Wrong Number: How to Avoid Falling for “Pig Butchering” Cyber Scams
Most people can relate to the experience of getting texts or phone calls from random numbers. They don’t always sound harmful. They might sound like they’re genuinely trying to reach someone, saying things like: “Is this Linda from the dry cleaners?” or “Hi ___, Jack has to miss soccer practice this evening.”
This might just be a type of social engineering attack, or cyber scam to steal money or information through a means of manipulating human emotion.
Although some social engineering tactics involve triggering your fight or flight response like kidnapping scams, seemingly innocent random texts (called pig butchering) aim to use your empathy against you.
“Fattening Up” Victims
It might be a gruesome name, but “pig butchering” was named after the way farmers fatten up livestock before slaughter. This refers to the way scammers coax victims into trusting them, by inventing elaborate and seemingly genuine scenarios.
Many times, when victims get these texts, their instinct is to simply reply with “I think you have the wrong number.” This would be your first mistake, but what comes next is important.
Once you reply to a pig butchering scammer, it sends the message that you’re willing to communicate with them. They might already know a great deal about you, as these scammers can be very specific to gain your trust.
Ultra-Targeted Information
They may mention that they’re from the same hometown as you. They could mention a “shared” interest of yours to reel you in. It’s important to never underestimate the lengths scammers will go to gain your trust while texting you.
Fake Romances to Lure Victims In
Sometimes, scammers will target those who might be suffering from loneliness, and could even “catfish” them into thinking they are in a romantic relationship.
After several months or even years of constant communication, victims become infatuated with the attention they receive, causing them to place undeserved trust in scammers.
Once Victims are Hooked, Scammers Go in for the “Kill”
Once they’ve created a bond, however fake, with their victims, they will attempt to get you to do something. However, this doesn’t always sound like a scam. They might urge you to invest your money into something, claiming it’s for your benefit alone. They are often very skilled at creating scenarios that don’t seem like they’re looking to steal from you.
Some victims have reported losing thousands or hundreds of thousands of dollars to these scams, after “investing” in a fake stock trading app. Others are fooled into handing off money in person for a seemingly legitimate business, cause, program, investment, etc.
Elaborate Crime Networks
The worst-case scenario for pig butchering victims looks a bit more sinister. Sometimes, victims are tricked into travelling to a location for a job or meeting, only to be kidnapped and forced into elaborate scam networks.
This has happened to multiple people who lived to tell the tale, citing foreign crime networks where captives are forced to scam others online under false pretenses. This scales the scam business through forced labor, making the issue worse and more widespread.
Why Businesses Should Be Concerned About Pig Butchering Scams
You may wonder if you have anything to worry about for your business in regards to pig butchering scams. However, this does not only affect individuals or just the non-tech savvy. Everyone and anyone can be fooled by these scams, which can also destroy businesses if scammers get their way.
One bank failed due to a pig butchering scam, due to a high-level executive wiring money to seemingly purchase crypto currency. Scammers convinced Heartland Tri-State Bank CEO Shan Hanes to wire money for a fake crypto currency investment.
Hanes stole $47.1 million in bank funds for at least 11 wire transfers, which were not questioned by employees due to his authority and reputation. This led to the bank’s insolvency and failure, and all of the money went straight into a scammer’s pocket.
This scenario shows the importance of training and scam awareness to prevent other businesses from falling victim to convincing scammers. After all, social engineering is designed to be very persuasive, targeted, and financially devastating if hackers are successful.
The Basics of Avoiding Social Engineering Tactics
You might not be able to block any unknown phone numbers from texting you. However, there are safeguards that can lessen your chances of falling victim to social engineering.
How to Spot Phishing, Vishing, and Smishing
To combat scams, malicious links, phishing emails, and pig-butchering messages, it's important to know common tactics or signs. Aside from obvious misspellings and errors, there are signs such as panic-inducing urgent messaging to look out for.
Follow the four "SLAM" rules that outline phishing red flags. SLAM stands for "sender", "links", "attachments", and "message". To read an in-depth explanation of these rules, check out our blog: SLAM Dunk Your Email Security with These 4 Rules to Live By.
How AI Can Fool Even the Tech-Savvy
AI kidnapping scams have made a stir in the news along with common scenarios used to elicit an emotional sense of urgency. People like a Philadelphia lawyer have fallen victim to a targeted scam where hackers find specific details about targeted individuals to manipulate them.
It only takes a few seconds for cybercriminals to create AI version of the voices of loved ones, like in this case. They can then be used to trick parents and loved ones into wiring bail money or other emergency funds right to criminal pockets.
What's more, money is often converted into crypto currency so it cannot be traced or recovered once transferred.
These scams are designed to be sophisticated enough to fool even the most tech-savvy. To learn how to combat AI fishing scams, read our article: What is Social Engineering? Attacks, Techniques, and Ways to Avoid It.
How to Optimize Your Overall Security Posture
Along with pig butchering, there are endless cyber threats to businesses to be aware of. A few examples include:
- Phishing scams, or spoofed emails containing malware or social engineering messaging
- Smishing attacks, or SMS social engineering
- Endpoint attacks, when hackers attempt to gain access to business networks through connected devices
The good news is there are many steps you can take to combat these threats. Anti-phishing tools, threat detection services, and security awareness training are all proactive cybersecurity measures you could implement through your managed service provider(MSP).
Many businesses hire either MSPs, or managed security service providers (MSSPs) to assist them in creating a cybersecurity strategy with adequate security measures. To learn the difference between MSP and MSSP services, read our blog: MSP vs MSSP: What’s the Difference?
To learn what other tools should be included in your cyber attack survival kit and how outsourced tech support can help, click the button below for our exclusive cybersecurity essentials pdf.