The Scam Killchain
How modern, AI-enabled scams unfold — from choosing a target to laundering the proceeds. Pick a stage to see the tactics and techniques scammers actually use, with an analysis of where AI changes the economics for attackers and defenders.
Stage 1
Recon and Target Acquisition
Choose a target based on things like demographics, availability of data.
Through one real scam
Case study: Pig Butchering
Pig butchering is industrialized investment fraud: romance-scam rapport welded to a fake crypto trading platform. It isn’t a single incident but an archetype, run at industrial scale — much of it from scam compounds staffed by trafficked, forced labor working from scripts. Here is how that archetype walks the six stages of the killchain.
- 1
Recon
Targeting is wide-net rather than researched. “Wrong number” texts and attractive dating profiles go out at volume; anyone who replies becomes a target. The reply itself is the selection mechanism — it signals someone willing to chat with a stranger, the only qualification the next stage needs.
- 2
Resources
Two assets get built: a persona — an attractive, successful investor assembled from stolen photos — and the platform, a convincing fake brokerage with live-looking dashboards and fabricated returns. The victim is never asked to “send money to a stranger”; they’re invited to open an account on what looks like a real exchange.
- 3
Contact
The classic opener is an innocuous “wrong number” SMS that turns friendly when the victim replies. What follows is the defining feature of the scheme: weeks or months of daily, no-ask conversation. Trust is fully established before money is ever mentioned — this is the “fattening.”
- 4
Persistence
Once the victim invests, the platform takes over the manipulation. Fabricated profits appear; small early withdrawals succeed, “proving” it works. Then surprise “taxes” and “fees” freeze the account, each payment deepening the sunk cost while the visible (fake) balance makes walking away feel like abandoning a fortune.
- 5
Fraud event
The victim transfers money entirely voluntarily — buying real cryptocurrency on a legitimate exchange and sending it to the fake platform’s wallet. From the bank’s perspective the customer simply bought crypto, a legal transaction they initiated themselves, which is what makes the fraud event so hard to interdict.
- 6
Monetization
Monetization is hands-on: the scammer walks the victim through the crypto purchase and transfer. Once on-chain, the stolen funds are chain-hopped across currencies and pushed through mixers, making recovery effectively impossible.
Pig butchering is what scam industrialization looks like before heavy AI involvement: scripts, compounds, and coerced human labor substituting for automation. The bottleneck is the months of convincing, personalized, daily conversation per victim — precisely the work language models are good at. That is why we treat this archetype as a leading indicator for AI uplift.
Analysis
AI uplift analysis
The question isn’t where AI uplift is strong — it’s where strong uplift removes a human bottleneck. There, and only there, the threat scales.
Hot zones — human bottleneck × strong AI uplift
- Stage 1Recon and Target Acquisition — Researching each target by hand used to cap how many victims a crew could profile.
- Stage 2Resource Development — Producing fluent, native-quality lures and believable sites required skilled (often bilingual) labor.
- Stage 3Victim Contact and Engagement (Execution) — One-to-one engagement was the scam industry’s biggest labor cost — the reason scam compounds employ thousands.
The bottlenecks AI does not solve (persistence of scam, monetization) remain the chain’s most durable choke points for disruption.