Pig Butchering Scams: A Rising Enterprise Threat Every CISO Must Understand

Pig butchering scams are no longer just targeting individuals. They now pose a significant risk to the enterprise.

When "CY," a Bay Area professional coping with a family crisis, received a friendly WhatsApp message from someone posing as a former colleague, he didn’t suspect a multi-million dollar fraud was beginning. Over several weeks, trust was built through daily conversation. He was eventually guided into a fake cryptocurrency platform that mimicked real market behavior. By the time the scammer vanished, CY had lost $1.2 million.

Pig butchering scams combine long-term social engineering with crypto fraud. They use emotional immersion to exploit human error. These scams involve romance fraud, fake investment platforms, and high-touch manipulation. The FBI reports that investment fraud losses reached $4.57 billion in 2023, a 38% increase from 2022. Of that, $3.96 billion was tied to cryptocurrency fraud.

The U.S. Department of Justice seized over $112 million in assets in 2023. These funds were linked to coordinated pig butchering operations that leveraged fake trading platforms and multilingual grooming tactics (U.S. Department of Justice).

This article explains how pig butchering scams work, why they are so effective, and what security leaders can do to reduce enterprise exposure.

What Is Pig Butchering?

Pig butchering is a form of long-term social engineering. Attackers build emotional trust with victims and then guide them toward fraudulent financial platforms that closely resemble legitimate trading tools.

These scams typically begin with a casual message. A wrong-number text, a greeting on WhatsApp, or an unexpected introduction on a dating app opens the conversation. The attacker presents themselves as a friendly financial advisor or a potential romantic partner. As the relationship progresses, the victim is introduced to what appears to be a high-return investment opportunity.

The platform looks authentic. It displays market activity, tracks returns, and sometimes allows small withdrawals. These features create a sense of legitimacy and encourage deeper investment. Once the victim has committed a substantial amount of money, the scammer cuts off contact and disappears.

The term “pig butchering” comes from a Chinese phrase that means fattening the pig before slaughter. In this context, it reflects the weeks of emotional grooming and escalating financial commitment that lead to the final act of fraud.

How Pig Butchering Works

Pig butchering scams unfold through a series of calculated psychological steps. Each stage is designed to build emotional trust, establish perceived legitimacy, and escalate financial commitment over time.

Initial Contact

The scam often begins with a message that feels accidental or friendly. A text that says “Sorry, wrong number” or a casual greeting is used to lower suspicion. The goal is to spark a natural response and begin a conversation.

Relationship Building

Once contact is established, the scammer invests time in building rapport. They share personal stories, express interest in the target’s life, and slowly introduce financial topics. These conversations are structured to build credibility and emotional connection.

Investment Introduction

As the relationship develops, the scammer presents a lucrative investment opportunity. Victims are guided to professional-looking platforms that mimic legitimate trading apps. These platforms simulate real market activity, display fake profits, and may even allow small withdrawals. This staged success reinforces trust and encourages the victim to invest larger amounts.

Withdrawal Barriers and Disappearance

Eventually, when the victim attempts to withdraw funds, they encounter obstacles. Unexpected fees, fake tax requirements, or technical issues are introduced to delay action. These barriers serve as stalling tactics while the attacker prepares to disappear. When the victim realizes the platform is no longer accessible, the fraud is complete.

Pig butchering is designed to be slow and convincing. Victims are not rushed or threatened. Instead, they are persuaded over time to make what feels like a rational financial decision, even as the entire experience is being manipulated.

Common Tactics Used in Pig Butchering Scams

Pig butchering scams succeed because they combine emotional manipulation with staged technical credibility. Each tactic is carefully designed to build trust, escalate engagement, and isolate the victim from outside influence.

Fake Investment Platforms

Scammers use websites or apps that closely mimic legitimate financial services. These platforms include real-time charts, account dashboards, and responsive support interfaces. Victims see fabricated returns and may even be allowed to make small withdrawals. These false signals reinforce the belief that the investment is real.

Emotional Anchoring

Attackers present themselves as financially successful, supportive, and relatable. They often share personal stories about career struggles, family goals, or investment wins. These details are used to build emotional alignment with the victim. Over time, the victim becomes invested in the scammer’s success and feels personally connected to the relationship.

Urgency and Exclusivity

Victims are often told that they must act quickly to take advantage of a limited-time opportunity. The scammer may say, “This is only available to a few people” or “You are the only person I trust with this.” This pressure is designed to override due diligence and decision safeguards.

Isolation from Outside Input

Scammers often suggest that the victim keep the investment confidential. They claim the opportunity is part of a test group, a pilot program, or a private network. This isolation strategy reduces the chances that someone else will question the situation or identify the fraud in progress.

Dynamic Response to Doubt

If a victim expresses hesitation, scammers adjust their approach. They may pause the investment pitch and focus more on emotional engagement. If questions arise about the platform, the scammer might provide fake documents, fabricated testimonials, or staged screenshots. This flexibility helps maintain control over the interaction and extends the duration of the scam.

These tactics are designed to work in combination. Victims are not simply deceived. They are gradually convinced they are making informed choices, even as each step is engineered to manipulate trust and escalate loss.

Who Is Targeted by Pig Butchering?

Pig butchering scams are engineered to be highly adaptable, but they’re not random. Attackers pursue individuals who are emotionally available, financially resourced, or strategically positioned within an organization. Within the enterprise, these scams often focus on employees with privileged access or decision-making authority.

Roles with Elevated Access

Employees in finance, operations, or IT are frequently targeted. These individuals often control payments, vendor interactions, or system access. Attackers begin with personal messages, often sent outside of work hours. By the time financial topics are introduced, the attacker may already understand which tools the victim uses and how internal processes work.

High-Urgency Decision Makers

Professionals in fast-moving roles, such as executive assistants, client services leads, or operations managers, are especially vulnerable. These individuals are accustomed to making quick decisions. When scammers create artificial urgency, these targets may act before validating the situation.

Blended Communication Environments

Many scams begin on personal devices or apps but quickly blur into work-related risk. A single emotionally charged compromise can result in credential reuse, installation of malicious files, or unintentional disclosure of enterprise data. Scammers exploit behaviors like using the same passwords across systems, relying on unprotected remote tools, or sharing access informally.

Once a foothold is gained, the attacker escalates. They may impersonate an executive, manipulate payment approvals, or exploit internal workflows using insights gathered during the grooming phase. Information such as team structures, software platforms, and naming conventions is reused to execute highly targeted attacks across departments.

The impact rarely stops with one employee. These scams can spread through access and relationships, leading to lateral movement, data exfiltration, and coordinated fraud on an enterprise scale.

Pig Butchering vs. Other Social Engineering Attacks

Pig butchering is part of a broader category of social engineering threats. However, it stands apart in both duration and psychological complexity. While many attacks rely on speed and pressure, pig butchering is built on patience, trust, and long-term engagement.

The table below compares pig butchering to other common social engineering techniques.

‍

A New Approach to Social Engineering Defense

Traditional defenses are not designed to catch attacks that unfold over weeks through emotionally persuasive, cross-channel communication. Pig butchering scams bypass phishing simulations, static training, and basic detection tools because they do not rely on urgency or technical exploits. They rely on human trust.

Dune Security’s User Adaptive Risk Management platform is purpose-built to detect and disrupt social engineering at the human layer.

Instead of relying on outdated training modules or one-size-fits-all simulations, Dune continuously evaluates individual user risk. The platform ingests intrinsic data such as role and tenure, combines it with behavioral feedback from red team exercises, and correlates signals from across your security stack, including IDAM, EDR, and DLP.

Our User Adaptive Risk Management platform replaces outdated phishing simulations and security awareness training tools with continuous, automated defense tailored to each employee. By leveraging intrinsic data (role, tenure), behavioral feedback (red team testing), and signals from across your security stack (IDAM, EDR, DLP), Dune equips security teams to proactively detect and disrupt social engineering attacks before they escalate.

This adaptive model enables security teams to:

• Detect early indicators of manipulation
• Surface behavior changes that signal risk escalation
• Automate detection workflows based on user-level signals
• Respond before an attacker gains persistent access or financial control

By replacing outdated awareness tools with continuous, individualized defense, Dune helps organizations identify social engineering threats that other tools miss.