Third part of our little anti-fraud handbook, featuring a fraud with a curious name: “Pig Butchering”.
Fraud in the crypto world: what is “Pig Butchering”?
The name is said to derive from the Chinese expression “Shāzhūpán”, as the scam has its origins in China.
The fraud is essentially based on a mechanism of romantic enticement of victims on online dating sites, through profiles of the opposite sex, or at least of the victim’s sex of interest, which are particularly attractive, at least in appearance.
It is worth mentioning that the scope of action of this kind of fraudsters has gradually expanded to social networking platforms and messaging apps, such as Telegram and WhatsApp.
It is also called “romantic fraud” because the victim is led to believe that there really is a person on the other side who is interested in establishing some kind of personal or romantic relationship.
According to statistics, about 67% of the victims are single women between the ages of 25 and 40, with high educational qualifications and comfortable with technology.
How does it work in practice?
The “pig”, i.e. the victim, is approached online by a user who displays extremely attractive photos in his/her profile.
As mentioned, this can happen on dating websites and online dating apps, but it also happens via messaging apps. There are many cases in which one is directly contacted on the Telegram app, thanks to random user search functions, membership of common groups, or that one is contacted via WhatsApp, under the pretext of an alleged mistaken identity.
Once contact has been established, a real correspondence is initiated via messaging, usually a long one with patient and punctilious social engineering work.
In this way, a growing sense of trust and friendship is gradually instilled in the victim towards the fraudster.
In jargon, the pig is said to be fattened.
When trust has been won, then it is time for the actual “slaughtering” of the pig.
The fraud in itself can be perpetrated without resorting to cryptocurrencies, but with crypto it is better, not least because then the funds, once transferred, become untraceable or attackable.
Can this type of fraud be executed even without cryptocurrencies?
There are many cases where this type of fraud has been completed without the use of cryptocurrencies. Once the prey has taken the bait, it can be persuaded to transfer funds due to a sudden illness, or any other fictitious mishap that the fraudster assumes he has stumbled into, and then asks for and obtains financial support, through any kind of channel.
A case in point is the one narrated by the Netflix documentary, “The Tinder Swindler”: victims were convinced of an impending death threat to their charming perpetrator and agreed to activate a series of credit cards in their own name. The cards were then used by the fraudster for dizzying expenses, and of course charged to the victims, who ended up being strangled by debts.
All this without any recourse to cryptocurrencies.
That said, however, one of the most frequently used methods consists of convincing victims to participate in cryptocurrency investments, testifying that they themselves have made huge gains.
The victim is usually directed to bogus sites and platforms. Sometimes to spice up the scam in the best possible way, in the initial phase these pseudo-investments also generate returns, which serve to induce increasing trust, and thus ever greater investments.
Over time, the techniques used for this type of scam have been refined considerably. Often the ways of disguising legitimate activity are so sophisticated that fictitious sites and companies are almost indistinguishable from the real ones. A clever mix of true, public domain information referring to an existing company makes it difficult to detect the line between fact and fiction.
In some cases, the clever fraudsters even managed to give the fake website a better ranking on Google than the official website of the legitimate company, which was much harder to find on the Internet.
In this type of scam, it is common for victims to be directed to fake trading platforms, based on compromised versions of the electronic trading platforms MetaTrader 4 (‘MT4’) and MetaTrader 5 (‘MT5’), developed by Metaquotes Software Corp.
When one ends up on these clones of the hacked MT4 and MT5 platforms, one has the illusion of actually trading and seeing updated stock and asset prices.
Victims thus convince themselves that they have accrued gains and therefore invest increasing amounts.
Of course, when the amounts become large, the victim, i.e. the pig, is slaughtered. The sites disappear, the accounts evaporate and, with them, the victims’ money.
How did “Pig Butchering” come about?
According to recent investigations, behind these scams there would be real, widely structured criminal organizations, equipped with a vast corporate structure, complete with headquarters and branches; with IT/telecom employees, treasury staff and “hosts” who raise the “pigs”.
They are salaried, have holidays and the hosts receive commissions of 20% to 40% the frauds they pull off. They can count on experts in psychological profiling and more: to make the pick-ups more effective, special algorithms and extremely elaborate scripts are used, with constantly updated manuals and procedures, with the specific purpose of gradually leading the victim to fall in love, perhaps cultivating the expectation of being able to establish a long-term relationship with a person who is made to be perceived as charming, attractive and successful.
In this type of scam, the main ingredient is the loneliness of the victims and their need to satisfy emotional needs and establish social relationships.
With this in mind, the individual isolation caused by covid, of course, has encouraged a proliferation of this type of scam: according to a report published by the Wall Street Journal, “romantic scams” would have grown by 70% in 2021 compared to 2020.
How to be protected against this type of fraud?
According to Paolo Dal Checco, Forensic Computer Consultant, who specializes in computer forensics also in the crypto sphere, in this case as well, cryptocurrencies are not the basis of the scam, but a means of making the funds stolen from the victims difficult to trace and recover. Typically, the fraudster helps the victim acquire and transfer the funds, even going so far as to remotely control their PC or smartphone via software such as Teamviewer or Anydesk, so as to verify that the funds are correctly transferred to their wallets, from which the victim will obviously no longer recover them.
The protection is not so much on the user side, but rather on the bank side, which sometimes knows the IBANs of the exchanges most used for this type of scam and warns customers when they attempt to buy cryptocurrencies. This approach is clearly intrusive when the customer consciously intends to buy them, so the bank must assess this type of notification according to its customers’ knowledge of the crypto world.
On the one hand, younger users, who are also financially literate, will be less likely to be subject to checks and notifications, while on the other hand, older users, with more traditional habits and standard account usage, will certainly be subject to reporting and verification if they start transferring large sums of money to IBANs linked to exchanges, especially if they are foreign or flagged by the various scam monitoring systems.
As is often the case in many cases of fraud on the web, once one falls victim it is very difficult to recover what has been sent to the fraudster. Certainly, a first step that may be worth attempting, when realizing that you have fallen victim to such fraud, is to request the cancellation of any bank transfers.
In some cases, this is possible even some time after the transfer has been made, provided that on the other side the account has not been emptied in the meantime. For the rest, the hope of getting one’s hands on the culprits is in most cases destined to remain in vain. Prevention with the use of common sense always remains. When things are suggested that sound too good to be true, in most cases there is a catch behind it. So, even if it is not clear which one, it is always best to stay away.