Digital swindles like business email compromises and romance scams generate billions of dollars for criminals. And they all start with a little bit of “social engineering” to trick a victim into doing something disadvantageous, whether that’s trusting someone they shouldn’t or sending money into the void. Now, a new variation of these schemes, known as “pig butchering,” is on the rise, ensnaring unsuspecting targets to steal all of their money and operating at a massive scale thanks in large part to forced labor.
Pig butchering scams originated in China, where they came to be known by the Chinese version of the phrase shāzhūpán because of an approach in which attackers essentially fatten victims up and then take everything they’ve got. These scams are typically cryptocurrency schemes, though they can involve other types of financial trading as well.
Scammers cold-contact people on SMS texting or other social media, dating, and communication platforms. Often they’ll simply say “Hi” or something like “Hey Josh, it was fun catching up last week!” If the recipient responds to say that the attacker has the wrong number, the scammer seizes the opportunity to strike up a conversation and guide the victim toward feeling like they’ve hit it off with a new friend. After establishing a rapport, the attacker will introduce the idea that they have been making a lot of money in cryptocurrency investing and suggest the target consider getting involved while they can.
Next, the scammer gets the target set up with a malicious app or web platform that appears trustworthy and may even impersonate the platforms of legitimate financial institutions. Once inside the portal, victims can often see curated real-time market data meant to show the potential of the investment. And once the target funds their “investment account,” they can start watching their balance “grow.” Crafting the malicious financial platforms to look legitimate and refined is a hallmark of pig butchering scams, as are other touches that add verisimilitude, like letting victims do a video call with their new “friend” or allowing them to withdraw a little bit of money from the platform to reassure them. The latter is a tactic that scammers also use in traditional Ponzi schemes.
Though the swindle has some new twists, you can still see where it’s going. Once the victim has deposited all the money they have and everything the scammers can get them to borrow, the attackers shut down the account and disappear.
“That’s the whole pig butchering thing—they are going for the whole hog,” says Sean Gallagher, a senior threat researcher at the security firm Sophos who has been tracking pig butchering as it has emerged over the past three years. “They go after people who are vulnerable. Some of the victims are people who have had long-term health problems, who are older, people who feel isolated. They want to get every last bit of oink, and they are persistent.”
Though carrying off pig butchering scams takes a lot of communication and relationship building with victims over time, researchers say that crime syndicates in China developed scripts and playbooks that allowed them to offload the work at scale onto inexperienced scammers or even forced laborers who are victims of human trafficking.
“Some of the stories you hear from victims—it eats you up,” says Ronnie Tokazowski, a longtime business email compromise and pig butchering researcher and principal threat advisor at the cybersecurity firm Cofense. “It eats you up really freaking bad.”