• Wed. Feb 8th, 2023

Pig butchering: A day in the life of a cyberfraud fighter

ByINVESTOR

Oct 28, 2022

2630 views

Fighting cyberfraud and helping to make the internet a safer place is a passion of mine. I’ve helped create solutions at Square and Facebook to protect users from malicious activity and I currently research and advise clients about emerging threats. In late 2021, I turned my focus to understanding a new technique used by fraudsters, one that combines the emotional manipulation of romance scams with the lure of crypto investing. It’s commonly referred to as “pig butchering.” 

I thought I had seen it all…

During a routine customer meeting, one of Sift’s dating app clients flagged a specific type of suspicious behavior — pig butchering — they were noticing on their platform. As an occasional dating app user myself, I immediately noticed that these types of accounts were prevalent across other dating apps, and took this as an opportunity to investigate. I rolled up my sleeves and signed up for every major dating app under a pseudonym to understand the anatomy of the scam.  

To my surprise, I uncovered an elaborate and increasingly common type of romance scam targeting dating app users. In this scam, the targets are referred to as “pigs” being prepared for slaughter — they’re raised for a juicy profit under the promise of a happy ending and big crypto wins. But ultimately, the scammer runs off with the victim’s money.  

I found that all the fraudulent accounts are similar in the fact that they’re profiles pretending to be successful businesspeople. They often talk about financial freedom and wanting to retire early to travel the world with their families. The fraudsters show off a luxurious lifestyle and model-esque photos and include irrelevant answers to the app’s question prompts. They message unsuspecting users, then try to push the conversation off the app and onto an encrypted messaging platform, like WhatsApp, as quickly as possible. This allows them to maintain their anonymity and evade detection by any particular platform. 

Once the conversation is in a secure, unmonitored channel, the fraudster lures the victim into making investments in a fake crypto platform, controlled by the scammer, eventually allowing the scammer to make off with all the money “invested.” 

Cyberfraud: Going undercover with a pig butcher

After learning about the sophistication and cruelty of the scam, and how it could potentially impact the nearly 50 million Americans who use dating apps, I wanted to know more so I could better understand how to protect businesses and consumers. And, I thought, what better way to get an inside look than to set myself up undercover as a guinea pig?

Once I connected with a scammer’s profile, they immediately started “love bombing” me with repeated flattering and romantic messages. I knew this was a way to earn my trust quickly, so I continued to play along.

After they felt they’d built enough trust with me, the fraudster suggested we continue our conversation on WhatsApp. I complied and after less than two days, they initiated talk about money. At first, the fraudster started to tout his crypto wins and bragged about how much he’d made investing. He followed it up by promising to teach me about crypto investing, so I wouldn’t miss the opportunity to make extra cash. I didn’t want to blow my cover, so I initially acted hesitant, at which point they began to use psychological tactics to manipulate me into investing with urgency. 

It was at this point in our conversation that I “acquiesced” and he taught me how to create an account on a legitimate crypto exchange. Once I was set up, the scammer claimed to know of a better exchange for trading and sent me a link to a new platform. This new platform had zero presence on search engines and app stores, and the domain registrant information was made private. This phony trading site mimics a real crypto trading exchange, showing accurate real-time values of cryptocurrencies, to seem credible.

I put $100 worth of Tether (USDT) into the fake exchange, and almost instantly, I started to see the earnings come in. I suspected that this was because the scammer controlled the returns displayed on the trading exchange, and was further trying to earn my trust by showing gains. I played along to show my confidence in the platform and was pushed to invest larger amounts of money. Throughout this period, the scammer continued to entice me with phrases like “don’t miss out” and “don’t give up” to try to get me to put more money into their exchange. 

Having established an understanding of this scam, I knew that the cyber con would continue to try to drain me of more money. With no need to further “invest” with the fraudsters, and with his patience running short, I decided to confirm whether my hypothesis that this was a scam was true.Using publicly available tools that track blockchain transactions, I was able to track the history of the account that was associated with me. To my surprise, “my account” had seen a total of $130,000, which confirmed that I wasn’t the only victim this fraudster was targeting.  

Combatting sophisticated cyberfraud

Today, 22% of consumers who encounter crypto scams lose money, and that number is only going to rise as these scams continue to proliferate. After uncovering the inner workings of pig butchering, I began working closely with Sift’s dating app customers to detect fraudulent accounts and shut them down before they ensnare more victims.

After witnessing this scam I’d urge consumers to remember these tips:  

Whether you’re a dating app user, a crypto investor or even a cyberfraud researcher, there’s no way to avoid scams entirely. That’s why we as a community — businesses and cyberfraud fighters — need to come together to use the tools at our collective disposal to stop fraudsters from appearing on dating apps in the first place. 

Jane Lee is a Trust and Safety Architect at Sift.

3 thoughts on “Pig butchering: A day in the life of a cyberfraud fighter”

Leave a Reply

Your email address will not be published. Required fields are marked *