This blog is part of a series where we provide tools to assess your fraud detection capabilities against the most prevalent fraud and scam types.

From malware campaigns to complex scams, we analyze TTPs, Fraud Kill Chain mappings, and detection gaps.

This fifth episode delves into one of the most manipulative scams: Pig Butchering. Combining romance and investment fraud elements, we explore how the Cyber-Fraud Kill Chain can identify detection opportunities and gaps.

Pig Butchering vs Cyber-Fraud Kill Chain 

 
“Pig Butchering” is a horribly named scam. Sadly, the press and the industry have adopted the criminals’ vocabulary for this scam type, as it unfairly characterizes victims as animals being groomed for slaughter. For victims, the name might feel like an additional slap in the face. 

The scam is a combination of a romance scam and an investment scam. Often the investment opportunity is a crypto scam. Therefore, sometimes the name is used synonymously for romance, crypto, or investment scams. Initial contact processes vary, but building trust through romance is a large part of the criminal process.

When enough of a relationship is built, an investment opportunity will arise. Additional confidence is built with realistic-looking websites or even investment apps. Over time, the victim’s investment seems to yield. It’s only when they cash out, that they find the entire thing was a scam – and their money is lost. 

This fifth episode, for that reason, has some resemblance to our earlier articles on “romance scams” and “investment scams”.

Scam process steps:

1. Gaining Trust: Scammers start by building a relationship with the victim, often through social media, dating apps, or professional networking sites. They present themselves as knowledgeable professionals or seasoned investors. Also, “wrong number” messages are used as the initial contact. 
2. Pitching the Investment: Once they have established trust, the scammers introduce a lucrative investment opportunity, often related to cryptocurrency or other high-return ventures. 
3. Collecting Money: The victim is persuaded to invest money, with the scammer providing fake evidence of the investment’s success. This is done with realistic-looking reports, websites, or even apps representing a crypto platform.. 
4. Disappearing: After collecting a significant amount of money, the scammer disappears, leaving the victim without savings, and loss of confidence and trust. 

Our numbers show that Investment Scams have been on the rise in Q1 of 2024. Romance Fraud and Investment fraud combined is 26% of all fraud. 

About the Fraud Kill Chain 

The Fraud Kill-chain is a useful tool to identify detection opportunities and gaps. It allows anti-fraud teams to map capabilities to attacks and helps control a wide variety of fraud and scams.  

The Fraud Kill Chain mapping shares similarities with other scams: The early stages of the scam resemble Romance Fraud and the later stages with Investment scams. 

Pig Butchering vs Fraud Kill-Chain 

Detection Gaps and Opportunities 

Gap 1: Customer Journey Visibility 

In many scam attempts, device use and the transaction will seem completely benign. To detect behavioral aspects, it’s key to have Customer Journey visibility: all interactions happening between login and transaction. 

Gap 2. Web, Mobile, and App: multi-channel Visibility and Correlation 

Web and app adoption is increasing rapidly. This is why a detection stack should include customer journey visibility on any online channel: web, mobile, and app. 

Gap 3. Behavioral Biometrics 

Manipulation of behavior requires a different perspective. Behavioral Biometrics is the best technology available. It’s key to have multiple models:  

1. The “attack” perspective, spotting manipulation, pressure, and hesitation.  
2. The “individual use” perspective, detects when a customer’s interaction with the device is “different than normal”. 

Conclusion & Takeaways 

As scammers are raking in billions, anti-fraud teams are to perform the following checks: 

1. Check your detection processes for Customer Journey visibility 
2. Check if you have visibility on your online channels 
3. Consider adding in-channel behavioral biometrics technology to integrate into your detection process. 
4. Stay up to date with the threat evolution with mobile threat intelligence 

Detection Readiness workshop 

ThreatFabric helps banks and financials globally perform these analyses. If you’re interested in a detection readiness workshop contact us via the link below.