This is ‘Pig Buchering’, the new love scam that encourages victims to invest in cryptocurrencies

Oct. 27 (Portaltic/EP) –

A group of researchers has analyzed a new attack called ‘Pig Buchering’which consists of encouraging victims to invest in cryptocurrencies once they have gained their trust using the same strategy than in the scams of love.

The ‘Romance Scam’ The love scam is a social engineering attack that consists of tricking another person into believing that there is an online love relationship between them. To do this, the attacker create a fake profile by stealing photos of other real people and, once they know that the victim thinks they have fallen in love, they convince him to make bank transfers.

The main difference between the ‘Romance Scam’ and the ‘Pig Buchering’ –which translates as ‘Slaughter of pigs’– is that, in the second case, the scammers abuse the trust of the victims for them to invest in cryptocurrencies.

Of Chinese origin, this ‘online’ crime has managed to position itself as one of the main attacks by social engineering in non-english speaking countries. So much so that the United States Federal Bureau of Investigation (FBI) published a notice last April indicating that it was becoming increasingly popular.

In fact, according to data collected by the Global Anti-Scam Organization (GASO), victims lose about $122,000 (around 121,000 euros) on average with these frauds. In addition, two thirds of those affected are women between the ages of 25 and 44.

The cyber security company Proofpoint has carried out an investigation to know the procedure of these cybercriminals and how far they can go with these ‘online’ scams.

First, the threat start with a conversation with a stranger on social networks, who contacts the victims claiming to have changed their phone number, among other excuses.

Once they have received the response from this contact, they are very effusive and they start sending photos of where they are or what they are eating, to give some reality to a seemingly innocuous conversation.

Over time, attackers they claim to have a godfather, usually a friend or relative, who has helped them discover pleasures such as traveling and other plans. In line with this more intimate contact, they suggest continuing the conversation on messaging platforms such as Telegram or WhatsApp to have greater privacy.

Once they got the phone of their victims, they can send suggestive selfies and encourage victims to participate in this media file sharing. Scammers may also refer to a friendly relationship to keep in touch.

After this second step, they mention their mentor again as the solver of all their economic problems, and they convince their victims to talk to him and find a way to earn money easily and quickly.

This is when the other malicious actor comes into action, although it can also be the same person who started the fraud. This user sends the victim technical documents related to investing in cryptocurrencies and offers to help them set up a Coinbase or Crypto account.

This kind of guidance is usually given in a chat group, usually on WhatsApp, Discord or Telegram, which also includes other people who have allegedly benefited from an investment in cryptocurrencies. Likewise, the “mentor” shares crypto tips to give more credibility to the scam.

As Proofpoint researchers have been able to verify, once victims reveal their phone number, they begin to indiscriminately receive invitations to private groups related to the cryptocurrency business.

This would indicate that cybercriminals share lists of victims randomly, without taking into account how these victims are distributed in their groups.

Finally, they are all redirected to a website or a fraudulent mobile application. The scammers then encourage them to buy a small amount of cryptocurrency, usually on Coinbase.com or Crypto.com.

They are then prompted to submit a screenshot of the investments and are encouraged to spend an amount less than $1,000 during a certain period of time. Then, they are advised that whoever makes these transactions will receive a corresponding reward of 10 to 20 percent of the money spent.

As time goes by, the attackers require transfers of greater volume, what theoretically is increasing their digital wallets, when in reality they are only losing money with these movements.

If there comes a time when victims refuse to continue investing due to lack of funds, the scammers even encourage them to take out loans, refinance their homes or sell shares they own.

The deceived people also do not seem to have the right to withdraw all the money they have left, as the threat actors they explain that they can only withdraw a small amount resorting to problems such as taxes or international law.

Finally, they are threatened with share your images or videos previously sent or report them for tax fraud in case they do not intend to continue carrying out economic transactions. When all their money has been withdrawn, the fake website and its domain are finally closed, to set up another website for new victims.