Unmasking pig-butchering scams and protecting your financial future
Trend Micro
July 29, 2023 09:00 MYT
July 29, 2023 09:00 MYT
CRIMINALS have long used scams and deceptive tactics to manipulate people into unwittingly giving away their hard-earned money. Contrary to what some might believe, it’s not just older individuals who are caught in the crosshairs of financially and emotionally draining scams — according to the Federal Trade Commission (FTC), 34% of people between the ages of 18 and 59 have reportedly lost money to fraud in 2021.
The pig-butchering scam is a new kind of cryptocurrency investment scam that is rapidly gaining traction and causing concern among security experts and law enforcement agencies. According to the 2022 Internet Crime Complaint Center (IC3) report, crypto-investment scams have had an unprecedented increase in both the number of victims and the total amount of losses, with the latter amounting to US$2.57 billion in 2022.
This report delves into the nature of pig-butchering scams, how scammers carry out their operations, the new pig-butchering tactics we’ve observed in the wild, and what individuals can do to avoid falling for these fraudulent investments and dealing with massive amounts of debt.
The images of chat conversations included in this report are similar but are not identical to messages or groups found online. Online messages and groups have been recreated to protect the identity of all victims — including the pig-butchering scammers. It’s worth noting that according to several credible reports, many pig-butchering scammers are human-trafficking victims who are being forced by scam masterminds to carry out these schemes.
WHAT IS A PIG-BUTCHERING SCAM?
A pig-butchering scam is a type of investment fraud that lures individuals into investing their money in seemingly legitimate and profitable ventures. Typically, the scammers promise high investment returns within a short period. Pig-butchering scammers often use fake images and impressive-yet-fraudulent investment portfolios to convince victims of the legitimacy of their schemes. Once victims are hooked and have invested a significant amount of money, the scammers suddenly disappear, leaving victims with no way to recover their funds. The term "pig butchering" is derived from the idea that the scammers fatten up their victims with the promise of lucrative returns before "slaughtering" them for their money.
The scam often begins with a seemingly innocent chat initiated by a random person. The scammer might claim to have received the victim's number from a mutual friend, while also appearing unsure if they have the correct number. However, this is just an act to engage the victim in conversation. Scammers have also been known to use images of attractive women to lure victims, preying on their desire for companionship or romance to build trust and establish a connection.
As the conversation progresses, the scammer gradually introduces the victim to the fake investment scheme and promises significant profits within a short period if the victim invests a certain amount. Unfortunately, many victims fall for this fraudulent scheme due to the scammers’ persuasive tactics and convincing appearance of legitimacy.
HOW THE PIG-BUTCHERING SCAM WORKS
Pig-butchering scams, like many other types of investment fraud, follow a series of steps that are designed to manipulate and deceive victims. The scammers prey on the victims' desire for financial success and exploit their trust to carry out their nefarious schemes. The following sequence of phases outlines the common progression of how scammers carry out a pig-butchering scheme:
- Gaining a victim’s trust. The scammers initially develop the trust of their victims by presenting themselves as knowledgeable professionals or seasoned investors. They also use social media platforms or online forums to engage with potential victims and create an illusion of credibility and success. They also employ another unique tactic: adding a layer of romance or companionship to their scam. This means that they exploit not only their victims’ desire for financial success but also their innate need for connection and intimacy.
EMERGING TACTICS: GROUP CHATS AND SOCIAL ENGINEERING
As pig-butchering scammers continue to adapt and refine their strategies, the emergence of new tactics — ones that enable them to more effectively target and manipulate their victims — also becomes more apparent. Previously, scammers focused on engaging individuals through one-on-one chat messaging. However, recent trends indicate a shift toward the use of group chats, allowing scammers to cast a wider net and identify potential victims with greater efficiency.
The scammers’ workflow typically begins with adding potential victims to a fake investment chat group that they moderate. If a victim shows interest in investing, the conversation evolves into a one-on-one chat. From there, the victim is introduced to a fake brokerage service and prompted to transfer funds to its website. As scammers continuously search for more victims, maximize their profits, and expand their reach, this workflow is repeated.
During our investigation, one question that came up was how scammers are able to obtain their potential victims’ phone numbers. Our research suggests that a significant portion of these phone numbers can be traced back to leaked databases containing personal information. We observed that more than half of the numbers added to the fake group chats have been found in such databases, indicating that scammers could be using leaked information to find their next victims.
Another possibility is that scammers acquire lists of phone numbers through underground markets, where cybercriminals trade and sell personal information. Based on our tests, we noticed that long-standing phone numbers tend to be targeted, while burner numbers or newly obtained phone numbers rarely receive these spam messages. The fact that scammers focus on established phone numbers implies that they have access to a source of personal information either through leaked databases or from underground markets.
The group chat strategy
By adding multiple people to chat groups that are centered around investment discussions, scammers can quickly gauge the interest of their targets. Those who remain in the group are more likely to be interested in investing, making them prime candidates for the scam. On the other hand, individuals who leave the group are either aware of the scam or are uninterested in investing. Hence, they are less likely to be persuaded by the scammer’s tactics.
The scammers consist of a group of individuals with different roles and objectives. Some of the chat group members are fake profiles created by the scammers themselves to make the group seem more authentic. This approach makes the process for scammers easier, enabling them to focus their effort on individuals who are more susceptible to their fraudulent schemes. It also creates an environment that promotes a sense of community and social validation, as potential victims would see that other people are engaging in discussions about investment and are not calling out the scam.
Creating authenticity through group chat interactions
To further enhance their credibility, scammers often share images of their daily activities within the group chat. They also share images that subtly highlight their alleged earnings with other group chat members, which suggests that their success is a direct result of their investments. This creates an illusion that the members of the group are real people who are well-versed in investments, making it more difficult for potential victims to question the legitimacy of the investment opportunity. This tactic preys on the psychological phenomenon known as social proof, where individuals are more likely to trust and follow the actions of others, particularly when they appear to be successful.
Transitioning to one-on-one chats: The deceptive secretary
Once the scammers have identified their targets from group members who have remained in their fake investment chat groups, they initiate a more personalized approach by transitioning to one-on-one chats. In these private conversations, the scammer poses as a secretary of the individual who provides trading signals and often uses a fake profile accompanied by a picture of an attractive woman. These one-on-one interactions can become personal and can set the stage for the pig-butchering scheme that will unfold.
The scammers posing as secretaries walk the victims through the registration process on the fake brokerage sites. These fake secretaries also instruct victims to open accounts with legitimate cryptocurrency brokers to purchase cryptocurrencies. To fund their fake brokerage accounts, the scammers would then ask the victims to transfer their cryptocurrencies — ones that they obtained from the legitimate cryptocurrency brokers — to the crypto wallets controlled by the scammers. On the fake brokerage website, victims are presented with fabricated positive returns, enticing them to invest more.
The so-called secretary is persistent in reminding the victim that new trading signals will be released soon, urging them to pour even more money into the fraudulent brokerage. This process of enticing the victim to invest more is incessant — the secretary provides constant reassurance of the investment's success and creates an illusion of trust between the scammer and the victim.
However, when the victim eventually attempts to withdraw their funds, they suddenly encounter difficulties getting in touch with the secretary. Excuses are given, stating that the account requires additional verification before funds can be withdrawn. This could lead the victim to send additional documents that reveal personally identifiable information (PII) in an attempt to verify their account, further exposing them to the risk of identity theft.
As the victim becomes more entangled in the scam, the fraudsters leverage the trust that they have built to continue extracting money and personal information. It is only when the victim can no longer provide additional funds or more pieces of PII that the scammers vanish, leaving the victim with significant financial losses and a heightened risk of identity theft.
Launching fake brokerage sites and apps
To further add legitimacy to their schemes, pig-butchering scammers also create fake brokerage websites and/or mobile applications for users to log in to. These fraudulent platforms are designed to mimic the appearance and functionality of genuine brokerage platforms, making it difficult for potential victims to determine authenticity via appearance alone.
Our research has determined that the domain addresses for these fake brokerage websites are often recently created, indicating that scammers are continually making new brokerage platforms to deceive their victims. Despite their brief online existence, these sites are carefully crafted to seem professional and trustworthy, appearing to look like legitimate cryptocurrency apps to lure unsuspecting individuals into believing that they are investing through a legitimate brokerage.
As previously mentioned, some fake brokerages have taken their deception a step further by developing Android applications that are available on the Google Play Store. This additional touch of credibility can be highly persuasive for potential victims who might be more inclined to trust a platform that has been vetted and approved by a reputable app store.
Another alarming aspect of these fake brokerages is their implementation of Know-Your-Customer (KYC) checks during the registration process. While this could seem to be a standard security measure, it poses a significant risk for victims who provide their personal information. Not only do they stand to lose their money in the scam, but they also risk becoming victims of identity theft, as scammers could exploit their sensitive data or sell it off to other cybercriminals.
The impact of pig-butchering scams
The FBI's recent reports on pig-butchering scams have revealed the devastating financial impact on victims. Thousands of individuals have fallen prey to these scams, resulting in millions of US dollars in losses. However, it is possible that the true extent of the problem is even more significant, as many victims are too embarrassed to report their experiences or are unaware that they have been scammed.
By closely monitoring the chat groups and identifying the fake brokerage sites, we were able to track down some of the cryptocurrency wallets controlled by these scammers. Based on one group of scammers alone, we estimate that this group has netted almost US$4 million based on transactions made from January to March 2023, indicating the severity of this scam. Table 1, which shows the total amount of funds transferred to each brokerage site and their corresponding cryptocurrency wallets, gives a clearer picture of the magnitude of this operation.
Victim demographics
One striking aspect of pig-butchering scams is the victims’ demographic profile. The large transaction amounts deposited into the scammers' accounts, ranging from US$10,000 to US$100,000, suggest that the targets are not victims with limited savings. Instead, these scams appear to be targeting a more financially established demographic, including professionals with high salaries and individuals nearing retirement. Figure 13 shows that some of the transactions made to a scammer's cryptocurrency wallet were in the five- to six-figure range.
It is plausible that scammers are focusing their efforts on victims they consider “big fish,” as these individuals are more likely to have access to large sums of money. These individuals are also potentially more susceptible to the scam because it’s possible that they would like to grow their wealth and maintain their lifestyle. In some cases, these individuals might overlook red flags in their eagerness to capitalize on seemingly lucrative opportunities. According to the 2022 IC3 report, the victims of these scams typically fall under the 30 to 49 age range. This further highlights the scammers' focus on individuals with greater financial resources.
Another possible target group for pig-butchering scams are individuals approaching retirement who might have substantial savings and are actively seeking investment opportunities to secure their financial future. It’s possible that scammers will exploit this sense of urgency and vulnerability to convince victims to invest in their fraudulent schemes.
According to the same IC3 report, victim losses pertaining to investment fraud have reached a whopping US$3.31 billion, which is considerably higher than other types of fraud. Included in this staggering amount are complaints pertaining to cryptocurrency investment fraud, which reached US$2.57 billion last year. These alarming numbers further emphasize the importance of raising awareness and taking proactive measures against these malicious actors to protect individuals' hard-earned savings and financial futures.
Saving victims from falling prey to pig-butchering scams
Given the alarming trends and the growing sophistication of pig-butchering scams, it is crucial for individuals to take proactive steps in safeguarding their investments and personal information. The following recommendations, some of which are provided by the FBI, are designed to help individuals recognize the warning signs of these scams and take appropriate action:
- Be cautious of unsolicited messages and group chats. As previously discussed, scammers often initiate contact through seemingly innocent chat messages or by adding individuals to investment-themed group chats. Be wary of engaging with strangers and carefully consider the source of any unsolicited messages or group chat invitations.
CONCLUSION
The alarming rise of pig-butchering scams and their devastating impact on victims emphasizes the imperative to stay informed about and vigilant of the tactics and strategies employed by scammers. As malicious actors continue to adapt and refine their methods, it is essential for individuals to remain proactive in protecting themselves and their investments, especially since those who are new to investing large sums are more susceptible to falling victim to such schemes. If you find yourself in a seemingly trustworthy relationship with an unknown person online that follows this scam’s patterns, it is crucial to take a step back and evaluate if you might be the target of such a scheme.
Moving forward, it is critical to be aware of the risks posed by pig-butchering scams and other types of investment fraud. Scammers involved in investment frauds are likely to evolve their tactics and methods when approaching victims, but their core intent would remain the same — to swindle individuals out of their hard-earned money.
In the face of these evolving threats, always exercise skepticism toward obscure private investment opportunities and prioritize well-established and mainstream ventures. By doing so, individuals minimize the risk of falling for scams and increase their chances of earning a profit instead of losing everything.
* Article and images are from Trend Micro.