China, how the new digital scam that comes from the country works

China, how the new digital scam that comes from the country works


Digital scams such as compromised corporate emails and romance scams net billions of dollars for cybercriminals. These scams always start with some 'social engineering', to get the victim to take an action that hurts them, like trusting the wrong person or sending money. Now, a new and increasingly popular variant of these strategies, known as pig butchering, deceives unsuspecting targets into stealing all their money, operating on a massive scale thanks to largely, to human trafficking .

The new technique originated in China, where it is known as shāzhūpán . The name of the scam is due to the approach adopted by the attackers, who figuratively "fatten" the victims - a bit like pigs before slaughter, in fact - and then steal everything they have. Generally these scams involve cryptocurrencies, but can also be related to other types of financial trading.

How the scam works

Cybercriminals contact their targets via text messages or social media platforms , dating or communication . If the recipient replies that the attacker has the wrong number, the former takes the opportunity to start a conversation and give the victim the feeling of having made a new friend. After building rapport, the attacker mentions that he has made a lot of money investing in cryptocurrencies and suggests the target participate as much as possible.

Next, the scammer tricks the target into using a malicious app or web platform, but it appears trustworthy at first glance and may even impersonate a financial institution platform. Once inside the portal, victims often see market data presented in real-time, which serves to show the potential of their investment. The creation of malicious, legitimate-looking financial platforms is a hallmark of pig butchering, as are a number of other tricks designed to lend credibility to the scam: to reassure victims, for example, they are given the opportunity to make a video call with the their new "friend" or withdraw some money from the platform. The latter is a tactic that scammers also use in traditional Ponzi schemes.

Although the scam has some new twists, it's still easy to see where it's going. Once the victim has deposited all the money he has (or at least what the cybercriminals manage to get him to "invest"), the attackers close the account and flee .

" This is precisely the problem with the pig butchering: [the scammers, ed ] they try to take everything – explains Sean Gallagher, a researcher who deals with threats for the security company Sophos and has been monitoring the new fraud for the last three years – They target vulnerable people. have had long-term health problems, are elderly, feel isolated. They want to get every last drop of blood and are persistent."

Multilayered strategy

Although to lead to After pig butchering is necessary to communicate and build rapport with victims over time, researchers say criminal organizations in China have developed "scripts" and strategies to offload much of the work onto inexperienced or even inexperienced scammers. or on victims of human trafficking .

" We can already see the damage and the human cost both for victims of scams and for people who are forced to work – underlines Michael Roberts, expert digital forensic analyst who worked with some victims of pig butchering attacks –. That's why we need to start raising awareness about this threat so we can break the cycle and reduce the demand for kidnappings and human trafficking.” The concept is similar to ransomware attacks and digital extortion, where forces of law enforcement encourage victims not to pay criminals' ransom demands, so as to discourage them from repeating attack attempts. 

The role of information

Despite starting in 2021 as the Chinese government attempts to crack down on cryptocurrency-based scams, cybercriminals in the country have managed to move their pig butchering operations to Southeast Asian countries, such as Cambodia, Laos, Malaysia and Indonesia.Governments around the world are trying to raise awareness of the new threat.In 2021, the FBI's Internet Crime Complaint Center received more than 4300 reports related to the scam, for a total of more than $429 million in losses. In late November, the US Department of Justice announced that it had seized seven domain names used for pig butchering in 2022. " In this scam, scammers, posing as highly successful cryptocurrency traders, entice victims to make purported investments in cryptocurrencies, providing fictitious earnings to encourage further investment,” the FBI said in an October statement.

Government authorities and researchers emphasize that public awareness is a key component to avoiding fall into pig butchering. If you know the signs that you are in the presence of the scam and understand the concepts behind it, you are less likely to be a victim. The challenge is to reach a wider audience and get people to find out about the existence of pig butchering and pass the information on to other people in their family and social circle.

As is the case with romance scams and other personal attacks, researchers argue that pig butchering has a huge psychological impact on victims, in addition to the financial repercussions. The use of labor obtained through human trafficking adds another layer of trauma and makes it even more urgent to face the threat.

" Some of the stories told by the victims are heartbreaking – says Ronnie Tokazowski, a researcher who longtime business  of corporate email compromise and pig butchering and threat advisor to cybersecurity firm Cofense –. Truly tearing.”

This article originally appeared on US.

Powered by Blogger.