Search This Blog

Powered by Blogger.

Blog Archive

Labels

Pig Butchering Scam: Here's Everything you Need to Know

Pig butchering scams originated in China, where they came to be known by the Chinese version of the phrase shāzhūpán.

 

Criminals make billions of dollars via digital tricks including romance scams and business email hacks. And they always begin with a small amount of "social engineering" to deceive a victim into taking an unfavourable action, like transferring money into thin air or placing their faith in someone they shouldn't. These days, a new form of these schemes known as "pig butchering" is on the rise, entangling unwary victims to take all of their money and functioning on a big scale in large part due to forced labour. 

Due to a technique where attackers effectively fatten victims up and then take everything they have, pig butchering scams began in China, where they are known by the Chinese name shzhpán. The majority of these schemes use cryptocurrencies, however they can also incorporate other forms of financial trading.

Scammers use SMS texting or other social networking, dating, and communication platforms to make cold calls to potential victims. They frequently just greet you and say something like, "Hey Josh, it was great catching up last week!" The scammer takes advantage of the opportunity to start a discussion and lead the victim to believe they have a new friend if the recipient responds by saying that the attacker has the wrong number. After building a connection, the assailant will mention that they have been successful in investing in cryptocurrencies and urge the target to do the same while they still have the chance.

The scammer then installs a malicious app or web platform on the target that appears trustworthy and may even impersonate the platforms of legitimate financial institutions. Once inside the portal, victims are frequently presented with curated real-time market data designed to demonstrate the investment's potential. And, once the target has funded their "investment account," they can begin to watch their balance "grow." The creation of malicious financial platforms that appear legitimate and refined is a hallmark of pig butchering scams, as are other touches that add verisimilitude, such as allowing victims to make a video call with their new "friend" or withdraw a small amount of money from the platform to reassure them. The latter is a strategy used by scammers in traditional settings.

The swindle has some new twists, but you can see where it's going. The attackers close the account and disappear once the victim has deposited all of their money and everything the scammers can get them to borrow.

“That’s the whole pig butchering thing—they are going for the whole hog,” says Sean Gallagher, a senior threat researcher at the security firm Sophos who has been tracking pig butchering as it has emerged over the past three years. “They go after people who are vulnerable. Some of the victims are people who have had long-term health problems, who are older, people who feel isolated. They want to get every last bit of oink, and they are persistent.” 

Though carrying out pig butchering scams requires a significant amount of communication and relationship building with victims over time, researchers claim that crime syndicates in China developed scripts and playbooks that allowed them to offload the work at scale onto inexperienced scammers or even forced laborer's who are victims of human trafficking.

“We can already see the damage and the human cost both to scam victims and to forced laborers,” says Michael Roberts, a longtime digital forensic analyst who has been working with victims of pig butchering attacks. “That’s why we need to start educating people about this threat so we can disrupt the cycle and reduce the demand for these kidnappings and forced labor.”

The idea is similar to ransomware attacks and digital extortion, in which law enforcement encourages victims not to pay hackers' ransom demands in order to disincentive them from trying again.

Although the Chinese government began cracking down on cryptocurrency scams in 2021, criminals were able to relocate their pig butchering operations to Southeast Asian countries such as Cambodia, Laos, Malaysia, and Indonesia. Governments all over the world have been warning about the threat. The FBI's Internet Crime Complaint Center received over 4,300 submissions related to pig butchering scams in 2021, totaling $429 million in losses. In addition, the US Department of Justice announced at the end of November that it had seized seven domain names used in pig butchering scams in 2022.

“In this scheme, fraudsters, posing as highly successful traders in cryptocurrency, entice victims to make purported investments in cryptocurrency providing fictitious returns to encourage additional investments,” the FBI stated in an October alert.

Government officials and researchers emphasize the importance of public education in preventing people from becoming victims of pig butchering schemes. People are less likely to be taken in if they recognize the warning signs and understand the concepts underlying the scams. The challenge, they say, is reaching out to a larger audience and convincing people who learn about pig butchering to share their knowledge with others in their families and social circles.

According to researchers, pig butchering scams, like romance scams and other highly personal and exploitative attacks, take an enormous psychological toll on victims in addition to their financial toll. And the use of forced labor to carry out pig butchering schemes adds another layer of trauma to the situation, making it even more crucial to address the threat.

“Some of the stories you hear from victims—it eats you up,” says Ronnie Tokazowski, a longtime business email compromise and pig butchering researcher and principal threat advisor at the cybersecurity firm Cofense. “It eats you up really freaking bad.”
Share it:

Cyber Fraud

Fraud

Pig Butchering

Scam

Scammers