Fraud Management & Cybercrime , Fraud Risk Management , Social Engineering
'Pig Butchering' Online Scam Sweeping English SpeakersScam Rests on Phony Online Personae Enticing Victims Into a Trusted Relationship
A confidence scam endemic in East Asia that's based on long-term emotional manipulation of victims is a mounting threat in English-speaking countries.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
Known as "pig butchering" - pigs are fattened before being slaughtered - the scam rests on handlers with attractive but phony online personae enticing victims into a trusted relationship that moves into a moneymaking phase.
Often victims are led into buying cryptocurrency for a fake investing platform. Scammers reward investments with supposed balance increases and gain trust by allowing small withdrawals. Only when a victim is unwilling or unable to pour more money into the scheme does it end.
Researchers from cybersecurity firm Proofpoint say they've spent the last three months pretending to be victims and have identified 55 web domains used to host fake investment platforms.
"The emotional manipulation, friendly tone, and sheer duration of the pre-exploitation phase allows genuine feelings to develop, and the actor exploits that emotion for financial gain, to the loss of sometimes millions of dollars," says Sherrod DeGrippo, a company vice president of threat research and detection.
One San Francisco Bay-area man earlier this year recounted losing $1.2 million to "Jessica." An investigation by ProPublica revealed the people behind pig butchering false personae often are East Asians toiling in forced labor sweatshops run by Chinese criminal syndicates in countries that include Cambodia, Laos and Myanmar. The Cambodian government in late September acknowledged as many as 100,000 individuals may have been trafficked in country for work on online scams, reported Phnom Penh-based VOD News.
Exposure of the scam's tactics from its origin in China and surrounding countries may explain the rise of reported cases in English-speaking countries, Proofpoint says. The FBI in April warned Americans against the scam. It often beings with perpetrators looking for victims on social media sites including dating sites. A conversation there is moved to WhatsApp or Telegram. Scammers may initiate contact on WhatsApp itself, often pretending to have reached a wrong number.
A recently divorced woman told the Global Anti-Scam Organization, a nonprofit that helps victims, that her scammer "showered me with love, affection, and care." The FBI says U.S. residents lost more than $429 million during 2021 alone to "crypto-romance" scams.
The nonprofit says the approaches and the scammers' chitchat are guided by scripts, some versions of which may have made their way onto Reddit. They involve looking for victims' pain points as well as encouraging victims to fantasize about a better life.
The scams witnessed by Proofpoint typically unfolded with handlers mentioning they enjoy "finer" things in their life because of a mentor who revealed an exclusive method of making money online. The scammer tells the victim that he or she, too, can make money, asking initially for a small investment that becomes larger as the victim sees the supposed returns rack up.
Scammers supply racy "selfies" and encourage victims to reciprocate. If they do, those potentially compromising photos become fodder for blackmail as the scam nears its conclusion.
Besides technical measures such as blocking the fake investment platforms and scammers' email verification domains, individuals can be on the lookout for potential scammers by being aware of what Proofpoint dubs "the 3 P's": Pretty Polite People who message out of the blue. Most likely, they're scammers.