{"id":100437,"date":"2024-06-18T06:16:27","date_gmt":"2024-06-18T13:16:27","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=100437"},"modified":"2024-12-07T00:22:26","modified_gmt":"2024-12-07T08:22:26","slug":"porn-blackmail-sextortion-emails-have-you-been-hacked-a-new-scam-hello-pervert-pegasus","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/porn-blackmail-sextortion-emails-have-you-been-hacked-a-new-scam-hello-pervert-pegasus\/","title":{"rendered":"Porn blackmail “sextortion” emails: Have you been hacked? A new scam"},"content":{"rendered":"

\"\"<\/p>\n

Malicious spam emails claiming that your computer has been hacked\u2014and demanding you pay a ransom to stop them from distributing your browsing history and videos of you engaging in activities that you would like to keep private\u2014are not new.<\/p>\n

It’s a type of scam<\/a> that can earn money for the scammers, if victims are convinced that they were hacked. But, in reality, it’s unlikely that any such hack has taken place.<\/p>\n

Let’s discuss a novel attack that we’ve seen in the wild recently, so you’ll know what to look for.<\/p>\n

A new porn blackmail email referencing Pegasus spyware<\/h3>\n

A new porn blackmail email has been going around; it has only been spotted in the past several weeks. To understand why these emails are fake, we’re going to examine the text of this email and explain why its claims are false.<\/p>\n

Subject: You have been hacked<\/p><\/blockquote>\n

That’s a cleverly deceptive subject line; most people will open and read the email.<\/p>\n

Hello pervert, I’ve sent this message from your iCloud mail.<\/p><\/blockquote>\n

This strong first sentence grabs the reader’s attention. The “From:” address is spoofed (falsified), so has the appearance of having been sent from the recipient’s account.<\/p>\n

I want to inform you about a very bad situation for you. However, you can benefit from it, if you will act wis\u0435ly.<\/p><\/blockquote>\n

I’m not sure how the recipient can benefit, but I’ll read on.<\/p>\n

Have you heard of Pegasus? This is a spyware program that installs on computers and smartphones and allows hackers to monitor the activity of device owners. It provides access to your webcam, messengers, emails, call records, etc. It works well on Android, iOS, and Windows. I guess, you already figured out where I\u2019m getting at.<\/p><\/blockquote>\n

What is Pegasus spyware? Can hackers use it against me?<\/h3>\n

Pegasus spyware<\/a> is, indeed, quite powerful. It is used by nation-state level threat actors to target specific individuals, and it usually spreads through highly targeted attacks. (Read this article where we explain how Pegasus is used<\/a>. And here’s another email scam claiming to use Pegasus from 2021<\/a>.) However, this is not a tool that random hackers can access.<\/p>\n

In addition, Pegasus, one other similar types of spyware, exploit “zero-day” vulnerabilities in operating systems; these are newly discovered vulnerabilities that the developer, such as Apple, hasn’t yet patched. Apple regularly issues security updates, specifically for the types of vulnerabilities used to infect devices with this type of spyware.<\/p>\n

It\u2019s been a few months since I installed it on all your devices because you were not quite choosy about what links to click on the int\u0435rn\u0435t. During this period, I\u2019ve learned about all aspects of your private life, but one is of special significance to me.<\/p>\n

I\u2019ve recorded many videos of you j**king off to highly controversial \u0440orn videos. Given that the \u201cquestionable\u201d genre is almost always the same, I can conclude that you have sick \u0440\u0435rv\u0435rsi\u043en.<\/p><\/blockquote>\n

It’s extremely unlikely that some hacker or malware has activated your camera<\/a> without your knowledge if you’re using a Mac or iPhone; if that had happened, you would have seen a circle of green light next to the front-facing camera. And on both platforms, you have to give apps permission to use your camera in the first place.<\/p>\n

Threats of exposing the user’s activity to friends, family, and coworkers<\/h3>\n

Now we get to the heart of the email: an accusation of activities that the recipient might want to hide:<\/p>\n

I doubt you\u2019d want your friends, family and co-workers to know about it. However, I can do it in a few clicks.<\/p><\/blockquote>\n

That’s the threat. Some people may have engaged in the type of activities the email discusses and may feel that they are at risk. But can the hacker do what they claim?<\/p>\n

Pegasus primarily targets and infects smartphones running iOS or Android. The hacker says it works on Windows, but there aren’t any known variants that infect Windows PCs or Macs. There are other types of spyware, but if you are careful in your Internet use, and you use antivirus software such as Intego’s VirusBarrier X9 for Mac<\/a> or Intego Antivirus for Windows<\/a><\/strong>, you’re protected from this type of malware.<\/p>\n

Can a hacker get all your contacts on WhatsApp, Telegram, Instagram, and Facebook?<\/strong><\/h4>\n

Next, the email makes claims about being able to contact everyone you know:<\/p>\n

Every number in your contact list will suddenly receive these vid\u0435\u043es\u2013 on WhatsApp, on Telegram, on Instagram, on Facebook, on email \u2013 everywhere. It is going to be a tsunami that will sweep away everything in its path, and first of all, your f\u043erm\u0435r life.<\/p><\/blockquote>\n

While this creative writing may be convincing, the threat isn’t very plausible. It could hypothetically be possible, if someone had actually installed spyware that can record your keystrokes, or stealer malware<\/a> to exfiltrate your app data. But even then, it’s hard to sort out all those keystrokes to find your credentials for each of the services they named. And while stealer malware is rampant on Macs and Windows PCs, it’s less common on Android, and least common on iPhone. Again, the average cybercriminal doesn’t have access to really powerful mobile phone spyware like Pegasus.<\/p>\n

It’s worth noting that the threat could be a little more plausible if you follow the bad practice of reusing the same password across multiple sites<\/a>; this is why it’s so important to use a trusted password manager<\/a> and unique passwords instead.<\/p>\n

Don\u2019t think of yourself as an innocent victim. No one knows where your \u0440\u0435rv\u0435rsi\u043en might lead in the future, so consider this a kind of deserved \u0440unishm\u0435nt to stop you.<\/p>\n

I\u2019m some kind of God who sees everything. However, don\u2019t panic. As we know, God is merciful and forgiving, and so do I. But my mercy is not free.<\/p><\/blockquote>\n

Delusions of grandeur, but with the carrot of offering forgiveness. For a price…<\/p>\n

Transfer 700 USD to my Litecoin (LTC) wallet: REDACTED<\/p><\/blockquote>\n

The “sextortion” blackmail scam<\/h3>\n

This is the definition of “sextortion”: a form of blackmail in which sexual information, images, or videos are used to extort money from the victim. Sextortion can be a real problem for someone who has ever shared nude images with someone who later abused them. However, this sort of email is a scam; it’s not claiming to have images that you shared while sexting<\/a>; it’s claiming to have monitored your activities.<\/p>\n

The average computer user has no idea what Litecoin is. They might have heard of Bitcoin<\/a>, and there are hundreds of alternative cryptocurrencies<\/a>.<\/p>\n

Interestingly, while cryptocurrency transactions are anonymous, blockchain records are public; so by looking up the address in the email, one can see how much this scammer has earned so far:<\/p>\n

\"\"<\/p>\n

Once I receive confirmation of the transaction, I will permanently delete all videos compromising you, uninst\u0430ll Pegasus from all of your devices, and disappear from your life. You can be sure \u2013 my benefit is only money. Otherwise, I wouldn\u2019t be writing to you, but destroy your life without a word in a second.<\/p><\/blockquote>\n

It goes without saying, but it would be unwise to believe that an unethical blackmailer would be completely honest and true to their word.<\/p>\n

I\u2019ll be notified when you open my email, and from that moment you have exactly 48 hours to send the money. If cryptocurrencies are unchartered waters for you, don\u2019t worry, it\u2019s very simple. Just google \u201ccrypto exchange\u201d or “buy Litecoin” and then it will be no harder than buying some useless stuff on Amazon.<\/p><\/blockquote>\n

It would be possible in a standard HTML email to include a remotely loaded image, even a hidden one (an invisible pixel); unfortunately, Gmail and most mail apps default to automatically loading all remote images in emails. But in this case, the scam email we observed was sent as plain text, so there would have been no way for a supposed hacker to know when it was opened.<\/p>\n

Don’t buy cryptocurrency for cybercriminals<\/h3>\n

It is relatively easy to buy cryptocurrencies; you can use a credit card. But there’s the risk of ending up on a scam site that records your credit card number, and, well, you can see where that is going…<\/p>\n

I strongly warn you against the following:
\nDo not reply to this email. I’ve sent it from your iCloud mail.
\nDo not contact the police. I have access to all your devices, and as soon as I find out you ran to the cops, videos will be published.
\nDon\u2019t try to reset or destroy your devices. As I mentioned above: I\u2019m monitoring all your activity, so you either agree to my terms or the vid\u0435\u043es are published.
\nAlso, don\u2019t forget that cryptocurrencies are anonymous, so it\u2019s impossible to identify me using the provided address.<\/p><\/blockquote>\n

Those are the usual threats of blackmailers and kidnappers: don’t go to the police, or else.<\/p>\n

If you did have Pegasus or other spyware on a device, it would be deleted by resetting the device to factory settings, or erasing a Mac’s drive.<\/p>\n

Can hackers monitor everything you do online?<\/h3>\n

The bit about “monitoring all your activity” is overkill; because while it may be possible to install Pegasus on one device, getting it on multiple devices is difficult. And, again, Pegasus in particular is designed to infect phones, not computers.<\/p>\n

It would take an extraordinary amount of effort and hacking skills to somehow infect multiple devices, with a separate kind of malware on each. And it’s very difficult to actually install malware on an iPhone, so such claims are pretty sketchy and implausible.<\/p>\n

Good luck, my perverted friend. I hope this is the last time we hear from each other.<\/p>\n

And some friendly advice: from now on, don\u2019t be so careless about your online security.<\/p><\/blockquote>\n

This is the only true statement in the email; you need to take your online security seriously. Even though this is a scam, don’t click on random links in emails, don’t visit dodgy websites, and don’t reuse passwords<\/a>, which could allow hackers who acquire databases of credentials leaked from websites to access your important accounts.<\/p>\n

Beware of scams, and protect your devices and accounts<\/h3>\n

This sort of webcam blackmail<\/a> is not new, and suggesting that Pegasus was used can scare people who may have read about that spyware in the news. You need to know that they are scams, and that they use social engineering to try to convince you that you have been hacked.<\/p>\n

Malware that infects smartphones, especially iPhone, is rare. It’s more realistic that your computer (e.g. a Mac or Windows laptop or desktop) may have been hacked or infected by some malware. It’s true that some malware can activate a computer’s camera and microphone. You can scan your Mac or Windows computer with Intego antivirus software to check whether or not it’s infected.<\/p>\n

4 key tips for protecting your online privacy and security<\/h3>\n

Here are four crucial things you should do to ensure that you’re keeping yourself safe from hackers and spyware.<\/p>\n

1. Keep your operating system and apps updated<\/strong><\/h4>\n

The most important thing you can do to protect your online security is to keep all your devices updated with the latest operating system<\/strong>.<\/p>\n

Don’t use iPhones<\/a>, Macs<\/a>, or iPads<\/a> that are so old that Apple no longer issues security updates for their operating systems. Using an outdated OS means your device is missing critical security patches; these often include fixes for vulnerabilities that hackers are already exploiting in the wild.<\/p>\n

2. Use unique passwords everywhere<\/strong><\/h4>\n

Use a unique password for every site<\/strong>, and keep track of them using a trusted password manager<\/a>. This helps ensure that you can’t be hacked through credential stuffing attacks<\/a>, where cybercriminals use leaked passwords from data breaches to break into accounts.<\/p>\n

3. Use antivirus software from a company you can trust<\/strong><\/h4>\n

Be sure to install anti-malware protection software<\/strong>, such as VirusBarrier X9 for Mac<\/a>, or Intego Antivirus for Windows<\/a>, in case you really do end up with a malware infection (spyware, data stealers<\/a>, or otherwise). Reputable antivirus software can clean existing malware infections, and it can prevent future infections as well.<\/p>\n

4. Stay informed via e-mail and social media<\/strong><\/h4>\n

Last but not least, stay informed by subscribing to our free e-mail newsletter<\/strong><\/a>. You’ll also want to follow Intego on social media<\/a> <\/strong>and enabling notifications. Staying up to date about the latest scams and threats will help you be prepared when facing dangerous situations online.<\/a><\/p>\n

How can I learn more?<\/h3>\n

\"\"<\/a>Each week on the Intego Mac Podcast<\/strong><\/a>, Intego’s Mac security experts discuss the latest Apple news, including security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast<\/strong><\/a> to make sure you don\u2019t miss any episodes.<\/p>\n

You can also subscribe to our e-mail newsletter<\/strong><\/a> and keep an eye here on The Mac Security Blog<\/strong><\/a> for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: \"Follow<\/a>\u00a0\"Follow<\/a>\u00a0\"Follow<\/a>\u00a0\"Follow<\/a>\u00a0\"Follow<\/a>\u00a0\"Follow<\/a>\u00a0\"Follow<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Porn blackmail emails aren’t new, but this one referencing Pegasus is worth examining. Learn how to tell whether such messages are a scam or not; they probably are.<\/p>\n","protected":false},"author":46,"featured_media":100784,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[13],"tags":[53,1834,4039,3070,4264,116,3364,3370],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\n\n\t\n\t\n\t\n