At the moment, Sophos says that one application attempting to run a fake gold-trading marketplace is a Russian-centered platform that uses Windows, Android, and iOS versions of its application – all downloadable from a fake bank website – to pull unsuspecting consumers into its lair.
To “enroll” in the marketplace, victims were told to upload a considerable amount of personally identifying information, including photos of identity documents like a driver’s license and tax identification numbers, and then wire cash to the scammers.
Sophos said it shared data on the scams with Apple and Google, as well as other organizations that either were impersonated as part of the scams or were used as part of the swindle chain, but the scams are still active.
“This is in part due to the difficulty of getting infrastructure operators to act to shut them down, and the ‘whack-a-mole’ nature of these operations—when one set of app certificates and infrastructure gets taken down, another springs up quickly to take its place,” the company’s Sean Gallagher wrote.
A slow-building, comfortable relationship that can prove dangerous
Gallagher said that his interaction with one of the new wave of pig butchers began with a “Hallo.”
“The scammer engaged me in Twitter direct messages to determine if I was a suitable target for the scam. ‘She’ claimed to be a 40-year-old woman from Hong Kong.
Using a slow build to try and sucker Gallagher into being comfortable with her, “Chen” told him that her “uncle” had taught her how to do short-term trading on the London spot gold market. One thing then led to another – eventually scoring Gallagher a “practice” account with a balance of $100,000 and an invitation to introduce him to her “uncle” who claimed to be a former Goldman Sachs analyst, but was nothing more than a “catfish.”
Building a comfortable relationship is a hallmark of pig butchering scams because getting chummy with a victim leads to the “slaughter.”
“These emotions are then exploited to manipulate the victim," Proofpoint’s Tim Kromphardt And Genina Po said. "Genuine emotions also fuel under-reporting of these types of losses, as people feel shame about being duped and betrayed by someone they trusted, and do not wish to share with family, friends, or even law enforcement. Some victims have reported becoming suicidal.”
“Causing shame and embarrassment are key goals for threat actors that leverage this type of social engineering to exploit victims, similar to romance fraud. This ensures their schemes have longevity due to victims keeping their exploitation private.”
Protecting yourself against pig butchering
ConsumerAffairs reached out to Bill Versen, president of TNS’ Communications Market, a company that offers robocall protection solutions to carriers, to find out what consumers can do to help protect themselves against scams like pig butchering.
One thing that he noted is that the pig butchering scam also goes by the name of the “wrong number scam.” In that scenario, the targeted victim will receive a text message via SMS, WhatsApp, or other messaging platforms from an unknown number.
“The goal of the message is to be vague enough so that the receiver will believe the sender has the wrong number and will answer them,” he said.
“Don’t click on links from unknown numbers that text you. If you have elderly parents or other vulnerable family members, check in on them and make sure they did not receive any suspicious calls, [and] don’t call back numbers you don’t recognize [or] answer calls from numbers you don’t recognize; legitimate callers will leave a voicemail.”
“Educate yourselves on what some of the latest scams are” was his first suggestion, noting that the FCC has a website that highlights recent scams, and in addition, TNS also offers a scam of the month page that highlights the latest scams that its analysts see.