What you need to know about ‘pig butchering’ scams
Pig butchering scams have been on the rise for several years now and show no sign of letting up. In 2021, the FBI’s Internet Crime Complaint Center reported over 4,300 complaints related to pig butchering scams, which resulted in losses of more than $429 million for the victims. In November 2022, the US Department of Justice seized seven domain names spoofing the Singapore International Monetary Exchange that were used in relation to pig butchering schemes. To top it all off, the FTC recently revealed that in 2022, 70,000 people reported losses hit of $1.3 billion in romance scams, a common tactic of pig butchering.
What is ‘pig butchering’?
A relatively new variation of social engineering, pig butchering involves scammers approaching victims on social media, dating sites, or other communications apps and convincing them to invest their money into a malicious financial platform.
Originating from China, the term “pig butchering” is based on the Chinese word “sha zhu pan” (which means pig butchering plate), as the attack involves the scammers figuratively “fattening up” victims before taking everything they have. In that way, the scammers build a rapport with victims before casually mentioning that they know of a great new investment opportunity, such as a cryptocurrency. The scammer sends them a link to a platform or app that appears to be legitimate. There, once the victim invests, they can see their balance grow. The scammer might even let them withdraw some money from the platform to convince them of its legitimacy.
Victims of pig butchering scams tend to be quite vulnerable. Speaking to Wired, Sean Gallagher, a senior threat researcher at security firm Sophos, said, “They go after people who are vulnerable. Some of the victims are people who have had long-term health problems, who are older, people who feel isolated.” They also might have recently gone through a life-changing event, such as a divorce.
Researchers at Sophos have found that scammers are continually changing their tactics and approach to become even more convincing to victims. While scammers previously had to convince targets to install apps from unofficial app stores, recently, they managed to upload their malicious apps to official Apple and Android app stores. They likely evaded the app stores’ security review processes by concealing the apps’ malicious content. This helps legitimize the apps to victims. Sophos researchers alerted Apple and Google to these shady apps, and they were later removed.
Researchers have also found the apps themselves to be surprisingly professional. In another Sophos report, Gallagher outlined an interaction with a Hong Kong-based scammer trying to convince him to invest in gold. The scammer asked him to download a legitimate Russian app called MetaTrader 4 from a fake Japanese bank website. The scammers had even optimized the site’s SEO so that it ranked highly in Google search results. When Gallagher asked her why he couldn’t download the app from an app store, she gave the plausible excuse that it was sanctioned by the US due to its Russian origins, so he had to download it from this specific website instead.
The scammers are victims too
One unusual aspect of pig butchering scams is that the scammers are often victims themselves, from forced laborers to trafficking victims. When Chinese authorities began cracking down on perpetrators carrying out early iterations of the scam, the gangs moved operations from China to smaller Southeast Asian countries, such as Cambodia and Myanmar.
According to Vice, people carrying out the scams are lured to fraud centers by fake job ads advertising high-paid roles. Once they arrive, they’re imprisoned and threatened with extreme violence by their captors to carry out these scams. They must learn intricate scripts and how to navigate the different platforms used to cheat people out of their money, from fake gambling sites to fake crypto investment apps. They are then forced to work 15 hours daily under constant supervision.
Jacob Sims, country director for International Justice Mission Cambodia, a rights group that helps trafficking victims, told Los Angeles Times:
“Instead of getting fired for poor performance, you get physical punishments — forced push-ups and squats, tased, beaten, deprived of food, locked up in dark rooms or worse. On the other hand, those who consistently meet or surpass their targets are rewarded with more freedoms, food, money, and control over other victims.”
An NGO worker told Vice that the horrific structures underpinning pig butchering scams are creating a humanitarian crisis.
Ensure you don’t become a victim by being cautious about any unsolicited message you receive on social media, SMS, or even dating sites, particularly if they request to move the conversation to a messaging app like WhatsApp or Telegram, and begin mentioning investment opportunities soon after.