The Eiffel Tower…A Precursor to Chicken Farming Social Engineering Scams?
Yes, you read the title correctly and, yes, it sounds ridiculous. But get ready to be mind blown again…because it’s 100 percent true. To make some sense of this, let’s jump into our Wayback Machine and set it for 1920s France where we’ll meet a man named Victor Lustig.
Back to the Beginning…
We’ve arrived in 1925 – Paris, France to be exact – and Victor is now a somewhat successful con-artist. He comes across an article in a local newspaper, where he reads about the problems the city is facing in maintaining and repairing the Eiffel Tower. As a con-artist, what is Victor to do with this information but hatch his next big plan, of course.
To do so, he summons several scrap metal dealers to a high-end hotel in downtown Paris. Lustig introduces himself as the deputy director of the Ministry of Posts and Telegraphs and claims that he represents the French government’s interests in the Eiffel Tower. During the meeting, he convinces the scrap dealers that the cost of preserving the Eiffel Tower is too great for the government and that they had decided to sell it for scrap. Victor also asks the men not to discuss the matter outside of their meeting, as the French government is not sure how the Parisian people would react.
By the end of the meeting, several men had come forward and made offers to buy the scrap metal rights from Victor. Seeing the fish on the hook, Victor asks one of the men for an additional bribe to guarantee his company would win the bid. After receiving the money, Victor fled Paris and returned to his home country of Austria. With this con having been so successful, he returned later that same year to run the same scam a second time.
The good news, for Victor anyway, is that his scam worked. The bad news, for the rest of us, is that schemes like Victor’s are more prevalent than ever, although now we refer to them as a phenomenon called…you guessed it…social engineering.
Social Engineering in the Present
Today, we see social engineering in many forms, even rivaling the brazenness of Victor Lustig’s Eiffel Tower scheme. It’s evolved over the past 100 years and has taken on a decidedly digital presence to stay viable in the modern age. In fact, it’s estimated that 98 percent of cyber attacks come in one form or another of social engineering.
The most common types of social engineering attempts we see are phishing, spear phishing, SMS phishing, whaling, baiting and honey trapping. From email to text messages to seemingly innocent connections made on the internet, social engineering has taken on many disguises in the past decade.
In credit unions, we often see social engineering through phishing emails asking for electronic signatures or sharing “statements” that are actually malicious attachments, just to name a few. Whaling is another version of social engineering used in credit union settings, in which emails appear as though they are coming from the CEO or some other member of the C-suite requesting employee credentials or important personal data. We certainly aren’t limited to just these types of social engineering – as we all know well, the sky is the limit where bad actors are concerned.
But the creativity of attackers has grown exponentially, with many taking a page from Victor Lustig’s book of tricks. And doing so has led to two of the biggest schemes we’ve seen thus far in 2025.
Beware of Toll Texts…Or Else
Texting and travel are two of the most common activities in our daily lives. Social engineers know this, which is why they’ve found a way to make money on everyday occurrences. Enter…the toll text scam.
You’ve likely seen it yourself – you feel that familiar vibration of your phone or hear the ding of the text notification. You check the message and find that it’s a warning to make good on your unpaid balance for utilizing a toll road. But wait…have you even been on a toll road lately? You keep reading and find that the message is claiming you owe $15.62 to the Turnpike Commission. If it isn’t paid by the given date using the link in the text, you could be facing serious penalties like vehicle registration suspension, legal action and even negative impacts to your credit score.
As it turns out, the “unpaid toll balance” you owe is actually nonexistent. In reality, the texts are being sent by social engineering masterminds who are banking on you to take the bait and act in fear of the consequences. And because the balance is such a small amount, chances are, you might actually bite. But that’s just the starting point – if you make a payment through the website they provide, even if it’s just for $15.62, the scammers now have your credit card information. Hook, line and sinker…your information has been compromised.
This is an example of a widespread SMS phishing scam. It’s been making its way across the U.S. (and even parts of Canada) since early 2024. Several government agencies – including the Federal Bureau of Investigation (FBI), Federal Communications Commission (FCC) and Federal Trade Commission (FTC) – have urged consumers to be wary of these texts while they work to dismantle the operation one false domain at a time. But considering the ease with which bad actors are purchasing and using new domains, it’s been a difficult scam to breach, which only demonstrates the power of social engineering.
Chicken Farming…Don’t Put All Your Eggs in One Basket
With the high cost of basic goods in 2025, scammers gained yet another opportunity to play on people’s fears. In the modern world, even something as simple as eggs can be a means to extort money from unsuspecting individuals looking for a cheaper alternative, paving the way for the chicken farming scheme.
With bird flu and inflation running rampant, we’ve seen the price of eggs go higher and higher in recent months. By March 2025, a carton of eggs reached a record high of $6.23 per dozen. These sky-high prices have been a deterrent for consumers looking to stretch their food budgets in a time of financial uncertainty, leading many to look into getting their own chickens for eggs.
So, let’s say you decide to invest in your own brood and you go searching for places to buy chickens to produce viable eggs. You can always go to your local Tractor Supply, of course, but chicks won’t be ready to produce for a bit, so you look for mature chickens for sale instead. Maybe Facebook Marketplace or Craigslist will serve you well in this endeavor. With a little bit of persistence and luck, you find what you’re looking for.
You reach out to the seller, making arrangements for payment. They prefer to use a cash app like Venmo or Zelle, which isn’t so unusual in today’s world, so you go with it. But all of a sudden, they’re asking for additional funds for transportation of the chickens or gift cards to offset the costs of shipping. Does it seem so unreasonable? Maybe not. Except it is, because, just like that, you’ve agreed to pay $50 for your chickens, but have ended up paying $100 in additional charges that weren’t part of the original price. Not only that, but once your money is received by the other party, they disappear. They won’t respond to messages, they may have even deleted their account. And, in the end, you’re left with no chickens and $150 less in your wallet.
This is an example of baiting, where bad actors offer to deliver a product or service (in this case, chickens) and then taking information, money, etc. from their victims. It’s effective because it appeals to people’s consumerism and, particularly for the chicken farming scheme, desperation for a cheaper alternative.
What the Eiffel Tower and Chicken Farming Have Taught Us
From the glittering city of Paris, France to the vast expanse of the world wide web, social engineering has a long, diversified and sordid history, and it’s our job to turn every event into a learning experience. It’s a threat that is here to stay, evolving as necessary to stay relevant as the world progresses.
As credit unions, the lesson is two-fold: we must be prepared to endure social engineering attacks on the back end, but we also have a duty to make our members aware. If there’s one thing to take away from these social engineering scams, it’s to always, always be vigilant. You don’t want to be the next person to be had by a Victor Lustig or, worse yet, a con artist with no name at all.
Mike Bechtel is an information security engineer for Vizo Financial Corporate Credit Union. As such, he provides incident response planning services, information security risk assessments, security awareness training, social engineering and vulnerability testing and reporting and information security-related consulting services to credit unions.