By John Mac Ghlionn
Perhaps you are familiar with the term “pig butchering,” a new type of criminal activity with all the elements of a romance scam but with an investment opportunity twist.
The FBI describes “pig butchering” as “a time-tested, heavily scripted, and contact-intensive process to fatten up the prey before slaughter.” In December, Frank Fisher, public affairs specialist at the bureau’s Albuquerque division, said: “We’re not talking about what’s going on at farms. We’re talking about a cryptocurrency investment scam that is sweeping the country.”
In the United States alone, this form of scam artistry has resulted in the loss of hundreds of millions of dollars. Who are these butchers? According to new research by Sophos Group, a British-based security software and hardware company, they are all based in China.
Sean Gallagher, a cybersecurity expert at Sophos, told me that “pig butchering” scams first started in China in 2018. In the years since, however, they’ve gone global. In addition to Hong Kong, “there are scam operators working out of Cambodia, Myanmar, and other southeast Asian countries, and lookalike scams are now being run by Nigerian cybercriminals and others.” A rise in the number of butchers means more pigs for slaughter.
Gallagher, who previously worked as the IT and National Security editor at Ars Technica, said these scams are the brainchild of Chinese criminal organizations. The people responsible for the “fake applications and technical aspects of the scams,” he said, “are Chinese speakers.” However, the people responsible for luring unsuspecting victims (for example, the people sending the text messages and initiating the video and voice calls) are often citizens from other regions in Asia, like Malaysia, Vietnam, or Taiwan. Many of these people, noted Gallagher, are “lured by fake job postings and forced to work these scams, though some Chinese citizens have also become involuntary participants.”
Gallagher, now a senior threat researcher at Sophos, a leading cybersecurity firm, has been studying the art of butchering for years. He recently published a report documenting the many ways in which scammers use counterfeit bank websites and even Apple’s app store to defraud and fool the masses.
Fattening Up Victims
He and his team discovered two scam rings, both with ties to China, that somehow managed to evade “Apple’s rigorous review process” and push applications onto the iOS App Store. The first scam that caught Gallagher’s eye involved a Hong Kong-based ring that leveraged the MetaTrader 4 platform.
Also known as MT4, the app is best described as a sophisticated trading platform that allows users to create and execute complex trades. The report notes that MT4, run by a Russian software company, has been abused by criminals in the past. To “enroll” in the trading marketplace, “victims were instructed to upload a significant amount of personally identifying information, including photos of government identity documents and tax identification numbers, and then wire cash to the scammers.”
Another scam Gallagher and his team identified involved a Cambodia-based Chinese crime syndicate. These fraudsters ran a fake crypto trading application exploiting the TradingView brand. For the uninitiated, TradingView, used by more than 30 million people worldwide, is a financial platform and social network rolled into one. The application, according to the report, “offered from a fake app store, came in Android and iOS “web clip” versions. This particular scam, which Gallagher plans to document in greater detail in an upcoming report, used a “much more developed social engineering operation” than the MT4 one. In one month, for example, wallets associated with the scam had taken more than half a million U.S. dollars in cryptocurrency from victims.
Gallagher and his team have shared data on both scams with major companies that have been impersonated by scammers, including Apple and Google. The researchers have also shared their findings with the many companies whose infrastructure was exploited by the scammers. Nevertheless, both scams, as the report warns, are still very much active. Readers are told, “This is in part due to the difficulty of getting infrastructure operators to act to shut them down, and the ‘whack-a-mole’ nature of these operations.” Sadly, when one scam gets exposed, another springs up almost instantly to take its place.
To keep yourself safe, Gallager advises people always to ignore or block unsolicited texts or emails. Moreover, if someone approaches you on a dating app or a social media platform and requests that the conversation be moved to WhatsApp or Telegram, Gallagher says this is a sure sign that something untoward is afoot.
Finally, as obvious as it sounds, be extremely wary of people online “promising easy wealth through crypto or other trading apps, and never install apps on an iPhone or other device that requires the installation of a mobile device management profile.” This is “an ad-hoc way of installing apps that many criminals use,” Gallagher stressed.
The butchers are sharpening their knives. Make sure you don’t become yet another fattened pig sent to slaughter.