“Hello pervert” is how the email starts and frighteningly it appears to have been sent from your own account. It is a ransom note with the recipient warned that they have been recorded in a compromising act, and will be exposed unless they pay up.
The sender warns “this is a very bad situation for you”, or something similarly threatening.
The email currently doing the rounds is a sextortion scam. It is a phishing attack whereby people are coerced to hand over money by being told they risk having incriminating videos of themselves visiting adult websites shared with friends and family.
In one version of the hoax seen by the Guardian, the subject line warns the Microsoft account-holder “your privacy is gone”. The cybercriminals claim to have installed Pegasus spyware so as to be able to secretly film the person. This hacking software has recorded the individual watching pornography or masturbating, they claim.
What the scam looks like
The phisher says they have gained access to your devices and made videos using your camera, which they threaten to share with “every number in your contact list”, or words to that effect.
In the one message seen by the Guardian the scammer says: “It is going to be a tsunami that will sweep away everything in its path,” adding that they hold the power to “destroy your life”.
The scam is made to sound more credible by including seemingly plausible technical details, such as the use of Pegasus spyware which is capable of recording calls or harvesting photos. The message can sometimes include a password you have used.
What the email asks for
A ransom. In the email shared with the the criminal demands that $1,450 (£1,085) is paid into a cryptocurrency wallet. “I’ll be notified when you open my emаil and from that moment you have exactly 48 hours to send the money,” it says. Once the payment is made they will “delete all videos” and uninstall Pegasus.
Phishing attacks are designed to play on people’s emotions so that they behave in a way that is out of character, according to the UK’s National Cyber Security Centre (NCSC). The phisher is playing a numbers game, hoping that enough people respond to make the scam profitable.
However, the NCSC says: “They do not know if you have a webcam, have been visiting adult websites, or the means by which you communicate with people. In short, they are guessing. The phisher hopes to emotionally trigger people so that they will ‘take the bait’ and pay the ransom.”
What to do
You should not respond to the scammer as this confirms the email address they have used is active. Also do not open any attachments that have been sent. Instead, in the UK forward it to [email protected], which is the suspicious email reporting service, and then delete it.
If you are tempted to pay the ransom be aware that doing so will probably make you a bigger target for scammers as the phisher will know they have a “willing” customer, warns the NCSC.
Do not worry if the phish includes one of your passwords as this has probably been obtained from an historical breach of personal data, rather than through access to your devices. You can check whether your account has been compromised and get future notifications by visiting the website haveibeenpwned.com.
If the email includes a password you still use then change it and if possible add 2-step verification to the account. Also make sure your new email password is strong and is not reused for any other websites.
If you have been a victim of a sextortion scam and have handed over money then report it to your local police force by calling 101 in the UK. Similarly if you need emotional support this is available from charities such as Victim Support by calling 0808 168 9111.