Pig butchering scams have already stolen hundreds of millions of dollars. And while attackers, mainly crime syndicates in China, have developed scripts and playbooks for carrying out the attacks, new findings from researchers at the security firm Sophos show how pig butchers are tweaking and refining their strategies to try to ensnare more unsuspecting victims.

Researchers found that to stay relevant and ensnare more victims in recent months, so-called pig butchering attacks are developing both more compelling narratives to draw targets in and more sophisticated tech to convince victims that there’s big money to be made. Even before these refinements, the scams were big business. The FBI’s Internet Crime Complaint Center received more than 4,300 submissions related to pig butchering scams in 2021, totaling more than $429 million in losses.

Sean Gallagher, the senior threat researcher at Sophos who led the investigation, followed two scam campaigns that had targeted him on personal accounts and devices. Beginning in October, he engaged with the scammers on Twitter DM and SMS text messaging to see where the rabbit hole would take him. 

“What was interesting was that, when I played them out, one was more ingenious on the technical side, and the other was more advanced on the social engineering side, but both seem to be having success,” he says. “Trying to deal with all of this is a big game of Whac-A-Mole.”

The first scam Gallagher studied began with a Twitter DM that simply said “Hallo.” He didn't respond until almost a month later, but once he responded with “Hello, sorry it has taken me so long to respond” the swindle was off and running. The attacker persona claimed to be a 40-year-old woman in Hong Kong, and the two began chatting. 

Gallagher told the persona explicitly that he is a cybersecurity researcher who investigates scams. “So you’re a cop?” the persona replied. When Gallagher said he wasn't, the conversation moved on. “Do you know the spot market of gold?” the persona asked. “The London gold spot market is a reliable platform. … I'm using this to make money.”

The interactions, known as “social engineering,” were relatively weak for a pig butchering scam, Gallagher says. The interactions were stilted, and even when the persona did things like sending flirty photos, the timing was always awkward and abrupt. At one point Gallagher told the actor that it was suspicious to bring up gold investments so early after first starting to talk to someone. “Haha, yes. Because I need to let you know what I am doing,” the persona replied.

Gallagher was surprised to find, though, that the scam's tech was much more compelling. Pig butchering scams are known for using sleek, legitimate-looking financial applications and dashboards to put victims at ease and build trust when they are considering whether to put money into the scheme. Scammers are ultimately hoping to bleed targets dry, convincing them to transfer all their savings, loans they can take out, and any money they can borrow from friends and relatives, so compelling tech that includes things like real-time markets data makes it more likely that victims will have the feeling of using a reputable financial services app.