Empowering victims: Why language matters in cybersecurity

More and more members of the public have heard the phrase ‘pig butchering scam’ – and it doesn’t sound pretty. The dangers of language like this, though, aren’t limited to distaste. A new warning from Interpol has highlighted the reality that language is important in cybersecurity, and our choice of words can influence victim behaviour. 

What are pig butchering investment scams? 

Pig butchering scams are a type of investment fraud that often include an element of romance fraud. They’re perpetrated by organised crime groups, and use carefully engineered social engineering scripts to build trust with victims over time. 

They’re usually initiated over social media. The criminals behind them often refer to victims as ‘pigs’; to social media platforms as ‘pig pens’, and themselves, the scammers, as ‘butchers’. 

Initial contact is followed by an extended trust-building phase, which can last months. And when that trust is in place, the criminal group executes the scam – often convincing victims to invest significant sums of money on fraudulent cryptocurrency investing platforms. 

What has Interpol said about pig butchering? 

The term ‘pig butchering’ was coined by the scammers, not by the cybersecurity sector. And Interpol has now announced they will stop using it – along with removing the terminology from all Interpol websites, historic press releases, resources and working materials.

The organisation is also encouraging everyone else across the cybersecurity sector to stop using the phrase – replacing it with straightforward descriptions, such as ‘investment scams’. 

Speaking to Wired, Nick Court (Assistant Director in Interpol’s financial crime and anti-corruption program) said”

“I think we’re giving the gangs too much credit if we use that phrase. More importantly, we’re damaging how victims may perceive themselves. I don’t think anyone would want to be called a victim of pig butchering.”

A lesson in the impact of language in cybersecurity

This is the underlying issue at play: the terminology could prevent victims from coming forward. The idea that you’ve fallen victim to ‘pig butchering’ feels shameful and unsettling, and it’s likely to be harder to seek help than if the scam was simply described as an ‘investment scam’. 

It’s critical that victims do come forward – because the criminal groups that run these scams are sophisticated and organised, running physical and digital activity with complex logistical operations. Over 20,000 people are believed to have been trafficked to locations in Southeast Asia where they’re forced to scam victims around the world. When victims speak up, vital information is shared with law enforcement agencies that could help to shut down these operations. 

The lesson here goes beyond one form of cybercrime. It’s a reminder to think carefully about the language we adopt, often casually, in cybersecurity – and consider how that language could affect how victims feel. 

Does it empower them to seek help? Will it create stigma and shame? Are there alternative, more matter-of-fact ways to describe cyber crimes that would encourage victims to be more proactive about reporting concerns? And could the language we’re using prevent people from educating themselves in the first place, to reduce the risk of falling victim? 

As we head into 2025, here’s our call to the global cybersecurity community: let’s be thoughtful about the language we use. Because the words we use to describe cyber crime will filter out to the general public – so we need to choose language that empowers and educates, not language that drives fear and shame.