Recently I was talking with some colleagues at a happy hour about ‘pig butchering,’ one of the more nefarious financial scams to emerge from Asia in recent years. In the high-tech long con, a stranger grooms an unsuspecting target through social media or text messages to invest in cryptocurrency. Like fattening a pig for slaughter, the ‘friend’ gradually convinces the target to trust in the relationship enough to take investment advice. After some encouraging returns, the target’s confidence grows. But what the pig butchering victim believes is the beginning of a lucrative opportunity crumbles once they’ve sunk in the desired margin of cash, and the stranger they thought was their friend vanishes with their money.
Sounds dumb, right? Who responds to an unsolicited text or chat from someone they don’t know? Let alone becomes their friend, let alone then sends them money? I was surprised to find out how pervasive this has become.
When I first heard about pig butchering from a (real-life) friend, she mentioned she personally knows someone who has lost six-figure money to this con. I was incredulous. How is this possible?
Why wouldn’t you just delete and block? I shrugged dismissively.
People are lonely, she replied, her dark eyes looking sad. They want to believe someone cares.
I started to argue. But then I stopped to consider all the cons that – once revealed – became obvious in retrospect. A social media hack, a gift card scam, a panicked phone call soliciting money on behalf of a relative who wasn’t actually in trouble, a click on an emailed link the recipient should have deleted. Every person groans later: I can’t believe I fell for that!
I wondered, is the epidemic of loneliness in the United States (as defined by the U.S. Surgeon General and with which I agree) really leading people to respond to fake “wrong number” texts and build friendships with strangers who may or may not be who they are purporting to be?
According to a study carried out by finance experts at the University of Texas at Austin and cited in a February 2024 Time article, global losses to pig butchering scams have already topped $75 billion. This is far higher than previously estimated. The same article said the United Nations believes 200,000 people are being held in so-called “scam compounds” in Southeast Asia and forced to carry out the ‘pig fattening’ (including in Burma, the country of our onward diplomatic assignment).
I’d no sooner gotten smug thinking I wouldn’t talk to strangers who texted me than I’d recalled my own dumb Facebook hack debacle of March 2023, perpetrated upon me by a stranger impersonating my friend. (More on that later.)
Fraud isn’t going away. And the people who are determined to get access to your money or personal information keep evolving and modernizing their methods. As technology emerges, new threats do too. And yet most of us still have a blind spot thinking it won’t happen to us.
Further reading:
‘Put Your Smugness Away. You Are Not Too Clever To Be Conned.’
Singletary, M. (2024) The Washington Post
*Consider the source… are you really sure who you’re talking to?
I have blogged about the way consular officers help U.S. citizens who become victims of crime or otherwise run into trouble overseas. Sometimes the subjects of our inquiries aren’t in need of our help at all though, and it’s the caller who has fallen victim to a scam – often with a foreign nexus – while sitting in their American living room.
Serving overseas, I have fielded calls from scared and angry Americans who believed their fiancés/fiancées were being held by pirates or denied treatment in a foreign hospital unless and until they paid exorbitant fees. One elderly caller thought their grandson had been kidnapped and couldn’t understand why the tens of thousands of dollars they’d wired to the ‘kidnappers’ hadn’t garnered his release. Have you reported this to the FBI or your local law enforcement? I asked. Well, no, the caller sputtered.
What did these situations have in common, after I spent time and energy working through each to potentially locate and identify a U.S. citizen in trouble?
The callers were being scammed for money by people they didn’t actually know. The first two callers had never met their supposed partners in-person, even though they presented those individuals in their conversation with me as someone they were going to marry. The pictures, messages, and relationship they had together – none of it was real.
Whoever the scammers really were, they were not U.S. citizens in my consular district requiring embassy assistance. What they were doing was trying to exploit someone’s emotions in long cons for a buck. Or sometime, lots o’ bucks; as it turned out, all the callers had sent massive amounts of money as requested, to try and ‘resolve’ one problem after another already for their beleaguered bethrotheds – something they were hesitant to disclose to me.
The callers were at first angry with me for not “helping,” then confused, and afterwards displayed an understandable kaleidoscope of embarrassment, shock, denial, bewilderment, shame, and anger. The third caller with the grandson? Who knows where the actual grandson was. Probably at a friend’s house, playing video games. But he was fortunately not in a burlap sack in the Mexican desert.
These scams aren’t new, but lots of people fall for them. The U.S. Department of State has a webpage informing citizens of some of the more traditional scams Americans fall prey to, including romance, grandparent, and lottery scams. I’ve seen all of these overseas (repeatedly) as an American Citizens Services and/or duty officer. We encourage Americans to report being scammed to the Federal Trade Commission (FTC).
*The losses are staggering
But how many actually report? According to the FTC, in 2023 Americans filed 2.6 million fraud complaints totaling losses of $10 billion across scam categories that included imposters, sweepstakes, investments, job opportunities, and online shopping. I don’t know where the scammers ultimately were located, but it’s safe to say that some were overseas, and some were right here at home.
You can dig more into the data, including subcategories and regional areas hardest hit, on the FTC’s dashboards. Realistically, actual loss figures are probably higher. The government can only report on the complaints it receives. Sometimes after you’ve been scammed, all you want to do is lick your wounds and forget it ever happened.
*Even the oldest and wisest (and the youngest and most tech-saavy) can be fooled
I pulled the below screenshot from the FTC’s data dashboard that I linked above.
As you can see, almost every age category complained most about online shopping scams. However, the highest age category – Americans 80 years old and above – most often fell victim to business imposters. This is concerning, because as of late 2023, over 51% of the total wealth in the United States was held by the baby boomer generation! Clearly, the scammers know this.
We can also see from the table above that boomers 70 and up had the highest median losses of any other age group – by more than double – and those 80 and up appear to be either less likely to report, or fewer in numbers. Either way, that just makes their average losses of over $1,400 more significant.
The FTC noted that the youngest people lost money more often, but when older people lost money, they lost the most. While statistically boomers may be more ‘able’ than Gen X or Millennials to lose that kind of money, the latter are still working, and we shouldn’t overlook that there are plenty of older people with limited financial means.
As we sat in the happy hour, I noted with appreciation to my colleagues that the bar had recently affixed QR codes to its tables for patrons to place individual or group orders by smartphone. As much as I had ignored those things in favor of handheld menus and a human server, I had to admit here it worked well. From the time I sat down to the time a beer arrived in my hand, less than five minutes elapsed (and most of that was probably me futzing with the menu on my phone). As opposed to my last visit at this particular place, I didn’t have to stand in line, try to figure out if there was table service, or chip in to cover a large bill I didn’t incur after the majority of folks had peeled off and gone home.
One of my younger colleagues pointed out to me that in some places, though, a scammer could easily replace the QR codes on the table with their own code to collect patrons’ credit card information. But here, he went on, they bring your drink right away, so you know it’s them. And you’re opening a tab by default and not paying until the end. But in general, I’m not a fan of these codes.
I frowned. It just figured that by the time I accepted the new way of doing things, it was already going to be a pain in my ass. Wow, so if I just paid and no drink showed up, I probably would be scammed and not even know it, as I sat and rolled my eyes about the slow service and lack of a beer.
That started a conversation at the table about the dumb ways we have all been scammed – one person mentioned being conned into paying for a rental application for an apartment that didn’t exist; another into making client outlays that didn’t get reimbursed because the client’s email had been hacked and he didn’t make the request. I was surprised that anyone could fool my colleagues. They’re young, they’re smart, and in their 20s, they’ve grown up in the world we’re inhabiting now (vs. having to keep adapting to it like everyone from elder Millennials-on up).
So in turn I shared a story that still makes me angry to this day: the March 2023 hack of my Facebook account. And I share it here because the way I resolved it has a direct nexus to diplomacy.
When my Facebook was hacked… I WhatsApp’d the hacker directly
In mid-March 2023, I was visiting my mom’s house after the difficult circumstances of my stepmom’s first failed pancreatic cancer surgery. I hadn’t intended to be at my mom’s house in California at all; the purpose of my west coast visit had been to stay in Washington state and help my dad and stepmom as my stepmom recovered from surgery.
Instead, she had asymptomatic COVID-19 on surgery day and they couldn’t operate on her. My dad needed to get her home to quarantine, and I needed to find somewhere else to be for my own health and safety.
So I made plans to head towards California the same day. Unfortunately, my engine light came on in Oregon a few hours later, and the following day after repairs were completed I got on the road so late I couldn’t make it the rest of the way. This gave me two extra days to quarantine alone. No symptoms appeared and all my tests were negative, so I finally arrived at my mom’s for a visit where a recent snowstorm had just hit.
During some of that visit, I was teleworking in my assignment for the Office of Children’s Issues on an east coast schedule, and getting up at 5:00 a.m. pacific time to sign on.
One particular morning around that time, I got a Facebook message from an old college friend and sorority sister asking for my help. I wasn’t totally surprised to hear from her at an odd hour. She probably thought I was back east, and even if not, her life had seemed unstable for the past several years.
After the unexpected death of her husband, she had slowly lost everything. Her home, her career in the finance industry, her stepdaughter. From what I could tell, she had descended into a lot of drug and alcohol use, and potentially even homelessness. Last I’d heard she had left the Bay Area and was back in Southern California. I’d been worried about her and was glad to hear from her. We’d once been close.
She said she was locked out of her Facebook account and asked me to help her get an authentication code to get back in. I dimly seemed to remember you could set people on your account back in the day to help you get back in if you were locked out. It made sense she might pick me. Someone you trust. Someone who isn’t going to screw you over, or go into your account behind your back.
I said sure. She asked for my email address, and I told it to her. She said I would get a code shortly. I did, and I copy/pasted it into our chat. She seemed in a hurry to get it, but I didn’t pick up on the urgency as a red flag.
Then after a few minutes, she asked me if I could send her some money by Cash App. Suddenly I realized she might be under the influence of drugs or alcohol, because she would have never asked me something like that in the past. I told her I needed to go into a meeting and I would talk to her later. She said she was sorry and didn’t respond further.
I went about my day and I didn’t think much about it, aside from sending a quick note to a mutual friend that her behavior was worrying me. I finished work around 2:00 p.m. pacific time and went down to Sacramento to see my best friend from high school. It was about a three-hour round trip drive. We had dinner out and we talked for hours. It was wonderful.
I made it back to my mom’s around 11:30 p.m. My mom was asleep. I went to the guest bathroom and started quietly washing my face and brushing my teeth. I needed to get ready for bed so I could get up early again the next day; it was already the equivalent of 02:30 a.m. eastern time!
As I was preparing for bed, I scrolled through the Facebook notifications I’d missed while with my friend for several hours. Suddenly, I was logged out of the Facebook app on my iPhone. That’s annoying, I thought. I tried to log back in, and I couldn’t.
Then, a barrage of email notifications with each subject line more bewildering than the last started popping up from my Gmail account.
Did you just add your phone number?
Did you just reset your password?
Did you just remove your phone number?
Did you just add your email address?
Facebook primary email address changed to (first)(middle)@merrypink.com
Did you just remove your email address?
And then, a sickening final subject line:
Someone may have accessed your account
I was dumbfounded. It slowly started to dawn on me what had happened.
When I’d been chatting with my friend 18 hours before, it hadn’t really been my friend. It had been a hacker in her Facebook Messenger account, posing as her.
And when they had asked me for my email address, they hadn’t been sending a recovery code for my friend’s Facebook account. They’d been requesting a recovery code for MY account so they could take over my account. That was the real reason they had asked for me email address.
The hacker had changed the email address, password, phone number, birthday, and all other bio data associated with my account, and reassociated my real information with a shell account – an empty profile with a very common name like “Sharon Nelson” or something like that. And they put two-factor authentication on my account to their own phone.
Facebook had notified me via email of the new phone number and email address associated with my account. But then quickly the hacker removed every one of my email addresses that had been associated with my account, so I stopped getting any further emails about my account. I was completely locked out.
I spent about six hours alone in my bedroom in the middle of the night in a panic, trying to be quiet. I tried to get into my Facebook from my work laptop, my personal laptop, my iPad. From my personal iPhone. From my work iPhone. All on my mom’s wifi which I had used to access my Facebook account on all of those devices in the past; all to no avail.
I was heartsick at not being able to access my profile or my messages. I had unread messages I had not had time to respond to yet. I had plans with people over the following days and no other way to reach out to them. I wanted to visit the profiles of friends and family and look at their pictures before I went to bed, and I couldn’t. I imagined the hacker reading my messages, contacting friends while pretending to be me, and even deleting friends who had died who I wouldn’t be able to request back. I felt like I was going to throw up.
I watched videos on YouTube of how to fix these kinds of problems. I went on Reddit. I went to the Facebook Help Center. I sent a bunch of desperate emails to Facebook with copies of my ID that never got a response. I tried to get into my account so many ways my account locked down and neither myself nor the hacker could access it anymore, which was bizarrely comforting.
Finally, I looked at the contact details for the hacker. The email address was obviously a throwaway, because it was my own real first and middle name at merrypink.com. But the phone number? It was Nigerian. It was his. And he was in Southern California.
I entered his phone number in WhatsApp, and bingo. He was a WhatsApp user.
I sat and thought about what to do next. Should I contact him? Hackers hide behind the screen. They are scary because they trick you, and they invade your privacy. But they are just people. I have his phone number, I thought. I wasn’t afraid of him; I was mad at him! He hadn’t been afraid to contact me and bother me at five o’clock in the morning. Who did he think he was? Would he threaten me or try to extort me?
But the situation and the way I felt about it was about much more than that oversimplification. Diplomacy isn’t about getting in someone’s face, or being tougher than they are, or letting them know they can’t mess with you. Yes, there are times you have to explicitly note the dissonance between what they say they’re doing and their actual behavior and respond accordingly from the position you represent (irrespective of the petulant reaction that may occur).
But there’s also an aspect of coming to the table in an uncomfortable situation. Of negotiating for what you want. Of influencing others’ behavior and safeguarding your interests without being unnecessarily inflammatory. Of sitting down and reaching across even when the relationship isn’t perfect and there is a limit to what you can say.
I can do this, I thought. This is what I do.
That was the moment where I decided to contact the hacker directly.
March 15, 2023, via WhatsApp
Me, 08:10: Hello. You changed my Facebook password, phone number, and email address. Can you please return my account to me? I need it.
Hacker, 08:10: I’m sorry someone used my number
Hacker, 08:11: I can actually help you
Hacker, 08:12: Where are you from ?
Me, 08:13: I would like my account back. I didn’t do anything to deserve this.
Hacker, 08:13: I’m not the one that hack your account
Hacker, 08:13: Someone used my number
Me, 08:14: Someone is using my account to ask my friends to send them money via CashApp. So why wouldn’t they use their actual phone number? How will they get the money if they are using someone else’s phone number?
Hacker, 08:14: The person must be a hacker
Hacker, 08:14: My account was hacked also
Hacker, 08:15: Trust me I’m a man of God
Me, 08:15: If you can’t return my account, we can’t help each other. God sees all. Good luck.
I hit send and held my breath. I didn’t believe for a second that I wasn’t talking to the person who hacked my Facebook. In five minutes, I had figured out he hadn’t likely distinguished me from any other users he had hacked that day.
But he may have revealed something I could use as leverage against him: religion. I was about to find out if I could use it to low-key shame him into giving me my account back. What happened next honestly did surprise me.
To be continued…
Collecting Postcards 
Cliffhanger!
LikeLiked by 1 person