Podcast

05/13/2022 | Episode 37

The Pig Butchers of Crypto

NEW EPISODES!! On Digital Trust & Safety Insider, we chat with people on all sides of the fraud fight: anonymous hackers, FBI agents, analysts, rogue cyborgs, and even ex-fraudsters with surprising stories from inside the dark web. In an era of high-profile account takeovers and global, automated attacks against every industry, staying ahead of online abuse requires understanding the enemy from the inside out.

This podcast is presented by Sift, the leader in Digital Trust & Safety and the only real-time solution that aligns risk and revenue to end fraud at the source while unlocking new opportunities for growth.

Featuring

Jane Lee is a Trust and Safety Architect at Sift, who specializes in malicious websites, spam, misinformation, account/content abuse, chargebacks, and payments risk. Prior to joining Sift, she was on teams at Facebook and Square, and also spent some time as a Private Investigator. She is passionate about designing and operationalizing systems for detection and enforcement of fraud at scale.


Transcript

INTRO:

Welcome fraud fighters to another episode of the Digital Trust & Safety Insider podcast. Brought to you by Sift the leader in digital trust and safety.

 

Arwen Heredia (host):

Today, we’re joined by Jane Lee, Trust and Safety Architect at Sift. Jane specializes in malicious websites, spam, misinformation, and payments risk. And before joining Sift was on teams at Facebook and Square. Jane also spent some time as a private investigator, which turned out to be highly useful during a recent online sting operation, where she went undercover on dating sites to expose crypto fraudsters running what’s known as the pig butchering scam, a romance based scheme in which victims are fattened up by promises of love and money, only to be left financially and emotionally devastated. I’m your host, Arwen Heredia, and this is the pig butchers of crypto. So welcome Jane. Thanks so much for joining us.

 

Jane Lee (guest):

Thanks and hi, Arwen

 

Arwen Heredia (host):

Hello. So you have been speaking about evolving fraud all over the country lately, especially when it comes to attacks involving alternative payments. So what exactly is this pig butchering scam? How does it work? Who are the targets? What are we looking at?

 

Jane Lee (guest):

Yeah. So pig butchering scam, essentially, I think, first to dissect the pig butchering term, that is a term that’s been coined by the scammers themselves, and so basically they refer to their victims that they find on dating apps as pigs, which they then… I know it’s completely morbid, but their victims are the pigs, they fatten, they plumping them up and then they go in for the slaughter, again, honestly it breaks my heart that they refer to their victims in this way, but essentially pig butchering, marries crypto with romance scams, the traditional romance scams that we know, and so how it first starts off is, the scammers find their victims on dating apps, and then from there they quickly move over to an encrypted messaging platform, and so in this case, WhatsApp was one that was very commonly used and their whole reason for moving people over to another platform, one, because it’s encrypted, it makes it all the more challenging for any specific team to really monitor and what they are doing essentially is fragmenting their risks across different platforms.

 

Jane Lee (guest):

So they want to minimize the chance that they’ll be flagged on the dating app. They want to minimize the chance that they’ll be flagged by whatever traditional messaging platforms. And so once on WhatsApp, they start love bombing their targets, promising lavish gifts, telling them how beautiful they are, and then from there they insert some form of manipulation. They talk about how successful they are in business, they’re trying to pose as successful business people typically from overseas. And when we talk about this scam objectively, I think what listeners have a hard time understanding is that these aren’t happening in siloed phases, they’re all melding together.

 

Jane Lee (guest):

And so it really feels like a natural, part of any conversation that you would have with anyone you have a relationship with, and so from there, they then quickly or… What makes this scam unique compared to the traditional romance scams is, the technological sophistication, and so ultimately your scammer lover will direct you to a fake crypto trading platform that looks very similar to any legitimate trading platform, the values of cryptocurrencies are the same. So if you wanted to just crosscheck to see if the Bitcoin price, if Bitcoin said it was at $52,000 and you’d crosscheck that just by doing a Google search, it would check out, and so of course this platform is entirely managed by them. Initially you see high returns in your investment and then ultimately you’re just left in the dust when they’ve milked you for all your worth.

 

Arwen Heredia (host):

Let me understand a little bit more about how those fake platforms look. So are we talking, they’ve got an entire login system set up so that you go through the entire process of entering credentials and putting in financial institution information and all of those things that you would ordinarily, maybe, do to enter a platform like this?

 

Jane Lee (guest):

Yes and no. So how it works, there is an account creation process, so you create a username password. There is a pseudo verification process that they do have to emulate a legitimate verification or KYC, but it was not at all what your traditional financial institutions or FinTech even does. And then, you don’t have to enter in your bank information, but what the account has is a wallet, a wallet is essentially the account in which the crypto funds can be held in.

 

Arwen Heredia (host):

Gotcha.

 

Jane Lee (guest):

And so, the other thing that’s unique about this, is that in any legitimate case or account that gets set up, your wallet address is tied to you, it really shouldn’t be shared with anyone else, but we did some investigation and were able to track the transactions moving in and out of this particular wallet, and we saw up to $130,000, I believe, being withdrawn in this wallet that supposedly belonged to me.

 

Arwen Heredia (host):

Right. Wow. So I’m curious about the credential piece of this too, which is something we haven’t really touched on, but is it something that was thought about that they could then use that email and password combination that you had entered in that fake platform to then go attempt to hack other accounts that you might own?

 

Jane Lee (guest):

Yeah. I actually thought about this and for that very reason, I used a throwaway domain. So, there are plenty of disposable email addresses out there and I would not be surprised at all if they then retained the username and passer combinations and put it into their database. This is a story that we tell a lot when we talk about data breaches and how these criminals are known to have their own databases and it’s what fuels credential stuffing attacks, and so I did not go so far to verify that with this particular investigation that I did, but I think it’s very possible that they’re doing that.

 

Arwen Heredia (host):

Fascinating and terrible. I mean, fraudsters will fraud. How did you approach the situation when you were originally mapping out what this investigation was going to look like? What were your considerations?

 

Jane Lee (guest):

Yeah. It was interesting the way we started, basically, one of my roles is to stay up to date on emerging fraud trends, and so within our global data network or dating app network, I should say, we were flagged this anomalous type of behavior, and once I saw the accounts that we were looking at and the content that we were looking at, being the occasional dating app dabbler myself, I quickly recognized, “hey, I’ve seen this before and I’ve seen it everywhere.” And so from there, what I… Another part of what I’m supposed to do as part of my role is to make sure, hey, that our customers are protected against this. So, coordinating with the different product engineering and the customer teams that we do partner with or work with.

 

Jane Lee (guest):

And so that was my goal when I started out, I just want to know what they’re doing, what this process looks like, make sure that we are effective in this fight against them, and then it just evolved to what it is today. I would say now we’re doing a lot more advocacy on the dangers and the potential damage, but it didn’t start off this way, this was not my intention, but it’s been very interesting to just see it naturally evolve just based on what we were learning about how the scam was working.

 

Arwen Heredia (host):

Absolutely. And we’ve learned a lot, and one of those things I’m interested in and you sort of talking about is, why it is that you think that crypto scams and online dating make for such a dangerous duo?

 

Jane Lee (guest):

Yeah. I think it’s really a sign of the times. Most of the world is coming out of COVID lockdowns, well, I guess there are parts of the world that are going back into lockdown. We were cooped up for a year and a half, two years, and so I think there’s that angst amongst people to really want to connect, find a partner, it’s been a lonely time for a lot of people.

 

Arwen Heredia (host):

Sure.

 

Jane Lee (guest):

And so I think that driving the online dating app usage, and then the second part is cryptocurrency just being a really hot topic right now, everyone’s talking about it. I’ve started traveling for conferences again, and crypto is dominating all of the sessions that people want to learn about, that merchants want to learn about, and so I think that reflects what the consumers are looking at as well.

 

Jane Lee (guest):

And so the unfortunate case is that, I think, not just with crypto, but just financial literacy, so there’s a lot of crypto advocacy, but not everyone understands how it works, what type of activity is legitimate, what happens to funds once you send it, and so I think it’s a combination of the two, where you have folks that are lonely and then you have, on the other side of the coin, you’re hearing about lots of people becoming successful because they bought Bitcoin early, that’s a very common theme or story that is told.

 

Arwen Heredia (host):

It’s the new get rich quick method.

 

Jane Lee (guest):

Yeah. Exactly.

 

Arwen Heredia (host):

So speaking of the fact that many people don’t really know how to recognize these types of things and going back to what you said earlier regarding how the fake crypto platform looked legitimate enough, and so maybe for someone like you, who has a lot of experience here, you knew pretty quickly that was not a legitimate crypto platform, but for average folks, just on a dating site to be dating, they maybe aren’t going to notice that this is not going through the appropriate steps and not feeling like something is off in the same way. So what advice do you have for merchants and even trust and safety analysts who are working on behalf of their businesses to develop best practices for customers to help them better understand the fraud risks that they’re facing when they sign up on these types of platforms, what can we do to help people avoid getting put on the chopping blocks, so to speak?

 

Jane Lee (guest):

Yeah. On the merchant side, definitely these accounts are being created en masse, I believe. And it just really goes to show just based on how prevalent they are on the apps, and when I say merchants, I’m talking about the dating platforms, they need to be leveraging the signals that they do have on, let’s say account creation, if you see a bunch of similar looking accounts, either using the same device, creating these accounts that are getting flagged, are you leveraging that information, that data that you already do hold to do basically behavioral analysis and come to an accurate decision, so you prevent them from signing up or you prevent them from interacting with well meaning users on your platform? So really advocate for, on the business side, more proactiveness, looking at those signals, leveraging the correct technology to do so. On the consumer side, I feel like it’s every week you hear about, especially, I’m describing crypto as a part of the FinTech center, FinTech sector, excuse me, but you hear about a new startup popping up weekly.

 

Jane Lee (guest):

There’s a new startup that just got a series A, so it’s hard to keep track of what is legitimate. I haven’t heard of half of these new platforms had it not been for my job.

 

Arwen Heredia (host):

Totally.

 

Jane Lee (guest):

And so, I’m just doing a quick Google search, I would say, if you are given a particular platform name and your suspicious, the legitimate ones would usually have a presence on search engines. The ones that I was directed to by my scammer boyfriend, out of curiosity, I did a Google search and it wasn’t indexed by Google. So, that is a pretty telling sign.

 

Arwen Heredia (host):

Fascinating.

 

Jane Lee (guest):

Another thing, just look to see if they have a presence on an app store, there are plenty of legitimate platforms you can use, and the legitimate ones typically do have some sort of online presence. A few other things, similar to any type of relationship, avoid moving too quickly. I think it’s…

 

Arwen Heredia (host):

Advice across the [inaudible 00:15:26]

 

Jane Lee (guest):

And these criminals, they basically, when I talk about love bombing it, that is a psychological tactic, it really, on the victim’s end, everyone wants to hear that they’re loved, it’s a innate human thing to want, but I would say any good thing or any sustainable thing needs time, whether it be relationships or financial growth.

 

Arwen Heredia (host):

Investment.

 

Jane Lee (guest):

Yeah. The love bombing is a red flag, if someone just right off the bat is… I think mine basically told me that he wanted to plan a trip to Osaka.

 

Arwen Heredia (host):

Oh, that’s very quick.

 

Jane Lee (guest):

Yeah. And I was like, “whoa”

 

Arwen Heredia (host):

I mean, that’s very close to advice that we give to people all the time anyway, that basically, if it seems too good to be true, it probably is.

 

Jane Lee (guest):

Yeah. And, especially with finance and investments, I feel harsh for saying this, but it’s true, if it were that easy to be rich, we’d all be rich.

 

Arwen Heredia (host):

We would all be rich. Absolutely. Yeah. Anything unexpected that maybe came out as a result of you having this undercover adventure? I know that you’ve talked about it in a bunch of different places, conferences and other areas, but what didn’t we expect to happen?

 

Jane Lee (guest):

Yeah. I think a couple things that come to mind, firstly, I didn’t realize how close within just my personal network that this was happening, well actually I also learned, I have pretty good hype women friends, and so they were sharing my article when it came out and they were sharing the blog.

 

Arwen Heredia (host):

Wonderful.

 

Jane Lee (guest):

And I had several of them tell me that either their co-worker or their co-worker knew somebody, after seeing the coverage that we got for this, that was either a victim or they were currently being baited by these scammers.

 

Arwen Heredia (host):

Oh wow.

 

Jane Lee (guest):

And so I was really to find out how close to home it was hitting.

 

Arwen Heredia (host):

Yep.

 

Jane Lee (guest):

And then, in that same vein, I wasn’t expecting victims to come forward to me directly, and so on social media, I’ve been getting a lot of people contacting me, telling them that they too have encountered this and so, I think people have kept quiet about it until now because they do feel a sense of shame when they do realize that they were scammed out of this money, but I think that really is counterproductive to putting this to an end.

 

Arwen Heredia (host):

Absolutely.

 

Jane Lee (guest):

The advocacy is the missing piece here, and so, any chance that I have to talk about it, I’m happy save even one person from forking over their money.

 

Arwen Heredia (host):

Well, we really appreciate that and absolutely any light that you’re shedding on this kind of scam that’s happening any way that we can get the word out to help people and businesses protect themselves against these types of very exploitative attacks that are happening, and it does seem that given the influx of comments that you’re getting from your network, that this is spreading. So this is not something that’s going away anytime soon, this is a technique that is probably going to evolve even further. So thank you again for going undercover and taking that risk on behalf of folks and exposing what’s going on behind the scenes on these dating sites. Thank you, Jane so much for being on the Digital Trust & Safety Insider podcast today presented by Sift, the leader in digital trust and safety. For more fraud news, and insights from our team of trust and safety architects, follow us on Twitter @GetSift and check out our new fraud intelligence center at sift.com/fraud-center.

Your information will be used to contact you about our service and subscribe you to our direct marketing communications. You can, of course, unsubscribe at any time. Please see our Website Privacy Notice.