Podcast: Play in new window | Download
Subscribe: RSS
Episode 12: Pig Butchering 101
I was planning to hold off on this for a little while. Then I started seeing others discussing it on social media.
I purposely went along with a romance scam for the purposes of learning what the end goal was to share with the world. It was what is being dubbed “Pig Butchering”. Pig Butchering is essentially persuading a victim to invest in cryptocurrency on a platform/website/application that the scammers have control over. They tell you to purchase random cryptocurrencies using Bitcoin that you purchased on Cash App. A few hours later they will tell you to sell it, thus showing a profit on the crypto-exchange they asked you to create an account on.
They will continue to do this for as long as they can, all the while creating an online romance. You will see profits in a growing crypto account on their website but it’s all fake. They have scammed you out of potentially millions in some cases.
This particular scammer tried to scam me for almost two weeks until I called her on her bluff.
In this episode, we will discuss what to look for, and how to avoid being scammed.
Transcript of Pig Butchering 101
0:00
People are the weakest link in any cybersecurity plan. We’re distracted, exhausted and often unmotivated. It’s time to change the approach used to protect our businesses, technology, identity and data. The human element has to be front and center in a war against data breaches and ransomware attacks it’s time to educate.
0:52
Welcome to the human element podcast, visit our website at the human element dotnet for more content to help you strengthen your awareness of the people problem in cybersecurity. I am Scott Gombar. Owner and Washtech a client focused, security minded proactive IT service provider. Welcome everyone to Episode 12 of the human element podcast. I am Scott Gombar, your host, owner of Newswatch Tech, we are a client focused security minded, proactive IT service provider. But this podcast is mostly based mostly about psychology psychology in social engineering aspects of the cybersecurity world. We’ll talk some Oh synth, we’ll talk some social engineering, we’ll talk about fishing a lot, things like that. And what I’ve noticed, personally is an uptick in my own, or I should say, people trying to compromise my accounts or compromised me, I guess you could say but fortunately for you, and for this podcast, I’m pretty well versed on what to look for, and how to avoid it. In this way, I can educate everyone else. So as I said, this is episode 12. This one is going to be called pig butchering. And you’ll by the time we’re done, you’ll understand but I will say this. So before I jump into it, I’ve had several attempts on my Facebook account as of late. Lots of smishing that is fishing through text message. And that’s kind of where this one is going to go winds up on WhatsApp. But it starts out on my text message. And you can almost always sniff it out. There’s only been one instance where I was wrong that it was a legitimate text message. But every other time I sniff it out and we’ll share you know some details from there but for whatever reason, and it may be because of this podcast maybe because of what I do. I don’t really know the number of attempts at trying to hack me has definitely increased. Got to do better hackers I’m sorry you you haven’t succeeded. You’ve got to do better do your homework. I’ve got MFA turned on on everything I’m can sniff a scam a mile away. You’re gonna have to come a little bit better than that. So let’s talk about pig butchering, and I wasn’t going to do this yet but then I see other cybersecurity professionals sharing their experience with pig butchering or you know the stories that are coming out so long story short. We all know we have a problem with in this world not just in the US or not just in any other one, you know, one specific country we have a problem with human trafficking. While there are stories now of human trafficking, not for the usual reasons this time it’s for the purpose of what I’m going to review now pig butchering, so pig butchering is the my own definition is trying to land a large whale so they used to call a whaling so you go to a casino look for the person who has the most money and try to get them to sit down and gamble that now they’re gonna pick butchering and pig butchering us trying to find someone with a lot of money and skim them out of the money. There are stories of one woman who was terminally ill at that, who was scammed out of a believer was 2 million was the number $2 million. There are a lot of other stories out there and I’m going to tell you how it happens and I wanted to do a video. But I do believe some of the content. I’m not sure I want to share all of the content of the messages I played along for quite a while I think a week or two, I’m just trying to get the dates here for you. And what happened was I received a text message and I received this text messages, probably on average, once a week, maybe at least a few times a month. And it’s just a random text message that’ll say something like, K. Tom, this is, in this case, the person’s name was summer. Or do I have the wrong number? And right away, I know, I know what this is, I know what it is. And so I decided this time, I’m going to go along with it. Normally, I just ignore it. Sometimes I even just blocked a number. Actually, I usually do go through and block it. Eventually. I get probably a couple 100 texts a day. So it’s sometimes it’s, you know, I forget to go back to it. This time I played along.
5:49
And I’m just trying to scroll through all the dates. I’m looking at WhatsApp Web, so they send me a text on my cell phone number. Now my cell phone number I’ve mentioned it many times before, is available on the internet. You google me, my cell phone number is not that hard to find. It’s not hard to find anybody cell phone number, to be honest. And I’ve proven this time and time again. We talked about it on the last podcast, the last episode, so I did. Okay, so I’ve got the deets. I went along with this for just about two weeks. So they sent me a text. And I say no, this isn’t Tom or I don’t remember what name they use. And so I’m sorry. And so then they eventually, I think they asked for what my name was. And I gave them a fake name. I told them, my name was Anthony. And I created instantly I created a profile of a fake person. So I’m Anthony. I own a club in Miami. Very busy during the day. Or usually I’m sleeping during the day, sorry. And I get up, you know, late afternoon, early afternoon. And start my day with the club. I’m off on Mondays and Tuesdays because those are slow club days. And I this is the profile created. I don’t own a club. I don’t live in Miami, and wouldn’t want to live in Miami. It’s too hot for me. But this is the profile I created on the fly. I did this quickly. And so after a couple of text messages, the person asked me if I would continue to conversation on WhatsApp because it was a work phone that they were using. So I said sure I have WhatsApp, let’s talk. And it was a romance scam. I knew where it was going to I knew that it was going to be a romance scam. She sent pictures, I took why I asked for pictures. Kind of to prove my point. And initially, the pictures seem legit. And I do believe it is a legitimate person. Maybe because I did Google search the images and it did not come up at first. And I’m going to get to that in a minute. So you can take any image and do a reverse Google search and see if the image has been used before. And I’ve done this, and now it’ll be another podcast. My son was was somebody was trying to talk to my son. And I had to prove that it wasn’t who they claim to be. And I’ll get to that’ll be another podcast. So I did and I asked for a picture and almost immediately, same day, got a picture and decent looking Asian woman. She claims she was from where did she say she was from? I forgot where she said she was from. But now she’s in New York. She was working for her art in New York. Okay. And I’m looking at the picture and it doesn’t look like a place in New York. But I you know, who knows? I haven’t been to every building in New York. So maybe it is. So we carry on this conversation for I think it was 13 days total. And eventually after just talking. They you know, she asked for ages. Asked what I do. I asked what she does. She said she works for a Chinese logistics company. What eventually, you know, she’s telling me what she likes to do. She’s cooked Of course, it’s all the same cooking reading books, traveling. They always love to travel. kept going, like your legitimate conversation, talking about the pandemic, how it’s changed her life. She sent messages of her cooking. You know what, I don’t know if it was her cooking, it was an image of a video of some food on the stove cooking all of the things that you would do if you were trying to start an online romance again, married it’s not going to happen regardless if it’s real or not. But I knew it was not real. First of all why ticket to WhatsApp. But anyway, like it tell you where she took her to WhatsApp and I’ll get to that shortly too. Then she starts a few days in starts talking about a side hustle the side hustles cryptocurrency. So now you might be able to see where this is starting to go.
10:19
And so I played along pretended like I didn’t know a lot about crypto and pretend that I won’t do much with crypto and wanted to know more. And they kept talking. She kept talking about it. I told her I owned a little bit of Bitcoin. I mean, a lot of people do at this point. So it’s not that big of a stretch. I told her I prefer stocks. But she kept pushing, she kept a little bit of crypto talk and a little bit of romance talk. Talked about getting married. And I pretended that yes, I would like to eventually get married to someone told her that all the all the girls on Miami are phony. I don’t know anybody in law. That’s not true. I do know people in Miami, but I don’t know, romantically on that level. I don’t know any women in Miami. Occasionally, I would say send me a picture, because I wanted to see what she would send. And eventually, she did send a picture that I took every single picture she sent to Google Images to see what came up. Eventually, she sent one where she said she was in New York, she took a picture of another couple at a table in New York. And I took the picture at a table in a restaurant. And I took the picture, put it in Google and turns out it’s a restaurant in Budapest. Okay. So now I know she’s not in New York. I knew that anyway, I did go along with it even after that. And I told her, Hey, I’m going to fly out to New York, we can meet we could, you know, go out to dinner or whatever. So the weekend came that I said I was going to be New York, and she went radio silent. That was at the end. And that’s when I called her bluff. Before that, she tried to get me to go to a website. And I’m looking for the domain name now. But it was around crypto. So repeatedly, she tried to get me to trade for crypto using cash app, which to me is a red flag as well would not use a Cash App. I’m not even sure what I would use at this point because Coinbase is in big trouble financially, but she wanted me to buy bitcoin and cash app and then send her a picture. Now I know what she wants to picture of me making a purchase. That never happened. I told her I did and I told her I bought you know, she would say okay, now buy some other cryptocurrency using the Bitcoin and I told her I did. And I told her I sold it, like she said she was doing you know, she would buy it at 10pm and I and then flip it at 11pm and I sell it back and claim she’s making money. She sent me charts and everything. They were obviously fake charts. But when she sent me the link to the website, and I’m still looking for it. I knew it was a fake website. And then if you Google the web site name, you’ll see that it it was it’s got bad reviews for being not a good site to go to. I’m trying to find it. So hold on. I’m gonna pause. Alright, so I dug through the messages. And it looks like she actually deleted the website because I did threaten to expose her 13 days of talking about romance, about cryptocurrency about current events. She did a good job of really trying to sell it spent two weeks trying to convince me to join this website. And I’m sure their website was going to steal cryptocurrency from me, this is what they do. They tell you to buy cryptocurrency on their platform. And it’s keep giving you too they keep trying to convince you to buy more, buy more, buy more, and then eventually they say okay, if you need to withdraw, here’s what you need to do. And then they, they tell you, you got to pay for this fee and that fee, and eventually they take a ton of money from you. And she wanted me to do 10,000 At a time initially she said do a few dollars just to see. And then she wanted me to do 10,000 at a time. I never sent her screenshots of cash up because I never actually purchased anything to cash up. First I you know, I told her that I couldn’t get in my cash app account that I needed to create a new account and I saw I drove dragged it out a little bit. She even talked to me about what she ate on some days. She sent me multiple pictures. I don’t know five or six pictures and they were all one person, the same person. And I only found the one on Google images about the restaurant in Budapest. She claimed she was in Greenwich Village, New York. She was not she was in in another part of the world, Budapest, as I said, and
15:18
really went along with this. And I could see how someone who’s who might be, you know, desperate for attention, want a little, a little bit of romance, could could be scammed, I definitely could see that. I’ll have to create a video of the whole conversation at some point. It’s just time consuming. I’m actually late recording this podcast, I’m usually at podcasts in the hole. I am not right now. So it’s been an extremely busy couple of weeks. This is called pig butchering. And as this term is now being floated around on the internet, lot of the cybersecurity professionals out there are, are warning people about this type of scam. So they so it’s here’s the short condensed version, what happens you’ll get a random text message most likely looking for someone else, sometimes I get the text messages. And they do ask for me by name. And I still don’t talk to them in the one that was actually a text message was still not something I wanted. You know, they really weren’t trying to reach me, they wanted me to sell my house not doing that either. And that’s another scam, by the way to title theft. We’ll get to that later. But I don’t think that’s what that was gone was a real estate market is still pretty hot. So they’re probably looking for more houses to be able to sell. But I digress. They will get they will convince you to purchase crypto on their own platform. They’re not You’re not really purchasing anything that they’re going to create fake accounts that look like you’re making money. And eventually they’re going to say, Okay, if you want to withdraw your money, you need to pay this this fee that fee and that fee, obviously it still looks like you’re making money at that point. And then next thing you know, they vanish, your monies go on, and you’re out, you know 10s of 1000s and in some cases, millions of dollars. So romance scam, it is a long game, and I’ve read stories of some of these going months and even years. Mine was only 13 days because I eventually did call her out and told her that I know what the scam was I know what they were trying to do. And it’s probably why she deleted the website and I honestly cannot recall it I will try to find it and see if we can expose that website at the very least. I’m going to tell you this if you want to buy cryptocurrency that is completely your business. Stick with what you know. So in other words, don’t go buying some random cryptocurrency there are numerous scams out there involving crypto cryptocurrency. There’s a lot of I guess you could call them pump and dump. I’m not sure you could call it that sort of cryptocurrencies where they’re just trying to get everybody’s money and then they disappear. So stick with the bitcoins and in theory AIIMS, even Dogecoin if that’s something you care about, you know, it’s been around for a long time. Look for those that have a good history. If you’re not sure find someone who is sure about cryptocurrency, who can guide you correctly. I am not that person. I am not an expert. I understand blockchain, which is the technology behind it. And the potential for what blockchain can be used for is exponential. cryptocurrency is just the tip of the iceberg. Its cryptocurrency is also still in its infancy. And it’s going to be a long time before we could really see results or see anything. of value in cryptocurrency, in my opinion. Again, I’m not an expert, and I would never claim to be a cryptocurrency expert. I say if unless you fully understand it, stay out of it. If someone tries to begin a romantic relationship with you online, there are ways to recognize this number one random text message that eventually and actually just turn that direction pretty quickly in my case. But that’s also because I played along with it. So romance that begins online, never you never actually meet the person that’s key, meet the person. And I tried to make that happen, sort of. I wasn’t going to go to New York, but I pretended to go to New York in again. She went radio silent on me when that happened. So tell them you want to meet them in person. If they randomly message you on text message in with a wrong name, even a correct name and then they try to take the conversation to WhatsApp, that’s another red flag that usually means they’re not in the same country as you because you’re looking at international charges and so forth. If it seems to be too good to be true, it probably is. You’re not going to get someone starting an online romance within a couple of weeks. And they’ve never met you. Yes, I
20:12
know it does happen. I’ve heard the stories is very rare, very rare. And it’s even more rare that it happens to be someone in another country. But, again, this person was claiming to be in New York, take the images that they do, send, ask for images, let’s try to ask for pictures. Take those pictures to Google search and do a Google search on them. See what comes up? Again, the first few couldn’t find anything that matched exactly there were some similar but they were not exact. But the last one she sent was a restaurant in Budapest that she said she was in at that moment. Again, that was that was a way for me to determine that she was not where she said she was, was more for you than it was for me. Again, I knew right away what this was. At one point in a conversation was first of all, I could tell throughout the conversation, she was using Google Translate or some kind of translator, it was evident because the some of the English didn’t. You could English, the English language is backwards compared to most other languages in the world. And so when, when some of the words were backwards in a sentence, I kind of got the idea she was using something to translate. And that’s okay, if your English isn’t your first language. Nothing wrong with that. However, at some point in a conversation started talking to me in Spanish, and I do understand Spanish, I can somewhat read it. And so I asked, Why are you talking to me in Spanish? I think what really happened is she you know, obviously, I’m not the only person she’s trying to scam, she probably was trying to talk to someone else in Spanish, and got her WhatsApp mixed up. And she said that she was using Google Translate, and had to change to Spanish because she has clients in Spain. Red flag. Alright, so there are a lot of red flags here. She, if they try to get you to an unknown website, to trade crypto, do not create an account and start sending it money do not do that. If you’re going to trade crypto, you don’t, I don’t, I don’t want to say don’t use cash app, I wouldn’t if I had the choice. Find a legitimate, you know, Cash App is not really for that purpose Cash App is more for sending money or receiving money from someone. So those are other red flags, again, random text message that takes the conversation to WhatsApp to continue it. I did nudge that a little bit. But that again was to make a point. Search Google search the images on Google search to see if anything shows up in another part of the world, not where they claim to be. If you see that the English is a little off, like some of the words are backwards, most likely to using some kind of translator, if they start creating a romance. That’s also another red flag. romance scams are very popular, and they grow, they continue to grow. They’ve been around for a long time they were on MySpace and Facebook and almost everywhere you go, they do occur. No romance is going to happen over a matter of weeks. But I want what that being said are keep in mind that they are in it for the long haul. And they are well trained. And they are motivated, sometimes very negatively. But they are motivated to succeed. And they will take it for months and years if you allow them to. So if you purchase crypto through their platform that they sent you, they’re going to continue that scam for as long as they can keep it going until you start pushing back and saying so don’t be surprised if they string you along for a long time. They have a lot of time on their hands and they will continue to do scans for months and years as long as you continue to dump money into their fake crypto scam. People have been scammed out of millions, like I mentioned earlier, and would it’s going to continue to happen. So again, this is pig butchering. Some people call it pig slaughtering. This is a crypto scam, where victims are encouraged to put money into an account. That’s not really an account. And the account can they continue to say put more money in and purchase this crypto and they will create graphs that say, Hey, you’re making money, okay? Here’s how much money is in your account. It’s not a real account. They will ask you to pay money to take the money out. So now you’ve profited, let’s say $150,000 If you try to take it out, and they say, Well, you have to pay this fee and that fee and then they go, they ghost you. They’ve taken all your money and they are gone. If you want to trade crypto stick with the legitimate sites
25:14
Coinbase the one I know of Robin Hood does it. I guess you could go to Cash App, both grommet and Cash App don’t have the greatest reputation and Coinbase is allegedly financially in trouble. So hard to say where to go for sure. Good are banks that you could go through now. Just avoid the scam, you know, romance is going to start on WhatsApp. I can promise you that. But if you if you really believe this person is who they claim to be, ask them for pictures, ask them for evidence of who they are. Check those pictures against Google search. You know, I didn’t catch her with the pictures for I don’t know, seven or eight images, I think. And then I finally got on you may get lucky here. But it may still take time just keep playing the game. If you really believe this. Ultimately, I would say if you get a text message from someone that you don’t know, ignore it. Ignore it, blocked the number. That’s what I would do. If I were you. This is you know where we’re at. And this is costing people, millions and millions of dollars in some cases. So stay safe, stay secure and make sure you come back next week.
Transcribed by https://otter.ai