Cyber threats are constantly evolving, and the most recent evolution of phishing scams is proving particularly effective. Boasting a gruesome name, pig butchering is a cyber threat that reels in victims and steals thousands, sometimes millions of dollars.
Pig butchering has quickly become one of the most lucrative scams thanks to a mix of post-pandemic loneliness and inadequate technological knowledge. According to the US Department of Homeland Security’s most recent estimates, pig butchering took $3.3 billion from its victims in 2022 alone.
Another alarming aspect of these scams is that they are being executed on a scale never seen before. The largest pig butchering operations have been reportedly run by Chinese street gangs, mostly executed by coerced individuals indebted to the criminal organization.
This setup has allowed these groups to launch an unprecedented amount of attacks.
Let’s go over the specifics of pig butchering, how to recognize them and remain protected.
What is a pig butchering scam?
Pig butchering is a sophisticated variant of smishing, one that uses social engineering to steal as much money as possible from the victim.
The name refers to the victim being “fattened up” like a pig before slaughter, though with validation and friendship, before being “butchered” by getting all their funds stolen. These scams all start the same way: with the clever exploitation of human curiosity.
Masquerading as a wrong-number text, scammers send a text message to a random phone number with an incorrect name, asking for a favor or providing an update on a situation. The hope is that the victim will respond by saying it’s a wrong number, allowing the scammer to strike up a conversation.
What makes pig butchering scams so effective is that scammers spend a lot of time on them. These scammers often develop and nurture friendships with their victims before asking for money, in contrast with the more typical and instant fraudulent links of traditional smishing
Once they’ve established trust and sustained conversation with the victims, these scammers branch off into two directions:
Romance
With this approach, scammers will build a romantic connection with their victims. Once that’s done, they will fake an emergency to ask for money to cover the costs incurred. These requests can recur over a long period of time with smaller amounts that don’t immediately raise suspicions.
This scam most often targets older people who are more likely to live alone and long for company. However, pig butchering has proven to also be effective on young people as well, as it moves past older “Nigerian Prince” scams.
Investments
This approach is mainly attempted on men and is very effective for all ages. The scammer focuses on having pleasant conversations with their victim, slowly becoming their friend. They eventually mention a stock tip or new cryptocurrency they just found out about and offer to broker the transaction for their friend.
Victims are led to a fake stock-buying website that simply steals the money while showing made up stock graphs or directed to buy a cryptocurrency controlled by the scammers. The scammers then sell off their massive stakes, leaving them rich and the cryptocurrency worthless.
This tactic is successful because it utilizes two strong social engineering levers: the fear of missing out and the promise of massive financial gain. The cryptocurrency version is so prevalent that the US Justice Department recently seized over $112 million in cryptocurrency linked to pig butchering.
Since the amounts are as incremental and disguised as actual investments, victims might be scammed for years before realizing what is happening.
How pig butchering scams work
All pig butchering scams start with an SMS. The initial text message looks like a benign wrong-number message.
|
Image
|
Image
|
Many pig butchering scams end here since most people simply won’t answer these messages and go about their day. However, a small number of people, out of courtesy or loneliness, will answer and expose themselves to the scam.
The people running these scams are skilled at getting more answers from their victims, building relationships, and ultimately inserting themselves into people’s lives. Once they feel trusted, they seek their victims' financial help via romance or investment advice, as outlined above.
These criminals are so skilled that government agencies simply recommend not engaging with these messages as people from all ages and walks of life have fallen victim to these scams.
What are the red flags for pig butchering?
Pig butchering scams are very destructive but are thankfully easy to detect and evade. Here are the most common red flags that you might be a target:
- A text message from a number you don’t recognize
- The sender attempts to strike up a conversation with you even after you mention they have the wrong number.
- The sender asks you for personal information.
- The sender asks you for money or a loan.
- The sender offers investment advice or mentions a new cryptocurrency
- Avoidance of video calls or in-person meetings
- Quick relationship progression
- Sudden change in communication pattern or tone in text messages.
How to protect yourself against pig butchering scams
These scams begin with inoffensive wrong-number messages and end in financial ruin for the victims. While cyber security awareness plays a strong role in thwarting pig butchering scams, outside help is often required.
People of all ages and income levels have fallen prey to these scams, and one of the only things that can stop an ongoing pig butchering scam is a loved one's intervention. It can be as simple as asking for a bit of detail when a loved one or coworker talks about a new relationship or a new investment.
An opportune moment to potentially intervene is when a loved one or coworker talks about being low on funds, taking out loans to support their new relationship or investing more in cryptocurrency.
To avoid being a victim of pig butchering, the best course of action is never answering wrong number text messages. It’s simply too risky when so many of these messages are scams, and you never know when you might fall victim to one.
Outsmarting Online Scammers
There’s no better example of phishing's rapid evolution than cyber threats like pig butchering. In just a few years, small variations to improve smishing have made it a far more destructive scam. Pig butchering is particularly insidious because it’s so different from what people know about cyber threats.
Cyber security awareness plays a huge role in uncovering these scams. There are no sketchy links and misspelled messages here. The perpetrators of these scams are highly trained to perfectly perform their role and hone in on their victims’ vulnerabilities.
Pig butchering scams highlight the importance of a cyber security aware culture both in the office and outside of it. If people collectively pay attention to their cyber habits and those of their surroundings, this scam will lose traction in a few years.
For more information and ways to stay protected, visit the Terranova Security CyberHub.