BE AWARE OF CURRENCY INVESTMENT SCAMS.
September 2023, The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an alert to U.S. financial institutions and the broader public to bring attention to a prominent virtual currency investment scam called “pig butchering.”
These scams are referred to as “pig butchering” because they resemble the practice of fattening a hog before slaughter. The victims in this situation are referred to as “pigs” by the scammers who leverage fictitious identities, the guise of potential relationships, and elaborate storylines to “fatten up” the victim into believing they are in trusted partnerships. The scammers then refer to “butchering” or “slaughtering” the victim after victim assets are stolen, causing the victims financial and emotional harm. In many cases, the “butchering” phase involves convincing victims to invest in virtual currency, or in some cases, over-the-counter foreign exchange schemes —all with the intent of defrauding them of their investment. Pig butchering scams are largely perpetrated by criminal organizations based in Southeast Asia who use victims with the description “Pig Butchering.” Multiple U.S. law enforcement sources estimate victims in the United States have lost billions of dollars to these scams and other virtual currency investment frauds.
This alert explains the pig butchering scam methodology and provides red flag indicators to assist with identifying and reporting related suspicious activity that usually involves the initial contact with the victim through text messages, direct messages on social media, or other communication tools and platforms, usually under the guise of accidentally reaching a wrong number or trying to re-establish a connection with an old friend. The scammer, who may claim to be an investor or money manager, may also create a social media background, and a significant number of scammers who contact victims are likely victims themselves of human and labor trafficking rings operated by criminal organizations and are perpetrating such activity against their will. Scammers also use:
• Instant messaging services and text messages
• Professional networking sites
• Social media
• Dating sites
All of the above channels of communication are used to showcase wealth and an enviable lifestyle. Once the scammer elicits a response from a victim, the scammer will communicate with them over time to establish trust and build a relationship before the “Investment” Sales Pitch wherein the scammer will introduce the victim to a supposedly lucrative investment opportunity in virtual currency and direct them to use virtual currency investment websites or applications designed to appear legitimate, but which are fraudulent and ultimately controlled or manipulated by the scammer. This includes the use of legitimate applications with third-party plugins that allow the scammer to manipulate or falsify information presented to the victim. A scammer may also request remote access to the victim’s devices to register accounts with virtual currency service providers (i.e., virtual asset service providers, or VASPs) on the victim’s behalf, or instruct their victims to take screenshots of their device so that the scammers can walk them through the process of purchasing virtual currency. According to the FBI, many victims also report being directed to make wire transfers to overseas accounts or purchase large amounts of prepaid cards to purchase virtual currency.
NB: The use of virtual currency and virtual currency kiosks is also an emerging method of payment. Once a victim acquires virtual currency, the scammer directs them to “invest” the funds through investment websites or applications, although the funds are funneled to virtual currency addresses and accounts controlled by scammers and their co-conspirators. Occasionally, a scammer will leverage high-pressure sales tactics such as telling their victim that they will lose out on the opportunity if they do not invest by a certain deadline. A scammer may also encourage the victim to bring their friends and family to invest in the scheme. In more recent iterations, the scammer will invite the victim to join online or mobile games, advertised as “play-to-earn” games offering financial incentives to players, but which in reality are fake gaming applications created by the scammer to steal virtual currency from players.
The Promise of Greater Returns.
Once the victim invests with the scammer, the scammer will show the victim extraordinary returns on the investment that has been fabricated. The scammer may even allow the victim to withdraw a small amount of that investment to further build the victim’s confidence before urging the victim to invest more. Victims have been known to liquidate holdings in tax-advantaged accounts or take out home equity lines of credit (HELOC) and second mortgages on their homes in order to increase their investments.
The Point of No Return
When a victim’s pace of investment slows or stops, the scammer will use even more aggressive tactics to extract any final payments. The scammer may present the victim with supposed losses on the investment and encourage them to make up the difference through additional deposits. If the victim attempts to withdraw their investment, the scammer may demand that the victim pay purported taxes or early withdrawal fees. Once the victim is unable or unwilling to pay more into the scam, the scammer will abruptly cease communication with the victim, taking the victim’s entire investment with them.
Case Study:
In November 2022, the U.S. Attorney’s Office for the Eastern District of Virginia announced the seizure of seven domain names used in a pig butchering scam. According to court records, from at least May through August 2022, scammers induced five victims in the United States by using the seven seized domains, which were all spoofed domains of the Singapore International Monetary Exchange. The term “spoofed” refers to domain spoofing and involves a cyberattack in which fraudsters or hackers seek to persuade individuals that a web address or email belongs to a legitimate and generally trusted company, when in fact it links the user to a false site-controlled by a cybercriminal. The scammers convinced the victims that they were investing in a legitimate cryptocurrency opportunity. After the victims transferred investments into the deposit addresses that the scammers provided through the seven seized domain names, the victims’ funds were immediately transferred through numerous private wallets and swapping services in an effort to conceal the source of the funds. In total, the victims lost over $10 million.
You may be able to recover some of your losses by claiming the loss on your tax return. Be sure to tell your Tax Preparer about this loss as soon as possible as well as your financial institutions that your money was illegally stolen from you.
Michael B Nelson, Esq.