Showing posts with label scam. Show all posts
Showing posts with label scam. Show all posts

Monday, March 25, 2024

Pig Butchering Scam

Pig Butchering Scam

In recent times, the percentage of online fraud has increased. Therefore, it becomes crucial to understand the Pig Butchering Scam. From the idea of fattening a pig before slaughter the name of this scam has come. Hence, scammers convince people to invest more money in cryptocurrency. They try to act like it is a genuine chance for people. While such scams are spread throughout the world, these can result in big financial losses for victims. Once people invest their money, scammers will disappear after collecting it. Let's dig into the article to learn more about Pig-butchering Scam.

What is a Pig-butchering Scam?

A pig butchering scam is an investment fraud where scammers ask people to invest their money in profitable ventures. Usually, they give promises to provide high investment returns within a few months or a short period. They use fake images along with investment portfolios that are false. With the help of these, scammers try to convince victims to prove that their scheme is legal. As soon as victims believe this and invest a huge amount of money, after taking the money, scammers will disappear. As a victim, you were incapable of recovering your invested money.

This term comes from the idea that victims are fattened up with the promise of huge returns before "slaughtering" them for their money.

In this scam, a random person starts a normal conversation. Scammers could get a number of victims from a mutual friend. Sometimes, they act like they are unsure if they have the correct number. In this way, scammers try to engage the targeted person in conversation. In order to lure people, they use pictures of attractive women. In this way, scammers try to showcase their desire for romance to create trust so that they can set up a connection.

How the Pig-butchering Scam Works:

Like other investment frauds, this type of scan follows some steps using which scammers manipulate and deceive victims. They talk with victims about getting huge returns on their investments within a short period. Now, let's see how the pig butchering scam works.

  • Gaining a Victim’s Trust:

Scammers first try to act like seasoned investors or experienced professionals. Their aim is to gain the victim's trust. Scammers use online forums or social media platforms through which they keep themselves engaged with potential victims. Thus, they create trust in the people to achieve financial success. Besides, they add a layer of companionship to this scam. In this way, they are able to exploit victims' need for companionship for financial success.

  • Pitching the Investment:

As soon as scammers are able to gain the trust of people, they promise a great opportunity to get successful returns and reliable investments. It includes stocks, cryptocurrencies, or other financial instruments. While they use persuasive language, sometimes they ask people and try to convince them by saying that they need to invest money very urgently.

  • Collecting Money:

Once scammers succeed in persuading the victim, they will collect the invested money of those people. In order to make tracking harder for victims and other people, scammers often use cryptocurrencies or digital payment platforms.

  • Disappearing Completely:

When scammers have got the target amount from the victims, they will disappear. Therefore, people do not find them when they try to withdraw their money. Scammers generate new identities or delete the online existence. Therefore, it becomes challenging for victims to recover the amount they have invested.

Every step takes the victims into the web of lies of the scammers. Victims cannot identify the scam as they are emotionally invested also. So, they also could not be able to remove themselves from the situation.

How was the Pig Butchering Scam Carried Out?

  • In this scan, the “host" attempts to make contact with people via social media, dating apps, or deceptive messages.
  • After finding the target, called the “pig," the host tries to set up a friendship with the people so that they can encourage victims to explore cryptocurrency trading.
  • The host uses a fraudulent trading application to deceive the victim so that they believe they could gain profits from fabricated trades.
  • The more the trust of the victim grows, the host tries to persuade them to invest more money. This idea is called “fattening the pig" before the reveal of the scam.
  • As soon as victims try to withdraw their money, substantial fees are imposed by the fake platform. Because of the nature of blockchain transactions, it is quite impossible to retrieve lost funds.

Warning Signs of Pig Butchering Scams:

These are some warning signs of these scams:

  • You get “wrong number” texts
  • Someone asks you to download a "special" crypto trading
  • A match starts “love bombing” you on a dating platform
  • A friend asks you to invest money in exchange for a crypto
  • An online friend suddenly starts talking about crypto
  • Investment sites give tiers with at least investment amounts
  • The scammer begins trading with you
  • In order to gain trust, scammers use emotional manipulation
  • You get a quick and small return on your initial investment

Emerging Tactics— Group Chats And Social Engineering:

Nowadays, the emergence of modern tactics becomes more apparent because pig butchering scammers are adapting as well as refining their ideas continuously. They engaged victims earlier via one-on-one chat messaging. But currently, scammers are seen using group chats, which let them, cast a broader net. Also, in this way, scammers are capable of identifying potential victims with greater efficiency.

Creating Authenticity through Group Chat Interactions:

Scammers are often found sharing photos within the group chat as proof of their regular activities. It helps them to increase their credibility. Images highlighting their alleged earnings are also shared with the members of the group. They want to prove their success from their investments. Thus, they are capable of creating an illusion that everything happening in the group chat is real. So, it becomes challenging for potential victims to guess whether the investment is legal or not. It preys on the psychological phenomenon called social proof. Hence, people trust others' actions and follow them also when they see other people getting success in the group.

The Group Chat Strategy:

Scammers add many people to the groups centred around investment discussions. Thus, they can get the attention of the targets.  When the remaining people take an interest in investment, scammers make those people prime candidates for the scam. If someone leaves the group, they might know about the scam or are not taking any interest in investing. It prevents those people from being persuaded by the strategies of the scammers.

In the group, there are several people with different roles. Scammers have generated fake profiles of the chat group members in order to make this group more authentic. In this way, scammers can especially focus on those people who are likely to be more susceptible to their fraudulent schemes. Besides, it creates a situation where social validation is promoted. The reason is that potential victims watch others in the group discussing investment and not calling it out as a scam.

Suspect a Scammer is Luring You in— What To Do?

  • Break Off All Contact With The Scammer:

If you are the victim, you need to instantly stop every communication you have made previously across apps, social media, text and email. Ensure that you are not saying goodbye or sending any explanation. You definitely do not want to arouse their suspicions.

  • Block And Report Their Account:

In order to add credibility to such a type of scheme, scammers often use many digital "friends" of the host. Ensure that you are reporting each profile that is involved in the scam.

  • Change All Your Passwords And Login Credentials:

Suppose you have shared your account number or access codes for cryptocurrency accounts or online platforms. In that case, you have to generate new passwords which are not simple to hack.

  • File A Complaint With The FBI’s Internet Crime Complaint Center (IC3):

It lets you add particular details. Also, you can add supporting documents such as screenshots of email, text, and WhatsApp conversations.

  • File A Police Report:

You should give all details of the fraud to inform the law enforcement office in your local area. Also you are able to ask them in order to contact the crypto exchange.

  • Monitor Your Online And Financial Accounts For Signs Of Fraud:

In order to spot any unknown transaction, you must look into all the credit reports, bank accounts, and credit card statements.

How To Protect Yourself From Pig Butchering Scams:

These are a few things you need to do to stay safe:

  • You must not provide your private information to those you have met online only. Ensure that you are not giving your bank credentials or Social Security number (SSN).
  • If you haven't seen the person in real life or do not know them personally, you should not send cryptocurrency or money.
  • You should not add yourself to any investment site. Besides, you should not download an app because of someone whom you have met online. Remember that this app may deceive you despite seeming real. Scammers may control the app to impress you by saying that you are gaining profits.
  • Nothing is like "guaranteed returns." So, you should not believe any site or someone who promises you to give returns. Or don't trust any site that requests you to invest minimum amounts.
  • If you are unaware of the working process of crypto currency properly, you should not invest. Hence, it is better to take guidance from a person so that you can use the platform.
  • You need to be aware of the popular scams that are related to any app, exchange, or investment platform before being involved.

The Bottom Line:

The most effective thing you should now do is to remain proactive about your digital security. In addition, it is essential to be updated on the latest scams. Also, you need to monitor your credit. When many people get to know about these scams, scammers will succeed less.

Frequently Asked Questions

  1. What is the pig-fattening romance scam?

In this type of scam, scammers flirt with victims to gain their trust.

  1. What is pig butchering in AML?

Social engineering tactics are used by fraudsters in order to trick people in a way that they invest most of their money before knowing that the investment is a fraud.

  1. How do you protect yourself from pig butchering?

These are the tips you should follow to protect yourself:

  • You must not send money to someone you have met online only.
  • Ensure that you are not talking about your investment or financial position to anyone.

Tuesday, September 19, 2023

Business Email Compromise (BEC) Scams

Business Email Compromise (BEC) Scams

As long as email addresses exist, we will get to see email scams. Usually, security vendors & organizations are working to protect against the common phishing scam types. But cyber attackers always remain one step ahead, adapting their tactics to get around the established security controls. Let's learn about the Business Email Compromise, the short form of which is BEC.

 What Is Business Email Compromise (BEC)?

Business email compromise refers to a kind of cyber attack where emails are used by scammers to trick people into sharing confidential information or sending money. Hence, the cybercriminals act as a trusted figure. After that, they ask for a fake bill to be paid or some information that they can use in another scam. These scams are increasing continuously because of the increased remote work. According to the reports, about 20,000 BEC complaints were made to the FBI last year.

 How Does a Typical BEC Attack Work?

In the Business Email Compromise (BEC) Scams, an attacker can be seen acting like someone whom the receipt believes — mainly a vendor, boss or colleague. You should know that these attacks are hard to detect as they never use malware or malicious URLs, which can be analyzed with standard cyber defenses. These attacks depend on impersonation & other social engineering techniques for tricking people into interacting on the behalf of the attacker.

 The use of social engineering, along with the targeted nature, is responsible for making the manual investigation & remediation of the attacks difficult & time-consuming. These scams use different impersonation techniques like domain spoofing & lookalike domains. As domain misuse is a complex issue, the attacks are effective. It is difficult to stop domain spoofing, but more challenges can be faced when you try to anticipate each potential lookalike domain. You should know that these attacks do not require any tradecraft or any advanced tool for execution. Hence, we have given the process through which a typical BEC attack runs:

 Phase 1) Research & Identify Targets:

These attacks are mainly focused on the employees or executives authorized for making payments on behalf of the companies. Cybercriminals perform reconnaissance continuously over days or weeks. Generally, the BEC targets are CEOs, lawyers, & accounts payable personnel.

 Phase 2) Set Up the Attack:

While mass phishing emails follow a "spray and pray" approach, these BEC attacks come across as legitimate. Scammers perform different activities like spoofing email addresses or creating lookalike domains, impersonating reliable vendors, etc., to prepare for the attack.

 Phase 3) Execute the Attack:

The BEC attack may occur in an email or an entire thread based on the thoroughness of the adversary. Often, the communication uses urgency, persuasion, and authority to get a victim's trust. The perpetrator can offer wire instructions to the victim to make payment to a fraudulent account easier.

 Phase 4) Disperse Payments:

As soon as attackers get the money, they collect it quickly and disseminate it across many accounts. Thus, they can decrease traceability & retrieval chances. For cybersecurity incidents, rapid response times are very important. If any organization can't detect a successful BEC attack quickly, it's unlikely that the money is going to be recovered.

 Common Types of Business Email Compromise (BEC) Scams:

Five types of BEC attacks are there:

 CEO Fraud: Cybercriminals act as the company's CEO or executive and they send an email to a person or employee who works within the finance department. The email asks the individual to transfer money to an account that the attacker controls.

 Account Compromise: In this case, attackers hack an employee's email account to request payments to vendors. After that, they use the account to send payments to fake Bank accounts that they own.

 False Invoice Scheme: This tactic is used to attack foreign suppliers. Scammers act as the suppliers and request foreign suppliers to transfer money to the fake accounts.

 Attorney Impersonation:

It happens if a cybercriminal impersonates a lawyer or legal representative. In these kinds of attacks, mainly lower-level employees are targeted.

 Data Theft: HR employees are attacked in this case with the intention of getting sensitive information about someone who works within the organization, like CEOs and executives. After that, data is possible to be leveraged for future attacks like CEO Fraud.

 Common BEC Attack Techniques:

Five common attack techniques are as follows:

 Exploiting Trusted Relationships:

In order to exploit an existing trusted relationship, cybercriminals make a concerted effort. Exploitation might take multiple forms, like a vendor who requests invoice payments, an executive who requests iTunes gift cards, and many more.

 Replicating Common Workflows:

Countless number of business workflows are executed every day by a company and its employees. While multiple workflows depend on automation, many workflows are conducted over email. These workflows are replicated by the BEC attacks to fulfill their targets before victims get any idea.

 Suspicious Attachments:

These are linked to malware in email attacks. However, attachments which are used in these attacks can forego malware in exchange for fake invoices.

 Socially Engineered Content & Subject Lines:

BEC emails depend on subject lines that want to induce quick action. These are a few terms used in subject lines:

  • Request
  • Overdue
  • Hello FirstName
  • Payments
  • Immediate Action

Leverage Free Software:

In order to lend these scams, hackers use the software that is available for free. It assists emails in sneaking past security technologies that can block bad domains. For instance, SendGrid is used for making spoofed email addresses, whereas Google Sites are used to stand up phishing pages. Attackers use Google Forms & Docs to extract sensitive data from victims. Hosting fake invoices along with 0-day phishing links is possible by attackers in Google Drive and Box.

Things to know:

  • You must be aware of every information you share online or on social media. When you share your pet name, the school you attended, identity like profile links of your family members, and your birthday online, a scammer gets all the information they require to guess the password.
  • Ensure that you are not clicking on anything in a text message or an unsolicited email that wants you to update or verify your account details. Hence, you need to find the phone number of the company yourself instead of believing and using the phone number given by the scammer. After finding the number yourself, you should call the company to ask whether the request you have received is legitimate or not.
  • You must examine the URL, email address, and spelling used in any correspondence. Scammers trick you with little differences because they intend to gain your trust.
  • You have to be careful about what you download. There is no need to open an email attachment from those whom you do not know.
  • Try to set up two-factor authentication or multi-factor authentication on such accounts that permit it and never disable this.
  • You should verify the payment & purchase requests, or you can call the person to ensure that it is legitimate.

Protect Against BEC Attacks— How to do it:

You should know that a successful BEC attack is very costly and can damage an organization. But defeating these attacks is possible by taking some easy email security precautions, such as:-

Anti-Phishing Protections:

You should know that BEC email is a kind of phishing. Therefore, you have to deploy anti-phishing solutions to protect against them. This solution must be able to identify red flags of BEC emails, such as reply-to addresses that are not similar to the sender addresses. Also, it should be able to use machine learning to identify the email language to indicate an attack.

Employee Education:

These attacks generally target employees of a company. So, employees need to be trained properly so that they can learn how to detect a BEC attack and respond to it. Thus, it is possible to minimize the threat of this kind of phishing.

 Separation of Duties:

The attacks aim to trick employees so that they get involved in high-risk activities such as sharing sensitive information or sending money without verifying the request. Try to implement policies for these actions that need independent verification from a second employee. In this way, it is possible to reduce the risk of these attacks.

Labelling External Emails:

These attacks  want to impersonate internal email addresses with the help of domain spoofing or lookalike domains. You can try to configure email programs with the intention of labelling emails (that comes from the outside of the company) to defeat the tactic.

Conclusion:

Impostor emails are created for the purpose of impersonating a person whom your users trust and trick them into sending personal information or money to the cyber criminals.

Frequently Asked Questions

  • What are the different types of BEC?

Usually, there are two types of buckets under which the attacks fall: spear-phishing & social engineering attacks.

  • What is the most common type of BEC?

An invoice or urgent payment required scam is the most common type of BEC attack.

  • What is the biggest BEC attack?

The biggest Business Email Compromise (BEC) Scams to date is "Facebook & Google: $121m BEC scam".

 

Saturday, December 26, 2009

Scams and Stock Markets?


Whenever a bull market is over, a scam would emerge at that time. The person who is so bullish on that Market or a sector would be jailed because of scam. In 1992, Harshad Mehta a leading Stock Broker at that time was arrested for frauding some leading Banks and Financial Institutions.
In 2000, Ketan Parkeh, a leading Investor and operator of the Stock Market was arrested for swindling some Bank’s Money. In 2009, Ramalinga Raju of Satyam Computers was for cooking up his company’s accounts.
In US, Bernard Madoff, who was running a ponzi scheme based on Stock Market, was arrested for defrauding the Investors. In Germany also a major scam was known at that time. And also in all countries minor scams were unearthed.
Why scams are are being unearthed only during the start of the bear market or in middle of the bear markets. Let me explain the mechanism. During Bull Markets, price of stocks are moving steadily up. So, a confidence has been built over these years about the market that the price will go forever. Once the trend changes as no trend will continue forever, the scamsters failing to foresee the change in trend get trapped in their own landmines only to be blown away.
Don’t think any trend will be there forever.