We are all accustomed to reading about “pork” embedded in the legislation that comes out of Capitol Hill. The online scam known as “pig butchering” is something completely different.
The scam involves cyber thieves in various crevices of the world taking advantage of their online anonymity and sexual guile to swindle gullible marks out of their life savings. While less illustrative of the nature of the crime, these grifts are often referred to as “romance scams.”
Whether perpetrated in the real or cyber worlds, scams like these are nothing new. But what is new is the use of technology to reach a universe of marks instantaneously, as well as the scale and scope of the potential damage that can be done.
Romance scams reportedly raked in over $4.4 billion in 2023 — and just wait until artificial intelligence gets better. As more victims — particularly seniors — are relieved of their life’s savings by this and similar schemes, some have suggested banks that wire the money to fraudsters at the direction of their customers should be held responsible for the loss.
Requiring software creators, AI developers, network providers and commercial firms to strengthen their cyber defenses and be more responsible for breaches would help increase online security. But victims of romance scams are just people making what can at best be described as ill-advised financial decisions. Turning banks into financial hall monitors and making them responsible for customers’ foolish romantic mistakes would create more problems than it would solve.
At the very least, it would force banks to internalize the cost of these scams, causing all of us to have to share the loss. The average credit card rate is 20 percent, in part because 63 percent of credit card holders incurred $6.2 billion in fraudulent charges in 2024 for which they were not responsible.
Like ransomware, romance scams are low-cost crimes whose perpetrators have little chance of being caught. But there is a lesson to be learned from how governments have decided to handle ransomware attacks.
There were 478 million ransomware attacks worldwide per year between 2021 and 2023. Each ransom paid provided tangible validation of the attacker’s ransomware business model, whether the victim dug into his or her own pocket or had insurance to cover the loss. But as governmental and other targets increasingly stopped paying ransoms, the number of attacks fell by 51 percent. At their core, online criminal enterprises are businesses that need to make a profit.
Increasing technological literacy would help by sensitizing consumers to the suspicious tells that they should be watching for. But learning how to use technology correctly is an aspirational goal that we should place little stock in.
Banks could adopt procedures requiring a second sign-off before transfers of a certain size could be made, much like the protocols required to launch certain weapons. But that would complicate and slow down the wire process, undercut cheating spouses sucked in by such scams and infuriate those who prefer instant gratification when it comes to the delivery of money.
None of these band-aids, however, would address the fundamental insecurity of the internet and the never-ending gullibility of its users.
Like many other online frauds, romance scams can happen because there is no true authentication of any human being in cyberspace. Although two computers may identify themselves to each other, in most cases, no one knows who is at either end operating those machines — or if they are even human.
That contrasts sharply with our analog lives, where in order to do almost anything we must identify ourselves as real people who live at real addresses. We are required in that world to present passports when we travel, and obtain drivers, marriage, dog, fishing and hunting licenses. All you need in the cyber world is a computer that can be assigned a string of numbers known as an IP address. Until we fix the authentication problem — which we can — there is no chance of achieving effective online security.
Alongside authentication, real security also requires standard governance, with global regulators creating rules that can actually be enforced — just like real life. Failure to adhere to governance standards should result in the termination of a user’s online existence. That requires online cops, human or otherwise, and policing mechanisms that can enforce the rules using kill switches if necessary to eliminate rogue actors. Such standards are particularly important given that we (unwisely) share the internet with adversaries like North Korea, Iran, Russia, China, their proxy hackers, and every online scammer on the earth.
There are another 100 enhanced security measures that could be adopted, all of which add up to a big nothing if consumers, businesses and governments are not economically incentivized and willing to make the hard choices to reconstruct how cyberspace works. Given recent trends that reflect increasing distrust in governments, news outlets and large institutional financial intermediaries, online vulnerabilities will likely continue to increase exponentially.
That means cyberspace will continue to be the perfect playground for creeps looking for online “pork,” until the democratic nations of the world decide to rebuild cyberspace to more secure specifications. The chances that will happen soon are quite low, so good luck.
Thomas P. Vartanian is the executive director of the Financial Technology and Cybersecurity Center, and the author of “The Unhackable Internet.”
