Axios Codebook

A long-running, romance-based crypto scam is getting more sophisticated and harder to stop, researchers and officials warn, Sam writes.

The big picture: Government officials have cautioned for years about a scam tactic known as "pig butchering" that's resulted in victims losing as much as half a million dollars at a time.

How it works: The scam typically begins with someone either starting a conversation with potential victims on a dating app or sending a text to a random phone number.

• In the latter tactic, scammers will send a message that says something like, "Hey, Jane, hope you're doing well," to engage their victim. After, they'll continue the conversation and claim that it's "fate" that they met.
• Once trust is established, the scammer will suggest the victim move the conversation to WhatsApp or Telegram, where the scammer will start to encourage the victim to invest in a fake crypto app.

By the numbers: The Federal Trade Commission estimated in a report last week that nearly 70,000 people reported a romance scam in 2022 and the reported losses hit $1.3 billion last year.

• 34% of those losses were tied to cryptocurrency-related romance scams. Another 27% involved victims sending money through bank wire transfers or other payment methods.
• The median reported monetary loss was $4,400 per victim.

Details: In a report Monday, Sean Gallagher, senior threat researcher at Sophos, uncovered a Hong Kong-based pig-butchering operation that highlights just how much thought criminals put into their scams.

• In this operation, the scammers approached Gallagher via a direct message on Twitter and even continued to engage with him after he disclosed his day job.
• Scammers requested he download a legitimate trading app, MetaTrader 4, from a fake Japanese bank website. When Gallagher asked why he couldn't download the app from the App Store or the Google Play Store, the scammers had a good excuse: The app is sanctioned in the U.S. since it was created by a Russian software company.
• As Gallagher started exploring the app, the scammer offered to introduce him to her "uncle," who she claimed was a former Goldman Sachs analyst, to help set up investments.
• Scammers also got ahead of most victims' thinking and optimized the Google search results for their fake bank website so it was listed higher than the actual, legitimate website.

Between the lines: Victims typically are highly educated people who have recently gone through a life-changing event, such as a divorce or an isolating health issue, Gallagher told Axios.

• Some victims Gallagher has spoken to are also "successful businesspeople" or IT professionals. Ages vary, but most are in their mid-30s to early 50s.
• "Most of these people were emotionally vulnerable because of their isolation or something else in their life situation," Gallagher said.

The intrigue: Pig-butchering scams originated in China, and most of them continue to have a connection to the region — making it much more difficult for law enforcement to crack down on the schemes.

• "China has been going after these operations in China, but they do not feel obliged to go after operations that are targeting people in third countries," Gallagher said.

Yes, but: Law enforcement is still trying to stop the scam in its tracks by targeting its infrastructure. In November, federal prosecutors seized seven domain names connected to ongoing pig-butchering scams.

Be smart: Be wary of online communications with strangers who promote a cryptocurrency investment or encourage moving the conversation to a WhatsApp or Telegram channel.

A new report from Mandiant found the majority of international cybersecurity decision-makers believe their organizations underestimate cyber threats and need to learn more about potential attackers.

Why it matters: Understanding the threat landscape and evaluating possible attackers could help to bolster organizations' cyber defenses.

Driving the news: Google-owned Mandiant released its first Global Perspectives on Threat Intelligence report yesterday, which it based on interviews with 1,350 business and IT leaders "who make security decisions for organizations with at least 1,000 employees."

• Its survey respondents were from 13 countries and 18 sectors, including financial services, health care and government.

By the numbers: The survey found that 67% of cybersecurity decision-makers believe their leadership teams underestimate cyber threats posed to their organizations.

• 79% said their organizations could spend more time and energy identifying critical trends in cybersecurity.
• 68% of respondents said their organization needs to understand more about the threat landscape.
• Only 53% said they could prove to their leadership team that their organization "has a highly effective cybersecurity program."

Yes, but: 91% said they had confidence in their organizations' preparedness to defend against financially motivated attacks, like ransomware.

What they’re saying: "Security teams believe they are missing real threats because their teams are struggling to cope with the data they must process, sometimes lacking sufficiently skilled personnel and not always knowing what to do with the information they have," the report’s conclusion said.

• "Until organizations begin to better process intelligence on threat actors, they will remain vulnerable to the always-increasing number of destructive and disruptive cyberattacks."

🐴 Included among Sunday’s Super Bowl commercials was the inaugural big game ad spot from cybersecurity giant CrowdStrike. It featured a giant Trojan horse and a pretty dark ending. (CrowdStrike)

✋ Cloudflare says it blocked a record-breaking distributed denial-of-service attack targeting its users over the weekend, saying the attack sent 71 million requests per second at its peak. (BleepingComputer)

🥤 The largest bottler of Pepsi beverages in the U.S. says it suffered a data breach in December involving information-stealing malware and the extraction of data from its IT systems. (Cybernews)

🍎 Apple released emergency security updates this week aimed at WebKit vulnerabilities that could be exploited to hack iPhones, iPads and Macs. (BleepingComputer)

📈 In a new report, cybersecurity firm Dragos says ransomware attacks against industrial organizations, and the manufacturing sector in particular, increased by 87% in 2022 from the year prior. (Bloomberg)

⏰ According to an excerpt from a letter shared with Axios, TikTok U.S. Data Security interim general manager Andy Bonillo announced the formal creation of TikTok U.S. Data Security as a new legal entity yesterday.

• The excerpt calls it "a significant moment that ensures U.S. user data security will be run independently" and says it will help TikTok "emerge as a leader in the industry for protecting our users' data." (TikTok)

There's been plenty of excitement around generative AI (expect more about this on Friday). But there has also been plenty of crowing over the myriad ways in which it can stumble.

According to a post on the Bing subreddit, one user purportedly asked the search engine, newly outfitted with chatbot capabilities, about local showtimes for "Avatar: The Way of Water."

• The conversation led to Bing repeatedly insisting it is the year 2022 and that the movie won't be released for another 10 months.