How long can phishing last? Let’s look inside Pig Butchering Attacks
Pig butchering scams

How long can phishing last? Let’s look inside Pig Butchering Attacks

Welcome back to my weekly cyber security blog and I hope you all had a wonderful week. I’ve written several blog posts now talking about the basics of cyber security. I’ve talked about phishing, and lateral movement and how malicious hackers (threat actors) are financially motivated to steal our stuff. I thought that this week, as the evenings gradually get longer and the weather gets warmer (a little bit anyway), we could come away from the keyboards and take a step outside. I want to head to the farm, unfortunately not a real farm where we grow food, but a cyber security farm, where threat actors try to steal our money. I want to discuss and raise awareness about a type of cyber-attack which I don’t think enough people are aware of, my friends, this week, let’s talk pig butchering.

Phishing has evolved into pig butchering

Pig Butchering is a type of phishing attack that originated a few years ago, now operates from multiple southeast Asian countries and is growing increasingly common. So how did we go from fish to pigs? For all those who have been reading my blog (thank you and I genuinely appreciate it), I have talked about social engineering and specifically phishing. Now, whilst most phishing messages I talk about are related to companies, “I am from IT, please tell me your password so I can fix a problem.” Or “I’m from HR, please login to this portal to review your annual leave”. Or “I’m the CEO, please arrange this urgent thing”. What if a phishing attack just begins with “Hi John”.

Sometimes phishing is obvious, and sometimes it is very subtle, with the attackers beginning by building up trust and establishing a real relationship with the intended victim. With this type of attack, that is exactly what happens. A pig butchering attack is a slow attack which aims to steal as much money as possible over an extended period. It begins when the victim receives what appears to be a simple misdirected SMS or instant message saying something innocuous like, “Hi John” or “Thanks for dinner last night”, often sent with a beautiful profile picture for extra effect. The natural reaction for many people when they receive this type of communication would be to respond and tell the person they have the wrong number.

At this point I will highlight that the contact information for victims often comes from existing data breaches, so the attacker may well have multiple data points about the victim at the start. This combined with what can be gleamed from social media can reveal a surprisingly full picture of the victim and make it easier to gain their trust. Also, victims are often targeted when they are already struggling, perhaps after illness or bereavement.

Once the victim sends that initial reply to the attacker, they will use it to engage the person in further conversation over an extended period and gradually gain their trust. They may say they share hobbies or interests, have visited the same places, have children the same age, hold similar beliefs and value, or grew up in the same town. Over time through ongoing conversation, the victim revels more information to the attacker.

Change of conversation

Once the attacker has built up enough trust, they will begin to steer the conversation towards a financial opportunity. This is usually cryptocurrency but could be any type of financial investment. The attacker tells the victim about all the extra money they are making on the side through this great investment and that they want to share this with their friend.

At this point, many people would be suspicious if an online friend suddenly asked for money. However, in a pig butchering attack, the attacker does not ask for money directly. Instead, they recommend a great crypto or investment platform where the victim can setup and fully control their own account. The attackers go to great lengths to create legitimate looking services in the form of fully functional websites and even mobile apps in the app stores. These often show multiple downloads with high levels of positive reviews. The effort and attention to detail that goes into the design means even IT literate professionals carrying out due diligence into the services would be more likely to believe them.

The victim begins by sending a small amount of money into the platform, which will rapidly begin show them “their returns”. Through this very well-crafted fake investment platform, the victim gradually sends more and more money while watching the value of their investments rise for months. The system is designed to gradually persuade them with growing returns to invest more and more money (either the victims savings or borrowed money). They can even withdraw some money to feel reassured this is real.

At some point the victim will decide they have made enough money and it is time to cash out. So they submit their withdrawal request into the website, at which point their might be charged an exit or tax fee (a final attempt to steal even more), before the site, along with the victims money, and the attacker all disappear. Leaving the victim to discover that none of the returns were ever real and all their money is gone.

The detailed and complex fake financial platforms are what sets pig butchering attacks apart from other phishing cyber-attacks. That combined with stealing large sums of money over an extended period. The name refers to fattening the take from the victims before stealing everything. These have been enhanced and improved for years with threat actors having developed refined tactics and carefully tested scripts to lure victims in. From legitimate looking group chats, video calls with their new friend, some withdrawals and of course the website or app to see your investments, usually designed to mimic real financial institutions. According to information published in Wired, in 2021 the FBI internet crime unit recorded 4,300 pig butchering scams, resulting in losses of over $400 million – and that’s only those reported to law enforcement.

Throughout this post, I’ve used the word attacker. It is important to point out that the real attacker may not be the person the victim spends time video calling and chatting with. Often the real attacker is a cyber-crime gang, and the attacker that the victim is interacting with is another victim, often of people trafficking. With workers lured abroad with a fake job offers and then forced to work as part of the scam.

The main and most important defence against pig butchering attacks is awareness. The more people who know about this, the less victims there will be and the less profitable this is for threat actors.

I believe in our cyber security community and that by sharing and helping each other that we can all be safer. So, everything above is just my opinion, what’s yours? Please share in the comments below and stay safe.

It's sad that Pig Butchering has all the elements of a TV drama: Slow-Burn Suspense, Trust and Relationship, High-Stakes Deception, and the Shocking Twist. We need to share these stats and experiences.

回复

Thanks Jonathan Freedman for another insightful dive into farming :-). As I read through this article I was thinking of my children (the generations brought up in a world where crypto isn't a weird new digital currency rather a present and serious alternative to Fiat currencies) who are seriously vulnerable to influencer noise and could well fall for well-rounded scams like fake investment platforms (stress I'm not saying we can't). Suppose some (begrudging) credit to the scammers who are essentially well funded, well run and smart businesses - whereas earning an honest living ought to be something they are equally capable of I'm sure they find quicker spoils in their dishonest endeavor. They might argue they aren't trading in class A drugs - doh! There is little to no digital protection option against these scams. Awareness and Be-awareness are the keys. One of cyber securities biggest challenges is this cultural shift towards a more paranoid engagement with all things digital - you agree?. This is not easy. OK if I forward to Gen Z?

Phil Beesley

Cybersecurity and IT managed services expert with extensive experience helping businesses implement security and IT solutions.

8 个月

Great and insightful article. Is it ok to share with my network?

回复
David Ward

Very experienced Information Security professional, open to contract opportunities

8 个月

Great article which really brings out the fact that many of these bad actors are very patient and skilled and not always in it for the quick hits. What with phishes and now pigs, maybe we should all become Vegans, or is that when the Carrot and Stick scams come into play?

回复

要查看或添加评论,请登录

Jonathan Freedman的更多文章

社区洞察

其他会员也浏览了