How to Avoid Being a Social Engineering Victim of Pig Butchering Cryptocurrency Fraud

As Crypto market grows it encourages threat actors to commit cyber crime. This leads security firms to be more vigilant about the emerging threats to protect their clients and their own infrastructure. Proofpoint, a well know security company has been tracking multiple threats known as Sha Zhu Pan, or “Pig Butchering” for past few months. According to the Proofpoint, these threats are typically managed by a large industry of professional fraud actors to lure a victim into depositing cryptocurrency into a fake cryptocurrency exchange to steal the money. Threat actors usually carry out these attacks using attractive platforms like dating apps, social media platforms, or some times through text messages. We created this post to help you learn about Pig Butchering Cryptocurrency Fraud, a cryptocurrency-based social engineering scheme and how to avoid being a social engineering victim and finally, how to prevent social engineering attacks in general. Let’s begin the post.

What Is Social Engineering

Social engineering is the art of psychological manipulation to exploit human errors to accomplish malicious activities. Social engineering tactics makes people to trust blindly and break security policies and procedures, this is mainly done by gaining the trust of an individual and unknowingly stealing sensitive information from them.

In this post we will discuss on a major social engineering attack which is exploited widely and how to avoid being a social engineering victim.

Cryptocurrency Frauds High in Markets: Pig Butchering

Crypto currency is the virtual currency which are encrypted by cryptography. Crypto currencies are not issued by any central authority and doesn’t exist in any physical form, they are maintained in a decentralized platform. One of the wildly exploited social engineering attack is the Pig Butchering Cryptocurrency Fraud.

This cryptocurrency-based social engineering scheme have stolen millions of dollars from multiple users.

What is Pig Butchering:

A conversation that is started from a text from a wrong number will lead to months of friendly conversation which eventually moves on to many serious topics on emotional scenarios, financial advices, etc., over a period of time you started trusting your new friend, and one day they inform you about a highly successful investment they did in a newly emerging cryptocurrency platform which is the future of crypto investments and recommends you to invest in it

Initially, you are a bit hesitant, and you invest less, but the investments doubled. Wow! This currency is for real. Let me invest more. After investing a huge amount in crypto while waiting for it to get doubled you are realizing slowly no one responding and when you realized you have been scammed the threat actor deletes the website and moves on to their next victim.

You Have Been Scammed!!!!

Proofpoint has shared a detailed article on this cryptocurrency-based social engineering scheme, Pig Butchering AKA Sha Zhu Pan.

Now Let’s dig into the details of how the attacker lure their victims and gain their trust.

The name ‘Pig Butchering’ refers to how the scammers feed the victim(pig) with so many hopes and false promises and eventually make them ready for getting looted (Butchering).

Pig Butchering Cryptocurrency Fraud initially targeted the Chinese audience and then slowly moved to English-speaking countries.

Phase 1:Introducing the Treat Actor

The conversation mostly starts with an attractive polite stranger on the internet, they start with pleasantries and mind-capturing conversations while they complement, and empathize with the victim.

Slowly they start chatting for weeks and establish a strong emotional connection with the victim sharing their experiences and finer things in life. If the Victim is on social media apps like LinkedIn, Twitter, Instagram etc the threat actor will request the victim to connect over WhatsApp which is the more private and trustable platform. Most of the time they establish a romantic relationship with the victim and share racy “selfies” to make the victim reciprocate the same (which will be used in later stages for blackmailing).

As this conversation progresses and the attacker feels the trust with the victim is established, they will invite the victims to chat with their so-called ‘investment mentors’ on how to make more money and how the threat actor has created a lot of profit out of it.

Credits: Proofpoint

Phase 2: The Kind Uncle who helps you invest!

One the rapport is established the ‘investment mentor’ or the ‘kind uncle’ will send the victim cryptocurrency investing documents on how to set up coin base or crypto account. One of the integral parts of the scheme is to create a cryptocurrency wallet if the victim doesn’t have one. The scammers will work with the victim individually or ask them to join group chats mostly on WhatsApp, telegram and Discord where the victim meets so many people investing and making money as per the advice of the “Plan Analyst” the one who leads the group.

Ultimately after all the convincing, the victim will be led to fake crypto currency website or mobile applications and will be requested to purchase a small amount of crypto by the treat actors, this will be mainly on Tether (USDT) in crypto.com or coinbase.com. The threat actor will make sure that the victim purchased by requesting a screenshot, the actors will specifically request to invest less than $1000. If the victim complies to all the requirements set by the treat actor, they will be provided with 10% to 20% reward which will be reflected immediately in their wallet.

Once the reward is received the ‘plan analyst’ will congratulate you and also inform you on the urgency on investing in crypto as it is a volatile market. Hence slowly step by step after investing in small amounts and getting rewards the attacker will urge you to invest in a huge amount, here the treat actors are putting victims into a behavioural pattern known as “classic conditioning” where the victims mind is trained on receiving the rewards. In this case the victim believes in attacker as he was receiving rewards from previous investments.

An image of fake crypto website captured by Proofpoint

Phase 3: Fattening Up the Pig

Once the victim is convinced by the attacker and sees profits in their wallet, the trust also increases and they are ready to invest high, a.k.a Fattened up, the attackers will encourage in putting in large investments by taking a loan, sell stocks etc, and invest in the fake crypto.

Once the victim starts to worry, they will be asked to take out only small amounts and convince that the rest of the amount should not be taken out.

In the end when the victim realizes that they have been scammed, the attacker deletes the website and starts hunting for other victims.

On the Killing Floor

Pig butchering type of scam is most of the time highly successful due to the intimate conversations with the victim which makes it more trustable. The empathetic and emotional manipulations and friendly conversation exploit the genuine feelings of the victim. The attacker often shares fake sad and emotional stories in order to gain trust and empathy from the victim.

The threat actors are highly trained not to click any links. When Proofpoint researchers shared URLs to trace the treat actor they were blocked immediately.

Credits: Proofpoint

As per the statistics shared by FBI In 2021 more that 4300 cases were received on crypto-romance scams which lead to more than $429 million in losses.

How to Prevent Social Engineering Attacks

The U.S. Federal Bureau of Investigation (FBI) have shared a few steps on How to avoid being a social engineering victim

Indicators of Compromise

Conclusion

Every day we hear about multiple cyber-attacks happening all around the world, but as an individual, we will be least bothered as you may think how it will affect us.

The above post would have given a detailed idea of how threat actors can impact a common man, we also learned how to avoid being a social engineering victim. Everyone should be always alerted to their surroundings and very careful while sharing personal information on the internet.

Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr,  Medium & Instagram, and subscribe to receive updates like this. 

You may also like these articles: