Slaughtering the Pig Butchers

The fight against fraud hinges on devoted anti-scammers, unwavering in their mission to shield vulnerable consumers from fraudsters.

The fight against fraud would not be complete without the extraordinary efforts of anti-scammers who make it their life’s work to combat fraudsters who prey on consumers – typically the more vulnerable among us. Chief among them is Jim Browning, renowned for his exceptional work detecting scammers, uncovering money mule networks, exposing their operations, and ultimately taking many of them down.

Mr. Browning recently spoke at Datos Insights’ sixth annual Financial Crime and Cybersecurity Forum, sharing his insights into the functioning of a recently identified “pig butchering” scam operation.

“Pig butchering,” as the scam has come to be known, involves a scammer contacting an unsuspecting target out of the blue through a “misdirected” message by text or through a messaging app, such as WhatsApp, and developing a relationship with the victim. Ultimately, the fraudster will dupe the victim into placing funds in a fake account, most often a cryptocurrency trading account, or a real account that will ultimately be drained by the scammer (Figure 1).

Image showing pig butchering scam flow.
Figure 1: Pig Butchering Scam Flow

The scam monicker, which originated in China, refers to the practice of fattening a hog before the slaughter. This type of scam involves an extensive and well-designed process of establishing a relationship and building trust, often over a long period with a slow and steady cadence of interactions. It requires a relatively large staff to execute the con against multiple victims simultaneously.

Through years of painstaking efforts, Mr. Browning has been able to gain access to and document the inner workings of numerous scam shops by cultivating information sources and infiltrating their systems and security cameras.

These operations have elaborate infrastructures and capabilities that criminal enterprises set up to operate the fraud at scale. They occupy large buildings and masquerade as legitimate call centers in offshore locations that house hundreds of workers who participate directly in the scam by contacting the targets or providing technical and administrative support.

The scammer facilities look a lot like FI operating centers that are full of computers installed with multiple applications that allow the scammers to initiate contact with potential victims through texting from spoofed numbers or directly through messaging apps. If the contact is made through texting, the scam operator will suggest that they move to a messaging app. From this point on, the scammer will engage in small talk, ask to exchange pictures, and cultivate the expectation of a romantic relationship. This is all executed through a prepared script, which varies depending on the direction of the conversation.

Eventually, the scammer will start talking about investments and how they make a lot of money trading cryptocurrency. They will ask the victim to place funds in an account, and the fraudster will show the victim how they can make money trading. The account will most often be in a fake cryptocurrency trading platform, likely controlled by fraudsters, which allows them to extract the funds immediately once transferred to the fake account. They may also use legitimate platforms and social engineer the victims to provide their credentials or gain access to their computers using remote access software under the ruse of wanting to show the victims how their trading strategy works. In either case, the victim can be out considerable amounts of money, and the offshore fraudsters are home free.

Anti-scammers, like Mr. Browning, employ a multifaceted approach to combat fraud and help protect individuals and businesses from falling victim to scams. They often utilize a combination of education, technology, and law enforcement efforts to thwart fraudulent activities. By employing these strategies, anti-scammers work tirelessly to create a safer digital landscape for individuals and organizations alike, reducing the financial and emotional toll of fraud. The product of Jim Browning’s work can be viewed here.

For more insights and highlights from the Datos Insights Financial Crime and Cybersecurity Forum, see Datos Insights’ report Datos Insights’ Sixth Annual Financial Crime & Cybersecurity Forum: Fortifying Defenses for a Secure Tomorrow, November 2023.

And mark your calendars for next year’s Financial Crime and Cybersecurity Forum, September 10 to 11, 2024, in Charlotte, North Carolina. Hope to see you there!