Scammers seeking to con unsuspecting targets into giving up money under the guise of friendship or love are alive and well ahead of this Valentine’s Day, a researcher said in a report released Monday.
In the report from the cybersecurity firm Sophos, senior researcher Sean Gallagher detailed two recent so-called “pig butchering” scams — a macabre term for frauds in which scammers attempt to extract as much money as possible from their victims — he observed over the past 18 months.
In the first scam, Gallagher interacted with Hong Kong-based fraudsters who tried to convince him to download a fraudulent version of a Russian trading app and register with personal information and documents before ultimately moving money into the account.
Gallagher told CyberScoop via email this is the first time he’s seen a scammer focus on gold trading as a ruse, but the campaign shares other hallmarks of pig butchering scams: friendship and romance-related content, a fake app or website posing as a trading platform or some other wealth-producing plan.
The FBI warned in December that pig butchering scams were on the rise. The schemes not only cost victims millions of dollars annually, but can be so devastating that some victims have contemplated suicide.
In the case that Gallagher at Sophos investigated, the fraudster claimed to have an uncle who was a former Goldman Sachs analyst. Gallagher, who interacted directly with the scammer, was upfront about the fact that he was a cybersecurity researcher. After some reluctance, the scammer continued with the ruse.
The scheme also shared one big commonality with other scams researched by Sophos, which was the use of a fake version of the Russian trading app MetaTrader 4. Gallagher has seen the app abused in at least four other similar scams.
The fact that both Apple and Google pulled the app from its stores (reportedly due to Russia-related sanctions) is actually a boon for scammers, who can more easily convince a target to download it from a sketchy third party instead, says Gallagher.
Gallagher also investigated a Chinese fraud ring based out of Cambodia that ran a cryptocurrency trading scam using a fraudulent app made to appear like a real app called TradingView. In that scam, fraudsters took a more involved approach trying to gain Gallagher’s trust by frequently messaging him and sending photos and even video messaging with him. Gallagher observed that wallet addresses associated with the scam had taken in about $500,000 worth of cryptocurrency from victims over a one-month period.
Sophos says its shared information about the scams with Apple, Google and other companies that were impersonated or whose infrastructure was used for the scam. Gallagher also presented the data to U.S. law enforcement including the U.S. Secret Service and FBI. He notes that in the case of the gold scam, scammers simply moved on to new domains after he reported the original ones to relevant parties.
Both scams are part of an expanding family of fraud rings taking advantage of existing technology infrastructure and emotional cunning to gain the trust of victims seeking a quick return on investment or even companionship.
Earlier this month, Sophos reported two scam rings that approached victims on dating websites and then lured them into downloading counterfeit financial apps that be had successfully bypassed Apple App and Google Play stores security reviews. (Both companies took down the counterfeit apps after Sophos contacted them.)