Von „Pig Butchers“ und ihren raffinierten Methoden berichtet Satnam Narang, Senior Staff Research Engineer bei Tenable. | Satnam Narang, Senior Staff Research Engineer at Tenable, reports on pig butchers and their sophisticated methods. |
Die Zahl der Opfer des „Pig Butchering“ (deutsch: „Schweineschlachten“) wächst seit mehreren Jahren kontinuierlich und verursacht horrende finanzielle Schäden. Bei der Betrugsmasche handelt es sich um eine Form des Investmentbetrugs, bei dem die Täter vorab eine persönliche und vertrauensvolle Beziehung zu ihren Opfern aufbauen. Im folgenden Beitrag konzentrieren wir uns auf die Vorgehensweisen von „Pig Butchers“. Die Maschen von Cyberkriminellen werden immer geschickter und auch immer perfider. Eine beliebte Online-Betrugsmethode ist das sogenannte „Pig Butchering“ – eine Kombination aus emotionaler Manipulation und Finanzbetrug. Der Begriff „Pig Butchering“ wurde von Kryptobetrügern in Umlauf gebracht und stellt einen Vergleich zwischen den Opfern und Mastschweinen her. Ziel des „Pig Butchering“ ist es, mit Personen über einen längeren Zeitraum hinweg Kontakt zu halten, sie emotional zu binden und danach finanziell auszuschlachten. Bildlich gesprochen: Das „Schwein“ wird zunächst ausgiebig „gemästet“ und dann zur „Schlachtbank“ geführt. Allein in Bayern liegt der bisherige finanzielle Schaden für Privatpersonen bei ca. 29 Millionen Euro (Stand: März 2024). Die Zielpersonen sind in erster Linie jüngere Männer. Dabei folgen die Kriminellen in der Regel einem bestimmten Schema – und wenn man sich erst einmal mit der Vorgehensweise der „Butchers“ vertraut gemacht hat, können Betroffene den Scam leicht durchschauen. Im Folgenden nehmen wir das „Butcher Playbook“ genauer unter die Lupe. Schritt 1: Kontakt aufnehmen Schritt 2: Das regelmäßige Gespräch suchen Schritt 3: Vertrauen herstellen Schritt 4: Berufliche und finanzielle Lage schildern Schritt 5: Die Zielperson an ein Investment heranführen Schritt 6: Die erste Transaktion begleiten Schritt 7: Das „Schwein vollständig ausbluten lassen“ Fazit | The number of victims of pork-barrel scams has been steadily increasing over the past few years, resulting in staggering financial losses. The scam is a form of investment fraud in which the perpetrators establish a personal and trusting relationship with their victims beforehand. In the following article, we will focus on the methods used by the „pork butchers“. The scams used by cybercriminals are becoming increasingly sophisticated and insidious. One popular online scam is „pig butchering“ – a combination of emotional manipulation and financial fraud. The term „pig butchering“ was coined by crypto scammers and compares victims to fattening pigs. The goal of „pig butchering“ is to maintain contact with people over a long period of time, emotionally attach them, and then exploit them financially. Metaphorically speaking: The „pig“ is first extensively „fattened“ and then led to the „slaughterhouse“. In Bavaria alone, the financial loss for private individuals to date is approximately 29 million euros (as of March 2024). The criminals usually follow a certain pattern – and once you are familiar with the „butcher’s“ approach, it is easy for victims to see through the scam. Let’s take a closer look at the butcher’s playbook. Step 1: Make contact In the first step, the criminals set up a network of fake accounts on various dating, social media, and messaging services. Exactly how the initial contact is made depends on the platform. It can be assumed that the first messages are not even written by the „butchers“ themselves, but by so-called „herders“. They write to potential victims – for example, in direct messages on Instagram or after a match on Tinder via the chat function. They will then try to move the conversation as quickly as possible away from social networks and into a more „private space,“ typically a popular messaging service (WhatsApp, Telegram, etc.). Background: In most messaging services, there is little way to report a suspicious user. The „butchers“ then take over and dig deep into their toolbox as part of their sophisticated social engineering. Step 2: Look for regular conversation Cybercriminals are always looking for long-term contact. Constant „good morning“ and „good night“ text messages to the „pigs“ are the order of the day. The scammers construct a complete fantasy everyday life – including hobbies and work anecdotes – about which they exchange information with the victims. They enrich their messages with pictures. The images they send are usually AI-generated or stolen. Most strikingly, they cleverly craft their messages so that the other person is sure to respond – in many cases, they even ask for feedback directly. The goal is always to keep the conversation going as long as possible. Step 3: Build trust The key to success in this scam is to establish a deep emotional connection with the victim. To accomplish this, „butchers“ signal an excessive interest in their counterpart’s well-being. Diet is a popular hook: the scammers ask if you have eaten enough – and healthily – and like to send pictures of their own food. They may also offer to meet in the near future, for example at a restaurant. There have also been cases where cybercriminals have made contact by phone to make the conversation more authentic and build trust. Step 4: Describe your work and financial situation Work is a popular topic of conversation – especially in online dating. Therefore, it is not suspicious if the scammers talk a lot about their alleged work life. They gradually shift the conversation from their professional situation to their lucrative financial investments, trying to get an impression of how much expertise the chosen target has in traditional and alternative investment methods – and thus find out how likely they are to be taken in by the scam. Step 5: Introduce the target to an investment Now the criminals back up their story with concrete numbers. Among other things, they present candlestick charts that show a positive trend for certain assets. This gives the impression that their investments are very successful and profitable. At this point, they usually bring up possible investment options for the person they are talking to for the first time and offer their support. In most cases, the „butchers“ claim that a close confidant, such as a family member, helped them with their first investment. However, before the cybercriminals share their supposed knowledge about investing, they demand one thing – silence. If the previous work to build a solid foundation of trust has borne fruit, the fraudsters also get what they want. The „pigs“ view the arrangement with the scammers as a kind of secret that they share with a trusted person. Step 6: Accompany the initial transaction After the cybercriminals have spent enough time persuading, they gradually „lead the pig to the slaughter. If the careful manipulation has had the desired effect, the victims will finally dare to make their own investments. There are many ways in which the scammers extract money. Here is an example scenario: The „butcher“ first asks the victim to buy a specific cryptocurrency, for example via a popular crypto exchange such as Coinbase, Binance and Crypto.com, or via a decentralized exchange such as Uniswap, or via a peer-to-peer online payment platform such as CashApp and PayPal. The cybercriminal then shares a link to an alleged crypto exchange – but this is a fake platform that has been made to look deceptively genuine and is under their control. Through the supposed „online service“ of the platform, a wallet address is provided where the pre-purchased cryptocurrency is to be deposited. The deposited amount is then automatically transferred to another address – and thus directly into the „butcher’s“ pocket. Step 7: „Completely bleed the pig As mentioned at the beginning, the goal of pig slaughtering is not to take money just once. The goal is always to get as much money as possible from the same person. For this scheme to be successful, fraudsters must make their victims feel successful in order to prevent them from becoming skeptical. Cybercriminals constantly reassure their targets that their investment will soon pay off. They give them an early glimpse of the „profits“ they have made so far, and even give them access to a comparatively small amount of money – which the fraudsters can walk away with. This is how they keep up the facade. The crux of the matter is that the money that can be accessed has most likely been swindled in another „pig slaughter“ coup. Convinced of the supposed profits, the victims are more than willing to invest more money at this point – until there is nothing left and the cybercriminals leave them empty-handed to devote themselves to a new „pig“. The bottom line In the age of dozens of social media platforms and apps, caution is advised – because not everyone you meet online is well-disposed towards you. The „pig slaughter“ is a prime example of how online criminals are becoming increasingly ruthless in their scams – and are not afraid to inflict emotional damage on their victims in order to gain financial gain. If you encounter someone on the World Wide Web who wants to move the conversation too quickly and too urgently into a more private space – for example, a private WhatsApp chat – it’s time to „watch out! Alarm bells should go off when the conversation turns to a simple and highly profitable investment option. You would be well advised to learn all you can about the subject before placing your entire capital in the hands of a complete stranger. As tempting as the prospect of quick profits may seem, the wish is usually the father of the thought. |
Arne Lehfeldt, Systems Engineer und CTO Ambassador bei Dell Technologies, erklärt im Podcast Security, Storage und Channel Germany mit Carolina Heyder, warum Unternehmen keine Angst vor KI haben sollten. | Arne Lehfeldt, Systems Engineer and CTO Ambassador at Dell Technologies, explains why companies shouldn’t be afraid of AI in the Security, Storage and Channel Germany podcast with Carolina Heyder. |
Dr. Jakob Jung ist Chefredakteur Security Storage und Channel Germany. Er ist seit mehr als 20 Jahren im IT-Journalismus tätig. Zu seinen beruflichen Stationen gehören Computer Reseller News, Heise Resale, Informationweek, Techtarget (Storage und Datacenter) sowie ChannelBiz. Darüber hinaus ist er für zahlreiche IT-Publikationen freiberuflich tätig, darunter Computerwoche, Channelpartner, IT-Business, Storage-Insider und ZDnet. Seine Themenschwerpunkte sind Channel, Storage, Security, Datacenter, ERP und CRM.
Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM.
Kontakt – Contact via Mail: jakob.jung@security-storage-und-channel-germany.de