The best way to deal with the “Hello pervert” sextortion email scam if you are targeted is as follows:

- Do not reply to the email. Responding confirms to the scammer that your email is active and may lead to more attempts to defraud you.

- Do not pay any ransom. The threats are baseless; scammers do not have any compromising footage or spyware like Pegasus installed on your device. Pegasus spyware is a highly controlled government tool and is not used by everyday scammers.

- If the email includes a password you have used, change that password immediately. This password was likely obtained from a previous data breach, not from hacking your device directly.

- Use a password manager to organize and create strong, unique passwords for all your accounts to prevent future breaches.

- Do not open any attachments or click on any links in the email, especially if the sender's address looks suspicious or even if it appears to be your own.

- Turn off your webcam or use a physical webcam cover for peace of mind, although the claim that scammers have accessed your webcam is false.

- Be aware that scammers may include a photo of your neighborhood or your physical address by finding it online to intimidate you, but this does not mean they have actually hacked your devices.

- Avoid rushing into decisions. Scammers rely on panic to pressure victims into paying quickly.

- Check your digital footprint to see what personal data may have been exposed online. Services like the free Digital Footprint scan can help you identify exposed information.

- Consider using identity protection services to safeguard your personal information and monitor for further risks.

Recognize the scam by these signs: the email starts with “Hello pervert,” accuses you of inappropriate behavior, claims to have footage, mentions Pegasus spyware, includes a known password, and pressures you to pay quickly or face exposure. The message often arrives as an image or PDF to bypass filters[1][2].

Citations: [1] https://www.malwarebytes.com/blog/news/2024/09/hello-pervert-sextortion-scam-includes-new-threat-of-pegasus-and-a-picture-of-your-home [2] https://www.malwarebytes.com/blog/news/2024/09/hello-pervert-sextortion-scam-includes-new-threat-of-pegasus-and-a-picture-of-your-home

Based on information from Malwarebytes and other cybersecurity sources, here's the best way to deal with the “Hello Pervert” sextortion email scam, especially the variant mentioning Pegasus and including a picture of your home:

1. Do Not Panic: This is the most crucial step. These emails are designed specifically to frighten you into acting impulsively. The claims are almost certainly false.

2. Do Not Reply: Replying confirms to the scammers that your email address is active and monitored. This can lead to more scam attempts.

3. Do Not Pay the Ransom: Paying encourages scammers and provides no guarantee they won't try to extort you again (even though they likely have no compromising material). The Bitcoin wallets associated with these scams are often empty.

4. Do Not Click Links or Open Attachments: The email (or attachments like PDFs/images containing the text) might contain malicious links or malware.

5. Recognize the Tactics:

• Pegasus Threat: This is an empty threat designed to sound scary. Pegasus is sophisticated spyware used in targeted government-level surveillance, not by common email scammers in mass campaigns like this.
• Picture of Your Home: Scammers easily obtain these images from public sources like Google Maps Street View. It doesn't mean they've physically been near your home or hacked anything specific to you; it's just publicly available data used to make the threat feel more personal and invasive.
• Mentioning a Password: If the email includes a password you use (or used), it was likely obtained from a past data breach, not from hacking your device directly.
• Email Spoofing: The email might appear to be sent from your own account. This is a common technique called “spoofing” and does *not* mean your email account itself has been hacked (though changing your password is still wise).

6. Secure Your Accounts:

• Change your email password immediately, especially if the scam email mentioned a password you currently use. Make it strong and unique.
• Enable Two-Factor Authentication (2FA or MFA) on your email account and any other sensitive accounts.
• Consider using a password manager to create and manage strong, unique passwords for all your accounts.

7. Mark as Spam/Junk and Delete: Report the email as spam or junk within your email client. This helps train the filters to block similar emails in the future. Then, delete the email.

8. Report the Scam:

• Forward the phishing email to the UK's National Cyber Security Centre (NCSC) at `[email protected]`.
• You can also report it to Action Fraud (the UK's national reporting centre for fraud and cybercrime).

9. Run a Malware Scan: For peace of mind, run a full scan of your computer using reputable anti-malware software (like Malwarebytes or another trusted provider).

10. Consider Privacy Measures:

• You can request Google to blur your home on Street View if this concerns you.
• Review your online presence and privacy settings on social media and other sites to limit how easily your personal details (like address) can be found. Malwarebytes offers a free “Digital Footprint” scan to help check your online exposure.
• Use a physical cover for your webcam when it's not in use.

In summary, treat this email as a bluff. It uses publicly available information and scare tactics (like mentioning Pegasus) to pressure victims. Do not engage, do not pay, secure your accounts, report it, and delete it.