Security Staff Acquisition & Development, Threat Management

‘Pig butchering’ crypto scams spotlight need for an evolution in fraud prevention for finance

Traders trade VIX contracts at the Cboe Global Markets exchange. The exchange was the first in the Unites States to begin trading Bitcoin futures. (Scott Olson/Getty Images)

An FBI warning Monday about the rise in a crypto scheme called pig butchering spotlights the need for financial institutions to implement more sophisticated fraud detection programs amid their own digital transformation efforts. 

Pig butchering scammers usually make contact and develop long-term communication with victims through various social media or dating applications. After winning victims’ trust over time, they convince the victims to invest in fraudulent cryptocurrency platforms. The fake websites or apps allow victims to track their investment and show huge gains, often spurring additional investment. 

While the general public need to learn to identify and avoid scams, “government, financial institutions, and security firms should also take the responsibility to manage the elevating risks,” Jan Santiago, deputy director of Global Anti-Scam Org, told SC Media. 

Indeed, though the scam targets consumers, the onus often lies with financial institutions to incorporate fraud prevention mechanisms that could flag suspicious transactions, particularly as digital transformation in recent years made it easier for scammers to conduct attacks. 

James Brodhurst, principal consultant at Resistant AI, said in a recent PaymentsJournal article that as fintech firms are leveraging software-as-a-service to expand reach of their business, they have to counter web-based fraud-as-a-service tactics deployed “at a level never before seen” and “with shockingly little risk.”

He said AI and machine learning tools can “push back and attempt to beat cybercriminals at their own game,” by boosting detection rates and protecting automated systems from compromised.

Global Anti-Scam Org also suggested banks and trading platforms enhance automated warnings, reminding investors immediately once a suspicious transaction is detected. Also, they should explain how a particular type of scam works in detail to the general public in order to raise security awareness. 

The latter point aligns with the FBI's own recommendations to consumers, which follow with general best standards: verify the validity of any investment opportunity; be on the lookout for domain names that impersonate legitimate financial institutions, especially cryptocurrency exchanges; misspelled URLs, often with a slight deviation from the actual financial institutions' website, should raise red flags; and don't download or use suspicious looking apps as a tool for investing unless you can verify the legitimacy.

To manage increasing vulnerabilities within the crypto market, financial institutions and cybersecurity organizations should increase their own recognition as well, taking the time to explore tools that might not typically factor into traditional banking systems, said Chen Arad, co-founder and chief operating officer at Solidus Labs, a crypto-native risk monitoring and market surveillance vendor. He specifically pointed to Web3 – the internet service that is built using decentralized blockchains. 

And given that recovery of funds after a crypto scam is executed is notoriously difficult, largely due to the  immutability and anonymity of digital currency, managing upfront risk becomes critical, Arad added. “Crypto is a major opportunity to transform and monitor financial risk.”

Menghan Xiao

Menghan Xiao is a cybersecurity reporter at SC Media, covering software supply chain security, workforce/business, and threat intelligence. Before SC Media, Xiao studied journalism at Northwestern University, where she received a merit-based scholarship from Medill and Jack Modzelewski Scholarship Fund.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.