The best way to deal with the “Hello pervert” sextortion email scam if you are targeted is as follows:

- Do not reply to the email. Responding confirms to the scammer that your email is active and may lead to more attempts to defraud you.

- Do not pay any ransom. The threats are baseless; scammers do not have any compromising footage or spyware like Pegasus installed on your device. Pegasus spyware is a highly controlled government tool and is not used by everyday scammers.

- If the email includes a password you have used, change that password immediately. This password was likely obtained from a previous data breach, not from hacking your device directly.

- Use a password manager to organize and create strong, unique passwords for all your accounts to prevent future breaches.

- Do not open any attachments or click on any links in the email, especially if the sender's address looks suspicious or even if it appears to be your own.

- Turn off your webcam or use a physical webcam cover for peace of mind, although the claim that scammers have accessed your webcam is false.

- Be aware that scammers may include a photo of your neighborhood or your physical address by finding it online to intimidate you, but this does not mean they have actually hacked your devices.

- Avoid rushing into decisions. Scammers rely on panic to pressure victims into paying quickly.

- Check your digital footprint to see what personal data may have been exposed online. Services like the free Digital Footprint scan can help you identify exposed information.

- Consider using identity protection services to safeguard your personal information and monitor for further risks.

Recognize the scam by these signs: the email starts with “Hello pervert,” accuses you of inappropriate behavior, claims to have footage, mentions Pegasus spyware, includes a known password, and pressures you to pay quickly or face exposure. The message often arrives as an image or PDF to bypass filters[1][2].

Citations:
[1] https://www.malwarebytes.com/blog/news/2024/09/hello-pervert-sextortion-scam-includes-new-threat-of-pegasus-and-a-picture-of-your-home
[2] https://www.malwarebytes.com/blog/news/2024/09/hello-pervert-sextortion-scam-includes-new-threat-of-pegasus-and-a-picture-of-your-home

Based on information from Malwarebytes and other cybersecurity sources, here's the best way to deal with the “Hello Pervert” sextortion email scam, especially the variant mentioning Pegasus and including a picture of your home:

1. Do Not Panic: This is the most crucial step. These emails are designed specifically to frighten you into acting impulsively. The claims are almost certainly false.

2. Do Not Reply: Replying confirms to the scammers that your email address is active and monitored. This can lead to more scam attempts.

3. Do Not Pay the Ransom: Paying encourages scammers and provides no guarantee they won't try to extort you again (even though they likely have no compromising material). The Bitcoin wallets associated with these scams are often empty.

4. Do Not Click Links or Open Attachments: The email (or attachments like PDFs/images containing the text) might contain malicious links or malware.

5. Recognize the Tactics:

• Pegasus Threat: This is an empty threat designed to sound scary. Pegasus is sophisticated spyware used in targeted government-level surveillance, not by common email scammers in mass campaigns like this.
• Picture of Your Home: Scammers easily obtain these images from public sources like Google Maps Street View. It doesn't mean they've physically been near your home or hacked anything specific to you; it's just publicly available data used to make the threat feel more personal and invasive.
• Mentioning a Password: If the email includes a password you use (or used), it was likely obtained from a past data breach, not from hacking your device directly.
• Email Spoofing: The email might appear to be sent from your own account. This is a common technique called “spoofing” and does *not* mean your email account itself has been hacked (though changing your password is still wise).

6. Secure Your Accounts:

• Change your email password immediately, especially if the scam email mentioned a password you currently use. Make it strong and unique.
• Enable Two-Factor Authentication (2FA or MFA) on your email account and any other sensitive accounts.
• Consider using a password manager to create and manage strong, unique passwords for all your accounts.

7. Mark as Spam/Junk and Delete: Report the email as spam or junk within your email client. This helps train the filters to block similar emails in the future. Then, delete the email.

8. Report the Scam:

• Forward the phishing email to the UK's National Cyber Security Centre (NCSC) at `[email protected]`.
• You can also report it to Action Fraud (the UK's national reporting centre for fraud and cybercrime).

9. Run a Malware Scan: For peace of mind, run a full scan of your computer using reputable anti-malware software (like Malwarebytes or another trusted provider).

10. Consider Privacy Measures:

• You can request Google to blur your home on Street View if this concerns you.
• Review your online presence and privacy settings on social media and other sites to limit how easily your personal details (like address) can be found. Malwarebytes offers a free “Digital Footprint” scan to help check your online exposure.
• Use a physical cover for your webcam when it's not in use.

In summary, treat this email as a bluff. It uses publicly available information and scare tactics (like mentioning Pegasus) to pressure victims. Do not engage, do not pay, secure your accounts, report it, and delete it.

Receiving an email like the “Hello Pervert” sextortion scam can be alarming, especially with its threats of Pegasus spyware and a picture of your home. I understand how unsettling this must feel, but there are clear, practical steps you can take to handle it safely and protect yourself. Here’s what you should do if you’re targeted by this scam:

Step-by-Step Guide to Dealing with the “Hello Pervert” Sextortion Scam

1. Don’t Panic—It’s Likely a Bluff - Sextortion scams, including this one, often rely on fear rather than real evidence. The mention of Pegasus spyware and a photo of your home is designed to intimidate you, but scammers typically don’t have the sophisticated tools or personal data they claim. Pegasus, for instance, is a high-end tool used by governments, not common cybercriminals.

- Reassure yourself: this is a widespread scam, and you’re not alone in receiving it. The threats are likely empty. 2. Do Not Respond or Engage - Avoid replying to the email, even to deny the claims or demand proof. Any response signals to the scammer that your email is active, which could lead to more harassment.

- Don’t click on any links or attachments in the email—they could install malware or phishing tools on your device. 3. Don’t Pay the Ransom - Paying the demanded ransom (often in cryptocurrency like Bitcoin) won’t stop the threats. Scammers may see you as an easy target and demand more money instead of honoring their promises.

- There’s no evidence that paying resolves the issue, and it only fuels their criminal activity. 4. Check Your Devices for Safety - Run a Malware Scan: Use trusted antivirus software (like Malwarebytes, mentioned in the article) to scan your computer, phone, or other devices for malware. This ensures no malicious software was accidentally installed from prior interactions.

- Update Software: Ensure your operating system, apps, and security software are up to date to patch vulnerabilities scammers might exploit.

- Change Passwords: If you reuse passwords or suspect any accounts might be compromised, update them to strong, unique ones. Enable two-factor authentication (2FA) where possible for added security. 5. Secure Your Online Presence - Limit Personal Information: Review your social media and online accounts to remove or privatize details (like your address) that scammers could use to make threats seem credible.

- Be Cautious Moving Forward: Avoid sharing sensitive information in emails or on untrusted websites, as scammers often gather data from breaches or phishing attempts. 6. Report the Scam (Optional) - Email Provider: Mark the email as spam or phishing in your email client to help filter similar messages in the future.

- Authorities: You can report it to local law enforcement or agencies like the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov. However, since these scams often originate overseas, legal action may be limited.

- Consumer Protection: In some regions, organizations like the Federal Trade Commission (FTC) accept scam reports to track trends. 7. Delete the Email - Once you’ve taken the above steps, delete the email. Keeping it might tempt you to re-engage or cause unnecessary worry. It’s best to move on.

General Tips to Prevent Future Scams

- Stay Vigilant: Be skeptical of unsolicited emails, especially those with threats or demands for money.

- Keep Software Updated: Regular updates reduce the risk of exploitation by cybercriminals.

- Educate Others: Share this advice with friends or family who might also be targeted, as awareness is a strong defense.

Final Thoughts

I know this experience can be distressing, but by not engaging, securing your devices, and taking control of your online safety, you can protect yourself effectively. You’re not alone—millions face similar scams, and there are resources available if you need more help. If you’re still worried or have questions, feel free to reach out to a trusted friend, IT professional, or online support forums.

Disclaimer: This advice is general and based on common practices for handling email scams. For specific concerns or if you suspect real harm, consider consulting a cybersecurity expert or legal professional.