where you live and threatening to stop by and create a scene.\r\nHow to recognize “Hello pervert” emails\r\nOnce you know what’s going on it’s easy to recognize these emails. Remember that not all of the below\r\ncharacteristics have to be included in these emails, but all of them are red flags in their own right.\r\nThey often look as if they came from one of your own email addresses.\r\nThe scammer accuses you of inappropriate behavior and claims to have footage of that behavior.\r\nIn the email the scammer claims to have used Pegasus or some Trojan to spy on you through your own\r\ncomputer.\r\nThe scammer says they know “your password.”\r\nYou are urged to pay up quickly or the so-called footage will be spread to all your contacts. Often you’re\r\nonly allowed one day to pay.\r\nThe actual message often arrives as an image or a pdf attachment. Scammers do this to bypass phishing\r\nfilters.\r\nHow to react to “Hello pervert” emails\r\nFirst and foremost, never reply to emails of this kind. It may tell the sender that someone is reading the emails sent\r\nto that address and they will repeatedly try new and other methods to defraud you.\r\nIf the email included a password, make sure you are not using it any more and if you are, change it as soon\r\nas possible.\r\nIf you are having trouble organizing your password, have a look at a password manager.\r\nDon’t let yourself get rushed into action or decisions. Scammers rely on the fact that you will not take the\r\ntime to think this through and subsequently make mistakes.\r\nDo not open unsolicited attachments. Especially when the sender address is suspicious or even your own.\r\nFor your ease of mind, turn of your webcam or buy a webcam cover so you can cover it when you’re not\r\nusing the webcam.\r\nCheck your digital footprint\r\nIf you want to find out what personal data of yours has been exposed online, you can use our free Digital\r\nFootprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use)\r\nand we’ll send you a free report.\r\nhttps://www.malwarebytes.com/blog/news/2024/09/hello-pervert-sextortion-scam-includes-new-threat-of-pegasus-and-a-picture-of-your-home\r\nPage 2 of 3\n\nWe don’t just report on threats—we help safeguard your entire digital identity\r\nCybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information\r\nby using identity protection.\r\nAbout the author\r\nWas a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich\r\nmahogany and leather-bound books.\r\nSource: https://www.malwarebytes.com/blog/news/2024/09/hello-pervert-sextortion-scam-includes-new-threat-of-pegasus-and-a-picture-of-yo\r\nur-home\r\nhttps://www.malwarebytes.com/blog/news/2024/09/hello-pervert-sextortion-scam-includes-new-threat-of-pegasus-and-a-picture-of-your-home\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.malwarebytes.com/blog/news/2024/09/hello-pervert-sextortion-scam-includes-new-threat-of-pegasus-and-a-picture-of-your-home"
	],
	"report_names": [
		"hello-pervert-sextortion-scam-includes-new-threat-of-pegasus-and-a-picture-of-your-home"
	],
	"threat_actors": [
		{
			"id": "f9806b99-e392-46f1-9c13-885e376b239f",
			"created_at": "2023-01-06T13:46:39.431871Z",
			"updated_at": "2026-04-10T02:00:03.325163Z",
			"deleted_at": null,
			"main_name": "Watchdog",
			"aliases": [
				"Thief Libra"
			],
			"source_name": "MISPGALAXY:Watchdog",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434154,
	"ts_updated_at": 1775791857,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e45144a03efb5a9ebe970506f796d037671afefa.pdf",
		"text": "https://archive.orkl.eu/e45144a03efb5a9ebe970506f796d037671afefa.txt",
		"img": "https://archive.orkl.eu/e45144a03efb5a9ebe970506f796d037671afefa.jpg"
	}
}