You’ve likely encountered your fair share of online scams as various types of social engineering attacks have become commonplace. Whether it was someone sending you an unsolicited message on social media, a strange email about a Nigerian prince losing his Bitcoin inheritance, or an SMS containing a fishy-looking link. Online scams are now just part of the daily internet experience.
Yet, scammers are constantly looking for ways to make their attacks harder for victims to detect and more resilient against tracking from the authorities. Because of that, they’re always looking for new and easier ways to get their hands on your money. It seems they’ve found investment scams are a particularly lucrative way to trick people into handing over their life’s savings.
In the last three years, authorities have noticed a sharp uptick in investment scams, especially a new type of crypto investment scam originating from China. Dubbed “pig butchering scams” a recent internet crime report by the FBI (PDF file) shows these scams were one of the biggest earners for cybercriminals in 2022.
What is a Pig Butchering Scam?
The first accounts of pig butchering scams popped up about 3 years ago in China, where it was referred to as “shāzhūpán.” This Mandarin term refers to a farmer fattening up a pig for slaughter, which is similar to what cybercriminals do with this type of scam. It starts with the scammer cold-contacting their victim, typically on social media, dating sites, and messaging platforms.
The MO often involves a friendly message intended to make it look like the scammer is mistaking their victim for someone else. Regardless of what the victim replies, they seize that opportunity to strike up a conversation and try to build up some familiarity. Eventually, they bring up that they’ve been making a lot of money with a “lucrative investment”, usually in cryptocurrency. They’ll then tell their victims to get in on the opportunity while it’s hot.
If the person agrees to check it out, the scammer directs them to a fake investment app or website they themselves set up. The platform looks legitimate with what looks like real-time market data showing the growth of investments. If the victim decides to create an investment account, the game is on. The scammers will make the investment look like it’s growing, letting the victim think things are going well.
One of the key parts of this scam is continued friendly contact with the victims. This reassures them they’ve made a new friend so they don’t get suspicious that the investment is the only reason the scammer talked to them. Some even let their victims withdraw small amounts of money from their platform to keep up the ruse. Then they become persistent in getting the victim to invest even more money.
The scammers’ goal is to get their victims to invest all the money they have, with some even undergoing massive debt with the promise of a big payday. Once the malicious actors are satisfied they’ve fattened up their victim’s account sufficiently, they shut down the online portal and disappear with the money.
Authorities are still unsure how to precisely define pig butchering scams, but have listed them as a type of romance scam because of the level of trust and “friendship” scammers build with their victims. To date, the authorities have found and shut down at least 7 domains hosting known pig butchering scams.
Scammers Want to Feast on the Whole Roast Pig
The FBI’s Internet Crime Complaint Center (IC3) recently released its latest Internet Crime Report which shows a marked increase in these attacks globally. The FBI has released this report for 7 years and this is the first time a threat other than business email compromise (BEC) has reached the #1 spot.
Traditionally, BEC scams have been the top-earning scam since the reporting started. These usually involve phishing emails intended to trick employees into revealing sensitive information, clicking on malicious links, or opening malicious files. In 2022, crypto scam investments overtook all others as the biggest digital threat, with $3.3 billion in reported losses. According to the report, cryptocurrency scams have really swelled in the last few months.
Pig butchering scams apparently make up a significant chunk of the threat, and crypto scams have cost people $2.57 billion in losses in 2022. The report states this is an increase of 183% compared to 2021. The FBI has also sent out warnings on the growing threat of pig butchering scams, signaling this type of scheme is becoming alarmingly popular.
Pig Butchering Scams are Funding Human Trafficking
While pig butchering scams seem to have originated in China in late 2019, the Chinese government cracked down on crypto scams in 2021. This seems to have prompted cybercrime rings to move their operations to Southeast Asian countries, including Cambodia, Indonesia, and Malaysia.
If people losing all their money wasn’t bad enough, this scam has another horrifying element to it — the scammers aren’t always willing participants. These scams require a lot of people regularly talking to victims, which has caused criminal syndicates to set up massive scam centers to keep the ball rolling. These sweatshops are filled with people who are themselves victims of human trafficking and forced labor. Some rake people in with fake job ads.
The ‘boiler room’ centers provide their forced laborers with sophisticated scripts to groom and rob their victims of their life savings. Accounts reported by major news outlets like Vice paint a dismal picture of the appalling conditions scam center victims are forced to live and work under. In October 2022, authorities managed to raid some of these scam compounds in Cambodia run by Chinese criminal syndicates, freeing thousands of involuntary workers.
Unfortunately, authorities say these raids will likely only disrupt operations temporarily. The problem is, pig butchering scammers continue to rake in massive amounts of money which is feeding the problem on a large scale. One of the only ways to help combat this is for people to educate themselves about these scams so they don’t fall into the trap and continue the cycle.
Stay Safe by Educating Yourself About Threats
Even though the numbers around this emerging threat are already alarming, the authorities warn they may not even be a reflection of the true numbers. The FBI and other scam investigation agencies rely on reports by victims to make up their data and it’s possible many victims never report their incidents.
Public reporting to the IC3 helps us gain a better understanding of the threats we face daily. As these threats increase, we continue to encourage victims to report cyber incidents and cyber-enabled frauds to the FBI so that we may impose risks and consequences on malicious cyber actorsTimothy Langan, the FBI’s executive assistant director.
It’s always a good idea to report fraud and scams to your local consumer protection agency or authority in charge of dealing with scams. Not only does it help the authorities get a better idea of the scope of the problem and how to deal with it, it also provides them with ways to educate others against the threat.
In addition to arming yourself with information and staying cautious when talking to anyone online, you can adopt safety tools to help prevent other types of digital threats. CyberGhost VPN can keep your connection safe against various cyber attacks including DDoS, man-in-the-middle attacks, and unsecured Wi-Fis.