Pig Butchering Red Flags
On 8 Sep 2023, the Department of the Treasury, Financial Crimes Enforcement Network (FinCEN) issued an alert to highlight a prominent virtual currency investment scam known as “pig butchering.” The alert explains the scam’s methodology; provides behavioral, financial, and technical red flags to help financial institutions identify and report related suspicious activity; and reminds financial institutions of their reporting requirements under the Bank Secrecy Act. FinCEN identified the following indicators (with the usual “no single red flag is determinative” caveat) and encouraged financial institutions to perform additional due diligence where appropriate.
Behavioral Red Flags
🚩 A customer with no history or background of using, exchanging, or otherwise interacting with virtual currency attempts to exchange a high amount of fiat currency from an existing or newly opened bank account for virtual currency or attempts to initiate high-value transfers to VASPs.
🚩 A customer mentions or expresses interest in an investment opportunity leveraging virtual currency with significant returns that they were told about from a new contact who reached out to them unsolicited online or through text message.21
🚩 A customer mentions that they were instructed by an individual who recently contacted them to exchange fiat currency for virtual currency at a virtual currency kiosk and deposit the virtual currency at an address supplied by the individual.22
🚩 A customer appears distressed or anxious to access funds to meet demands or the timeline of a virtual currency investment opportunity.
Financial Red Flags
🚩 A customer uncharacteristically liquidates savings accounts prior to maturation, such as a certificate of deposit, and then subsequently attempts to wire the liquidated fiat currency to a VASP or to exchange them for virtual currency.
🚩 A customer takes out a HELOC, home equity loan, or second mortgage and uses the proceeds to purchase virtual currency or wires the proceeds to a VASP for the purchase of virtual currency.
🚩 A customer receives what appears to be a deposit of virtual currency from a virtual currency address at or slightly above the amount that the customer previously transferred out of their virtual currency account. This deposit is then followed by outgoing transfers from the customer in substantially larger amounts.
🚩 Accounts with large balances that are inactive or have limited activity begin to show constant, uncharacteristic, sudden, abnormally frequent, or significant withdrawals of large amounts of money being transferred to a VASP or being exchanged for virtual currency.
🚩 A customer sends multiple electronic funds transfers (EFTs) or wire transfers to a VASP or sends part of their available balance from an account or wallet they maintain with a VASP and notes that the transaction is for “taxes,” “fees,” or “penalties.”23
🚩 A customer with a short history of conducting several small-value EFTs to a VASP abruptly stops sending EFTs and begins sending multiple high-value wire transfers to accounts of holding companies, limited liability corporations, and individuals with which the customer has no prior transaction history. This is indicative of a victim sending trial transactions to a scammer before committing to and sending larger amounts.
Technical Red Flags
🚩 System monitoring and logs show that a customer’s account is accessed repeatedly by unique IP addresses, device IDs, or geographies inconsistent with prior access patterns. Additionally, logins to a customer’s online account at a VASP come from a variety of different device IDs and names inconsistent with the customer’s typical logins.
🚩 A customer mentions that they are transacting to invest in virtual currency using a service that has a website or application with poor spelling or grammatical structure, dubious customer testimonials, or a generally amateurish site design.24
🚩 A customer mentions visiting a website or application that is purported to be associated with a legitimate VASP or business involved in investing in virtual currency. The website or application shows warning signs such as a web address or domain name that is misspelled in such a manner as to resemble that of another business, a recently registered web address or domain name, no physical street address, international contact information, or contact methods that include only chat or email.25
🚩 A customer mentions that they downloaded an application on their phone directly from a third-party website, rather than from a well-known third-party application store or an application store installed by the manufacturer of the device.
🚩 A customer receives a large amount of virtual currency such as ether at an exchange, subsequently converts the amount to a virtual currency with lower transaction fees such as TRX, and then abruptly sends it out of the exchange.
News Release: https://www.fincen.gov/news/news-releases/fincen-issues-alert-prevalent-virtual-currency-investment-scam-commonly-known
Alert: https://www.fincen.gov/sites/default/files/shared/FinCEN_Alert_Pig_Butchering_FINAL_508c.pdf
There are many other sources of pig butchering red flag indicators, e.g. the Department of Homeland Security, Immigration and Customs Enforcement, Homeland Security Investigations and the Association of Certified Anti-Money Laundering Specialists, Cornerstone, Issue #40, Apr 2023, contains red flags for traditional financial institutions and virtual asset service providers.
#childabuse #childexploitation #childprotection #childsexualabuse #childtrafficking #csam #csea #cybercrime #sextortion #sextrafficking #sextraffickingawareness #crime #fbi #intelligence #investigations #lawenforcement #nationalsecurity #osint #police #trafficker #trustandsafety #EndHumanTrafficking #humanrights #humantrafficking #humantraffickingawareness #humantraffickingprevention #modernslavery #amlcompliance #aml #moneylaundering #financialcrime #followthemoney #crypto #riskandcompliance #cryptoregulation #cryptocompliance #cryptocurrency