What a Pig Butchering Scam Really Looks Like

Figure 1. How a pig-butchering scam escalates across channels, from the first message to the final ask.

How a pig-butchering scam escalates across channels, from the first message to the final ask.

What makes it so effective is that no single message appears fraudulent. There is no malicious link in “Hi, nice to meet you.” The danger is the pattern, not the payload, and it unfolds across four or five channels before any money moves.

Each stage along that arc is a chance to step in, and the chance is greatest early. A check at the first friendly message is the best moment to catch it. By the time the request to send money arrives, it is usually too late.

The victim is a person, not a statistic

It is worth slowing down here. A pig-butchering victim is not a careless mark. In a large share of cases, they are someone moving through a hard season, such as a recent death, a divorce, or a stretch of loneliness. The companionship feels real because, to them, it is. When they mention the new relationship to friends or family, they are often met with suspicion or a quick dismissal. So they stop talking about it. The conversation with the scammer becomes the one place they feel they are not being judged, which is exactly what keeps them in it.

That dynamic, isolation paired with embarrassment, is the engine of the scam. It is also why warnings that arrive after the fact so rarely land.

Why existing defenses never see the scam 

Banks have invested heavily in fraud controls, and most of them sit in the wrong place for this threat. Transaction monitoring catches anomalies once money is already moving. Email security guards the inbox. Network tools protect what happens inside the institution’s perimeter.
Pig-butchering happens outside all of it. The relationship lives on the customer’s personal phone, across consumer apps a bank has no visibility into. By the time a suspicious wire request reaches the fraud team, the customer has spent weeks being convinced the idea is their own. They will often defend the transfer because, in their mind, they are not being scammed; they are investing.

CheckTxt operates where the existing stack cannot: in the path of the messages a customer actually reads and trusts. 

Each stage along that arc is a chance to step in, and the chance is worth the most early. A check at the first friendly message is the best moment to catch it. By the time the request to send money arrives, it is usually too late.

How CheckTxt helps prevent pig butcher scams today 

Today, CheckTxt works on individual messages. A customer who feels a flicker of doubt, or a worried family member, can forward the suspicious text or a screenshot of the conversation and receive a clear verdict, Malicious, Suspicious, or Safe, in under sixty seconds. There is no app to install and no account to set up. See how CheckTxt works for your customers >

Pig butchering offers several moments where that check matters: the wrong-number opener, the unusually fast pivot to a crypto or investment opportunity, the screenshots of too-good-to-be-true profits, and the eventual request for money or a transfer. Any one of them can be verified the instant it arrives, which is the only window that counts, the one before the money leaves.

That neutral read matters more than it sounds. Many people in these situations are reluctant to raise their doubts with friends or family, who may judge them or wave the worry away. An objective verdict from a third party gives them something solid to act on before they send money, without the conversation they are dreading having.

Where is this going?

The harder problem is that pig butchering is not one message. It is a conversation that crosses a dating app, text, email, and a phone call, and its meaning only becomes clear when those moments are read together.

That is the problem CheckTxt is building toward. A new capability, in development now, is designed to read a conversation as a whole rather than one message at a time, drawing on signals such as reverse image lookups, employment verification, and analysis of how the conversation itself unfolds, to help judge whether the person on the other end is who they claim to be. The aim is to recognize a slow-building con as one continuous threat rather than a string of harmless-looking pings.

It is being built to work across the kind of unified, cross-channel conversation infrastructure that Twilio brought to market this year, the same shift now carrying legitimate customer conversations across voice, text, and chat. Scam detection has to follow the conversation to the same place.

Why this issue belongs on any bank or financial institution’s radar

A customer being slowly drained does not stay the customer’s problem. It surfaces as bank withdrawals, ban wires, reimbursement claims, and your brand exposure. Learn more about how CheckTxt prevents brand impersonation scams.

Regulators and law enforcement have taken notice. The FDIC’s Office of Inspector General has flagged the threat to institutions, the New York Attorney General issued a fresh consumer warning in early 2026, and the Department of Justice has stood up a Scam Center Strike Force aimed squarely at the Southeast Asian compounds behind these losses, an effort that has already notified thousands of victims and protected hundreds of millions of dollars.

Most fraud tools are built to catch a bad transaction after it happens. CheckTxt is designed to help prevent it. Banks that can warn customers before a transfer, rather than investigate after it, protect their members and their balance sheets at the same time. This is exactly what our customer-facing SMS fraud protection for banks is built for.