Table of Contents
In cybersecurity, catfishing refers to the fabrication of a false online identity by a cybercriminal for the purposes of deception, fraud, or exploitation. As the name implies, catfishing is most commonly used for romance scams on dating apps, websites, and social media platforms.
Before becoming a common problem in the cybersecurity world, the term “catfishing” was defined as the practice of using catfish to keep cod active during transportation. This early definition was described in the 2010 film “Catfish”, which was largely responsible for coining the meaning of catfishing as we know it today: a form of deceptive activity involving a person creating a fake online presence for nefarious purposes.
Cybersecurity Education and Training Begins Here
Here’s how your free trial works:
- Meet with our cybersecurity experts to assess your environment and identify your threat risk exposure
- Within 24 hours and minimal configuration, we’ll deploy our solutions for 30 days
- Experience our technology in action!
- Receive report outlining your security vulnerabilities to help you take immediate action against cybersecurity attacks
Fill out this form to request a meeting with our cybersecurity experts.
Thank you for your submission.
History of Catfishing
Catfishing is a relatively new phenomenon in cybersecurity that didn’t become a serious concern until the early 2010s. The term, which originated from the 2010 documentary “Catfish”, was popularised by the TV series also called “Catfish”, which first aired on MTV in 2012. With over two hundred episodes and a decade of airing, the reality television series made the term “catfishing” even more mainstream.
It wasn’t until the late 2010s when catfishing became a serious cybercrime that resulted in significant financial losses. FBI and Federal Trade Commission (FTC) data reported from AllAboutCookies.org highlights alarming trends in catfishing. From 2019 to 2022, the average number of quarterly reports of catfishing scams increased by more than 174%. Today, reports estimate that there are approximately four times as many reports than there were at the start of 2019 (source).
How Does Catfishing Work?
Catfishing is the act of manufacturing a fake online identity to deceive someone into a false relationship, often intending to troll or defraud the victim by convincing them to send money. Catfishing can take place on any online platform where people interact with each other, but some of the most common include social media websites, dating apps, online gaming communities, and special interest forums.
Catfishers often choose platforms with many potential victims to target where they can easily create fake profiles. They create a convincing false identity through various means, including stolen photos and fake names, locations, or occupations. Catfishers may also use online tools and apps to alter their appearance and voice, making it more difficult for victims to detect their deception.
Whether through email or direct messages on social media platforms, catfishers use various strategies to lure their victims, including flattery, emotional manipulation, and playing on the victim’s vulnerabilities. They often establish false intimacy and trust and then gradually ask for personal information, money, or other favours. Some catfishers also use blackmail or threats to control their victims and keep them from reporting the scam to authorities.
Examples of Catfishing
Catfishing can be used to deceive and manipulate people for different purposes, including financial gain, sexual exploitation, and terrorism. More than just a peer-to-peer scam that targets victims on a personal level, examples of catfishing have also impacted businesses and organisations. Notable examples include:
The Military Imposter
In 2018, a man named John Edward Taylor was sentenced to 14 years in prison for catfishing dozens of women on dating sites while pretending to be a retired Navy SEAL or CIA agent. Taylor used his fake identity to impress his victims, earning their trust and eventually defrauding them into giving him thousands of dollars of their own money. He was later caught and convicted on multiple counts of fraud and identity theft.
The Manti Te’o Case
Manti Te’o was a notable college football player who made headlines in 2012 when it was revealed that he had been catfished by a fictitious woman named Lennay Kekua. Te’o was led to believe that Kekua was his girlfriend, a fake persona created by a man named Ronaiah Tuiasosopo. Tuiasosopo had used a fake profile on social media to develop a relationship with Te’o and even went so far as to fake Kekua’s death to garner sympathy from Te’o. The story was later told in in Netflix documentary called The Girlfriend Who Didn’t Exist.
The ISIS Recruiter
In 2015, a Virginia man named Mohamad Jamal Khweis was arrested for attempting to join ISIS in Syria. Khweis had been recruited online by “Umm Isa al-Amrikiya”, who he believed was a young woman interested in Islam. In reality, “Umm Isa” was a catfisher working on behalf of ISIS to lure in Western recruits. Khweis was sentenced to 20 years for joining ISIS and agreeing to be a suicide bomber of the terrorist group.
These examples illustrate the diverse range of motivations and methods catfishers use to exploit their victims, as well as the complex nature of catfishing scams.
- Financial loss: Catfishers most commonly deceive their victims into giving them money by posing as someone in need and exploiting their victims’ compassion. In 2021, over 24,000 victims throughout the U.S. collectively lost approximately $1 billion to such romance scams, according to the FBI’s Internet Crime Complaint Center.
- Reputation damage: If the victim has shared private or embarrassing information, the catfisher can blackmail them, damaging their reputation. Celebrities, athletes, and other high-profile individuals can experience significant reputational damage from being catfished.
- Identity theft: Catfishing can also lead to identity theft in various forms. The catfisher may use the victim’s personal information to create a new identity or commit fraud. Likewise, the fabricated personas catfishers create can also pose issues in compromising one’s true identity.
- Emotional distress: While catfishing cases span across all age groups, it’s generally older and more vulnerable populations that are most affected. Catfishing can cause severe emotional distress to victims, as they can often feel betrayed, hurt, humiliated, or even experience anxiety and depression in the wake of being catfished.
Why People Catfish
One of the primary reasons people catfish is for personal gain, most commonly in the form of financial incentives. For example, they may trick their victims into giving them money or gifts, posing as a romantic partner needing help. Alternatively, they may seek emotional benefits, such as attention and validation, by creating a false persona that is more desirable than their real-life identity. This may include presenting themselves as more attractive, successful, or popular than they actually are. In doing so, they may feel rewarded by gaining more online followers, friends, or romantic partners.
Another reason people catfish is due to feelings of insecurity or lack of confidence in their real-life identity. By fabricating a new persona, they can escape their insecurities and live out a version of themselves that they feel is more desirable. Catfishers may also be motivated by a sense of anonymity and freedom when interacting with others online, allowing them to express themselves in ways they’re otherwise uncomfortable doing in real life. Such motives can be particularly tempting to those who struggle with social anxiety or low self-esteem.
Some individuals may use catfishing scams as a form of revenge. For example, they may target someone who has wronged them in the past, using their false identity to manipulate them to lose money or harm them emotionally. In this way, catfishing can become a tool for seeking revenge and exerting power over others.
- Requesting money early on in a relationship, often disguised as funds needed to visit the victim
- Avoiding any sort of face-to-face contact, such as video chats
- Using fake profile images that are suspiciously beautiful or, in some cases, blurry or unclear
- Speaking with poor language and grammar skills or messaging at odd hours
- Asking to take the conversation off the dating app or social media site to communicate directly
- Posing as someone else on social media to lure gang rivals or deceive victims into joining groups
- Backing out of planned calls or meetings due to various excuses
- Seeming as though the person is too perfect or the situation is too good to be true
- Research the person: Before engaging in any kind of online relationship, take the time to conduct background research on the person. This includes verifying the person’s identity, checking their online presence on social media sites, or looking for any signs of suspicious activity or inconsistencies in their story. Searching the person’s name on Google can often reveal a lot of information to help you determine if they’re legitimate or who they claim to be.
- Meet in person: Whenever possible, make an effort to arrange a face-to-face meeting with the person in a public place. This can help you confirm the person’s identity and build trust before exhausting time and energy in any online dialogue. If the individual is unwilling to meet in person, this should be a big red flag and cause for concern.
- Avoid sharing personal information: Never share any personal information or sensitive data online, such as your home address, the names of loved ones, your social security number, or financial information. Always be mindful of who you share your contact details with, and refrain from any financial transactions until you have firmly established a solid relationship and are fully confident in the other person’s identity.
- Trust your instincts: If a person you’ve met online seems too good to be true, they probably are. Profile pictures that look like a supermodel, overt compliments, and a suspicious willingness to get to know you are all telltale signs of a catfish. Don’t ignore your gut instincts; be wary of anyone who seems overly interested, eager, or pushy. If you feel uncomfortable or unsure about someone, it’s best to err on the side of caution and end all communication.
- Use caution on social media: Social media sites like Facebook, Twitter, and TikTok are breeding grounds for catfishing scams, so it’s important to be cautious when engaging with unfamiliar people online. Avoid accepting friend requests from strangers or engaging in private conversations with people you don’t know. Check your privacy settings and ensure your information is not readily available to anyone and everyone.
How Proofpoint Can Help
As an international leader in cybersecurity solutions, Proofpoint helps organisations protect their assets and people against cyber threats, including identity theft, catfishing, and email scams. Proofpoint delivers the systems and technology to help protect your data, taking a people-centric approach to effectively educate and train individuals to minimise risks and prevent attacks from occurring. Learn more about how Proofpoint can support your team in warding off threats like catfishing and other online scams.