FinCEN alert on ‘pig butchering’ scams
In September, FinCEN issued an alert to warn the financial industry and the general public about a new scam trend on the rise: “pig butchering.”
The basic premise of this new scam type is not that dissimilar to other types in which the fraudster gains the victim's trust using false stories to make them believe there is a real potential partnership or relationship. Once they have the victim’s trust, they defraud them out of funds, often via virtual currency or foreign exchange. The reason the practice is referred to as “pig butchering” is the practice itself of building false trust, or “fattening up” the victim, and leading them to the theft of funds or assets — the “slaughter.”
Here’s what your financial institution should know about this new scam:
What does pig butchering look like?
Pig butchering typically starts out with a small investment that’s used to lure the victim into investing larger amounts.
Fraudsters may convince the victim to invest in virtual currency, directing them to websites that appear legitimate but are actually fictitious and operated by the fraudsters themselves. In many cases, victims are also convinced to purchase virtual currency to use in making investments.
There are also versions of the scam in which fraudsters will get victims to join online or mobile play-to-earn games for the sole purpose of stealing virtual currency from the players.
Once the investment has been made, fraudsters will show falsified, large returns on the investments to deepen the victim’s comfort with the fraudsters’ “investment opportunities.” The false promise of large returns also helps to increase victims’ investments exponentially.
Fraudsters continue to push for more investment until a victim stops providing funds, at which time the fraudsters will stop communicating with the victim, keeping any funds provided up to that point.
Pig butchering warning signs
FinCEN issued a fairly large list of behavioral, financial and technical red flags that financial institutions can watch for concerning this type of activity. A few of the most common ones to note in the guidance are:
1. A customer appears distressed or anxious to access funds to meet the demands or timelines of a virtual currency investment opportunity.
2. A customer uncharacteristically liquidates savings accounts prior to maturation, such as a certificate of deposit, and then subsequently attempts to wire the liquidated fiat currency to a virtual asset service provider (VASP) or exchange them for virtual currency.
3. A customer takes out a HELOC, home equity loan, or second mortgage and uses the proceeds to purchase virtual currency or wires the proceeds to a VASP for the purchase of virtual currency.
4. System monitoring or logs show a customer’s account is accessed repeatedly by unique IP addresses, device IDs or geographies inconsistent with prior access patterns. Additionally, logins to a customer’s online account at a VASP come from a variety of different device IDs and names inconsistent with the customer’s typical logins.
This activity will generally result in the filing of a suspicious activity report (SAR). FinCEN requests that if this activity is identified, and a SAR is filed, financial institutions use the key term “FIN-2023-PIGBUTCHERING” in the note to FinCEN field. Additionally, financial institutions should refer customers who may have fallen victim to such scams to the FBI’s IC3 and to the SEC’s tips, complaints and referrals system to report investment fraud.
How Wipfli can help
Wipfli is ready to help support your financial institution in detecting and reporting suspicious activity. Our specialists work to help you navigate the latest regulatory changes so that you can be confident in meeting your customers’ due diligence requirements.
Contact us today to learn more about how we can help you strengthen your compliance programs.
Sign up to receive additional financial institution content in your inbox, or continue reading:
