This type of devastating scheme ensnares victims and takes them for all they’re worth—and the threat is only growing.
Digital swindles like business email compromises and romance scams generate billions of dollars for criminals. And they all start with a little bit of “social engineering” to trick a victim into doing something disadvantageous, whether that's trusting someone they shouldn't or sending money into the void. Now, a new variation of these schemes, known as “pig butchering,” is on the rise, ensnaring unsuspecting targets to steal all of their money and operating at a massive scale thanks in large part to forced labor.
Pig butchering scams originated in China, where they came to be known by the Chinese version of the phrase shāzhūpán because of an approach in which attackers essentially fatten victims up and then take everything they’ve got. These scams are typically cryptocurrency schemes, though they can involve other types of financial trading as well.
Scammers cold-contact people on SMS texting or other social media, dating, and communication platforms. Often they’ll simply say “Hi” or something like “Hey Josh, it was fun catching up last week!” If the recipient responds to say that the attacker has the wrong number, the scammer seizes the opportunity to strike up a conversation and guide the victim toward feeling like they’ve hit it off with a new friend. After establishing a rapport, the attacker will introduce the idea that they have been making a lot of money in cryptocurrency investing and suggest the target consider getting involved while they can.
Next, the scammer gets the target set up with a malicious app or web platform that appears trustworthy and may even impersonate the platforms of legitimate financial institutions. Once inside the portal, victims can often see curated real-time market data meant to show the potential of the investment. And once the target funds their “investment account,” they can start watching their balance “grow.” Crafting the malicious financial platforms to look legitimate and refined is a hallmark of pig butchering scams, as are other touches that add verisimilitude, like letting victims do a video call with their new “friend” or allowing them to withdraw a little bit of money from the platform to reassure them. The latter is a tactic that scammers also use in traditional Ponzi schemes.
Though the swindle has some new twists, you can still see where it's going. Once the victim has deposited all the money they have and everything the scammers can get them to borrow, the attackers shut down the account and disappear.
“That’s the whole pig butchering thing—they are going for the whole hog,” says Sean Gallagher, a senior threat researcher at the security firm Sophos who has been tracking pig butchering as it has emerged over the past three years. “They go after people who are vulnerable. Some of the victims are people who have had long-term health problems, who are older, people who feel isolated. They want to get every last bit of oink, and they are persistent.”
Though carrying off pig butchering scams takes a lot of communication and relationship building with victims over time, researchers say that crime syndicates in China developed scripts and playbooks that allowed them to offload the work at scale onto inexperienced scammers or even forced laborers who are victims of human trafficking.
“We can already see the damage and the human cost both to scam victims and to forced laborers,” says Michael Roberts, a longtime digital forensic analyst who has been working with victims of pig butchering attacks. “That’s why we need to start educating people about this threat so we can disrupt the cycle and reduce the demand for these kidnappings and forced labor.”
The concept is similar to that of ransomware attacks and digital extortion in which law enforcement encourages victims not to pay hackers’ ransom demands so they will be disincentivized to keep trying.
The Chinese government cracked down on cryptocurrency scams beginning in 2021, but criminals have been able to move their pig butchering operations to Southeast Asian countries including Cambodia, Laos, Malaysia, and Indonesia. Governments around the world have increasingly been warning about the threat. In 2021, the FBI’s Internet Crime Complaint Center received more than 4,300 submissions related to pig butchering scams, totaling more than $429 million in losses. And at the end of November, the US Department of Justice announced that it had seized seven domain names used in pig butchering scams in 2022.
“In this scheme, fraudsters, posing as highly successful traders in cryptocurrency, entice victims to make purported investments in cryptocurrency providing fictitious returns to encourage additional investments,” the FBI said in an October alert.
Government officials and researchers emphasize that public education is a key component of helping people avoid becoming the victim of a pig butchering scheme. If people know the telltale signs and understand the concepts underlying the scams, they are less likely to be ensnared. The challenge, they say, is reaching the wider public and getting people who learn about pig butchering to pass on the information to others in their families and social circles.
As with romance scams and other highly personal and exploitative attacks, researchers say that pig butchering scams take an enormous psychological toll on victims in addition to their financial toll. And the use of forced labor to carry out pig butchering schemes adds yet another layer of trauma and creates even more urgency to addressing the threat.
“Some of the stories you hear from victims—it eats you up,” says Ronnie Tokazowski, a longtime business email compromise and pig butchering researcher and principal threat advisor at the cybersecurity firm Cofense. “It eats you up really freaking bad.”
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.