On 9/8/23, FinCEN issued an alert on a prevalent Virtual Currency Investment Scam commonly known as “Pig Butchering”. FinCEN’s Pig Butchering alert addresses “Pig butchering” scams which resemble the practice of fattening a hog before slaughter. “Victims invest in supposedly legitimate virtual currency investment opportunities before they are conned out of their money. Scammers refer to victims as “pigs,” and may leverage fictitious identities, the guise of potential relationships, and elaborate storylines to “fatten up” the victim into believing they are in trusted partnerships before they defraud the victims of their assets—the “butchering.””.
FinCEN’s Pig Butchering Alert explains that:
- The victims in this situation are referred to as “pigs” by the scammers who leverage fictitious identities, the guise of potential relationships, and elaborate storylines to “fatten up” the victim into believing they are in trusted partnerships.
- The scammers then refer to “butchering” or “slaughtering” the victim after victim assets are stolen, causing the victims financial and emotional harm. In many cases, the “butchering” phase involves convincing victims to invest in virtual currency, or in some cases, over-the-counter foreign exchange schemes—all with the intent of defrauding them of their investment.
- The Pig butchering scams are largely perpetrated by criminal organizations based in Southeast Asia who use victims of labor trafficking to conduct outreach to millions of unsuspecting individuals around the world. Multiple U.S. law enforcement sources estimate victims in the United States have lost billions of dollars to these scams and other virtual currency investment frauds.
FinCEN’s Pig Butchering Alert depicts how a Scammer performs “Pig Butchering”:
- Scammer makes initial contact with a potential victim through text messages, direct messages on social media, or other communication tools and platforms, usually under the guise of accidentally reaching a wrong number or trying to re-establish a connection with an old friend. The scammer, who may claim to be an investor or money manager, may also create a social media profile which showcases wealth and an enviable lifestyle. Once the scammer elicits a response from a victim, the scammer will communicate with them over time to establish trust and build a relationship.
- Scammer introduces the victim to a supposedly lucrative investment opportunity in virtual currency and directs them to use virtual currency investment websites or applications designed to appear legitimate, but which are fraudulent and ultimately controlled or manipulated by the scammer. This includes the use of legitimate applications with third-party plugins that allow the scammer to manipulate or falsify information presented to the victim. A scammer may also request remote access to the victim’s devices to register accounts with virtual currency service providers on the victim’s behalf or instruct their victims to take screenshots of their device so that the scammers can walk them through the process of purchasing virtual currency. According to the FBI, many victims also report being directed to make wire transfers to overseas accounts or purchase large amounts of prepaid cards to purchase virtual currency. The use of virtual currency and virtual currency kiosks is also an emerging method of payment.
- Scammer directs the victim to “invest” the funds through the investment websites or applications, although the funds are funneled to virtual currency addresses and accounts controlled by scammers and their co-conspirators.
- Scammer will leverage high-pressure sales tactics such as telling their victim that they will lose out on the opportunity if they do not invest by a certain deadline.
- Scammer may also encourage the victim to bring their friends and family to invest into the scheme or invite the victim to join online or mobile games, advertised as “play-to-earn” games offering financial incentives to players, but which in reality are fake gaming applications created by the scammer to steal virtual currency from players.
- Scammer will show the victim extraordinary returns on the investment that have been fabricated. The scammer may even allow the victim to withdraw a small amount of that investment to further build the victim’s confidence before urging the victim to invest more. Victims have been known to liquidate holdings in tax-advantaged accounts or take out home equity lines of credit (HELOC) and second mortgages on their homes in order to increase their investments.
- Scammer will use even more aggressive tactics to extract any final payments. The scammer may present the victim with supposed losses on the investment and encourage them to make up the difference through additional deposits.
- Scammer may demand that the victim pay purported taxes or early withdrawal fees. Once the victim is unable or unwilling to pay more into the scam, the scammer will abruptly cease communication with the victim, taking the victim’s entire investment with them.
FinCEN’s Pig Butchering Alert provides 15 Red Flag Indicators for Financial Institutions
- A customer with no history or background of using, exchanging, or otherwise interacting with virtual currency attempts to exchange a high amount of fiat currency from an existing or newly opened bank account for virtual currency or attempts to initiate high-value transfers to VASPs.
- A customer mentions or expresses interest in an investment opportunity leveraging virtual currency with significant returns that they were told about from a new contact who reached out to them unsolicited online or through text message.
- A customer mentions that they were instructed by an individual who recently contacted them to exchange fiat currency for virtual currency at a virtual currency kiosk and deposit the virtual currency at an address supplied by the individual.
- A customer appears distressed or anxious to access funds to meet demands or the timeline of a virtual currency investment opportunity.
- A customer uncharacteristically liquidates savings accounts prior to maturation, such as a certificate of deposit, and then subsequently attempts to wire the liquidated fiat currency to a VASP or to exchange them for virtual currency.
- A customer takes out a HELOC, home equity loan, or second mortgage and uses the proceeds to purchase virtual currency or wires the proceeds to a VASP for the purchase of virtual currency.
- A customer receives what appears to be a deposit of virtual currency from a virtual currency address at or slightly above the amount that the customer previously transferred out of their virtual currency account. This deposit is then followed by outgoing transfers from the customer in substantially larger amounts.
- Accounts with large balances that are inactive or have limited activity begin to show constant, uncharacteristic, sudden, abnormally frequent, or significant withdrawals of large amounts of money being transferred to a VASP or being exchanged for virtual currency.
- A customer sends multiple electronic funds transfers (EFTs) or wire transfers to a VASP or sends part of their available balance from an account or wallet they maintain with a VASP and notes that the transaction is for “taxes,” “fees,” or “penalties.”
- A customer with a short history of conducting several small-value EFTs to a VASP abruptly stops sending EFTs and begins sending multiple high-value wire transfers to accounts of holding companies, limited liability corporations, and individuals with which the customer has no prior transaction history. This is indicative of a victim sending trial transactions to a scammer before committing to and sending larger amounts.
- System monitoring and logs show that a customer’s account is accessed repeatedly by unique IP addresses, device IDs, or geographies inconsistent with prior access patterns. Additionally, logins to a customer’s online account at a VASP come from a variety of different device IDs and names inconsistent with the customer’s typical logins.
- A customer mentions that they are transacting to invest in virtual currency using a service that has a website or application with poor spelling or grammatical structure, dubious customer testimonials, or a generally amateurish site design.
- A customer mentions visiting a website or application that is purported to be associated with a legitimate VASP or business involved in investing in virtual currency. The website or application shows warning signs such as a web address or domain name that is misspelled in such a manner as to resemble that of another business, a recently registered web address or domain name, no physical street address, international contact information, or contact methods that include only chat or email.
- A customer mentions that they downloaded an application on their phone directly from a third-party website, rather than from a well-known third-party application store or an application store installed by the manufacturer of the device.
- A customer receives a large amount of virtual currency such as ether at an exchange, subsequently converts the amount to a virtual currency with lower transaction fees such as TRX, and then abruptly sends it out of the exchange.
FinCEN’s Pig Butchering Alert reminds Financial Institutions of their fraud reporting responsibilities
In addition to filing a SAR, financial institutions are encouraged to refer their customers who may be victims of pig butchering to the FBI’s IC3: https://www.ic3.gov/ and may also refer their customers to the Securities and Exchange Commission’s tips, complaints, and referrals (TCR) system to report investment fraud: https://www.sec.gov/tcr. In the case of elder victims of pig butchering, financial institutions may also refer their customers to DOJ’s National Elder Fraud Hotline at 833-FRAUD-11 or 833-372-8311.
Financial Institutions ought to recognize that accountability and enforcement are at the forefront of FinCEN’s path
FinCEN’s mission is to safeguard the financial system from illicit use, combat money laundering and its related crimes including terrorism, and promote national security through the strategic use of financial authorities and the collection, analysis, and dissemination of financial intelligence.
FinCEN states that financial institutions, including depositary institutions, money services businesses, casinos, and others, must maintain an effective risk-based AML/CFT compliance programs that allow them to effectively detect and report suspicious activity involving financial crime. FinCEN works with law enforcement, Federal functional regulators, national security agencies, and foreign counterparts to implement an effective AML/CFT regime.
Who is your Corporate Governance Expert?