How to know if a pegasus email is real or a scam.

Hello,

This is actually a very famous phising scam email.

Is the email found in your spam/junk folder?

Email spoofing happens when someone uses an outside mail server to send messages that pretend to come from your email address by forging the "From" field. They do not have access to your actual email account. To prevent and detect this, email providers like Microsoft use protections like SPF (to define which servers are allowed to send on your behalf), DKIM (to attach a digital signature to prove the email is real), and DMARC (to tell other servers what to do if a message fails these checks). If a spoofed email fails these checks, it will usually be flagged as spam or rejected.

So, if the email is already in spam/junk folder, you have nothing to worry about.

Pegasus is spyware that was designed for installation on mobile phones running iOS or Android, so obviously it can't have been installed on 'all of your devices' if you're posting this from a Windows device.

These are always scams and everyone helping here knows this, but the scammers know that most people are fools when it comes to computers, so they take advantage of that fact to scam them for ridiculous amounts of money for nothing.

It wasn't sent from your email, it was Spoofed, or faked to appear as if your email sent it in order to help trick you into believing the scammer has access to your device. They don't, any knowledgeable kid today can change an email 'From' address field to display anything they wish, since that's always been a 'feature' of the SMTP email RFC called a 'display name' or 'friendly name' to allow something 'nicer' than an email address to appear there.

All of these things are commonly known and have been discussed on these and many other forums literally thousands of times, but nobody tries to find them until they're actually scammed, which the scammer tries to get you not to do in a panic in order to pay them for not knowing these simple facts.

If your version of the hundreds of variants included passwords, then change those immediately to something much different.

If not, it's simply another scam, so either move the email message to your Junk or Spam email folder to tell your email provider that, if it wasn't already placed in that folder automatically as all of the one's I've received have been.

Otherwise, just delete the fake message and get on with life, you've wasted too much time on it already.

Rob

You are welcome. Yes, if it is in spam, Microsoft already flagged it.

If you are interested in any further information, you can use this instruction to review the email's header (email source): https://support.microsoft.com/en-us/office/view...

In the header, do a ctrl+f to search for spf, and you will find the section where it would tell you if the email passes those three checks. In my example, it is a legit email, so all three passed.

Hi Rob,

Thanks for the detailed response! It does help a lot!

Have an amazing day!

Hi Emily,

Thanks so much for the response!

It did appear in my spam folder initially, I checked my sent box and there is nothing there. I did some research and also came to the conclusion that it must be spoofing.

I appreciate the advice etc :)