Sophos has released details about two still-active financial fraud groups that are scamming victims out of thousands of dollars from Asia. The Sophos report Fool's Gold: Dissecting a Fake Gold Market Pig Butchering Scam highlights the modus operandi of the so-called Pig Butchering or Sha Zhu Pan fraud rings.
A Hong Kong-based group runs a fake gold trading hub, another based in Cambodia with ties to organized crime in China netted fraudsters $500,000 in cryptocurrency in just a month. In both cases, the cybercriminals targeted Sophos Principal Threat Researcher Sean Gallagher directly via Twitter and text messages, instead of making initial contact via dating apps as usual.
Sean Gallagher on the principle of this form of fraud:
“We have been tracking and reporting on a subset of pig-butchering scammers called CryptoRom for two years. In this particular form of fraud, cybercriminals lure dating app users and entice them to make supposed investments in cryptocurrencies during a fake romantic relationship. But CryptoRom is really just the tip of the iceberg. Since the start of the pandemic, this type of cyber fraud has increased massively. Criminals no longer only attack their victims on all major social media platforms, but even via direct messages. In addition, they are no longer limited to cryptocurrencies, but also use transactions with gold or other currencies and commodities as bait.”
To analyze the first fraud involving a fictitious gold investment, Gallagher interacted with one of the criminals for three months after contacting them directly via Twitter. The scammer posed as a 40-year-old woman from Hong Kong and quickly tried to move the conversation to WhatsApp. From here, he tried to persuade Gallagher to invest on a fake gold trading platform and advertised it as “Uncle Martin”, allegedly a former analyst at the securities trading and investment banking company Goldmann Sachs. To do this, the criminal directed Gallagher directly to a website , which imitated the branding of a reputable Japanese banking company called Mebuki Financial, where foreign exchange and commodity trading services were to be provided.
Technically much more sophisticated fraud
Although the social engineering in this scam was less sophisticated than other cases investigated by Sophos, it shows a significant increase in technical sophistication. The criminals used a complex combination of very effective search engine optimization, sophisticated scam sites to “register” new clients on their fake Mebuki website, and a pirated version of a legitimate trading app (“MetaTrader 4”) with added malicious code to steal money from victims . The criminals have even actively upgraded their fraud infrastructure to avoid being shut down.
“Both fraud rings are still active and it is difficult to stop them. While we have flagged the domains and IP addresses used by the Hong Kong ring attackers as malicious, the scammers have already set up a new download infrastructure for their pirated version of the MetaTrader app, so it For us it’s a fight against windmills,” says Gallagher, commenting on the constant fight against the ever-new ways of fraud groups.
“Organizations are increasingly diversifying and selecting their victims across regions and platforms. The move from crypto to gold also shows how easily these groups can find a new niche. The best defense is to raise public awareness of this type of fraud. Alarm bells should ring for users when they receive SMS or direct messages from dating apps or social media channels from strangers who want to initiate a conversation and then prefer to switch to WhatsApp or Telegram. Especially if there are also claims about profits from cryptocurrencies or other businesses.”
Source:
Sophos
Also Read: Valentine's Day 2023: Tips to Protect Against Dating Scams
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

