ALL YOUR IT. SIMPLIFIED.
Cybersecurity for middle market operations
Do you know what questions to ask when you're looking for an IT firm? We're here to help. Get the free guide delivered right to your inbox:
Proofpoint tracks multiple threats known as Sha Zhu Pan, or “Pig Butchering” threats. These are confidence-based threats similar to romance scams. The threat actors lure a victim into depositing cryptocurrency into a fake cryptocurrency exchange. The threat actor steals the money. These threats are typically managed by a large industry of professional fraud actors. They can be initiated on dating apps, or social media platforms, or via text messages. Proofpoint researchers have spent the last three months engaged with numerous threat actors and developed detections to combat this growing threat. Based on interactions the threat actors do little, if any, reconnaissance in the target selection phase Threat actors are trained to not click links. All attempts to send them tracking links were met with rebuke and often resulted in being blocked.
In the last three months, they have conducted several interviews with threat actors.
These attempts were more for verification of information. They verified the following:
The fraudulent cryptocurrency exchanges are hosted on legitimate hosting services and so far appear to be isolated events. The threat actors use a number of methods to lure victims into creating an account, including phishing pages hosted on legitimate web hosting services, fake mobile apps in which users are prompted to enter credit card information, and social media accounts that look legitimate but which promptly transfer victims’ funds into a wallet that is controlled by the threat actors. The threat actors will then subsequently use this wallet to purchase Bitcoin and Ethereum, making these transactions irreversible.
They note the following:
Unverified data suggests that threat actors have profited in excess of $3 million USD since 2017. They have also observed a decline in victims of this scam as a result of increased awareness and greater control put into place by major cryptocurrency exchanges, such as Coinbase and Binance.
Despite this decline in victims, they still see a high volume of these threats being perpetrated online. In fact, it is believed the volume is on-par or possibly increasing due to the relatively low barrier to entry for fraudsters to host fake websites on legitimate services for as little as $4 per month.
