Cyber-crimes: Catfishing

Catfishing, given the Webster definition, is when a person creates a fake profile on social media for fraudulent or deceptive purposes.

The term catfishing is attributed to a 2010 documentary: Catfish, where a man is tricked into several relationships with exaggerated and completely fictitious people. The film has since spawned into an ongoing tv show aired on MTV.

A high profile victim of catfishing is former Notre Dame linebacker Manti Te’o who was highly touted during the 2013 NFL draft. He was tricked into a relationship with a fictitious girl. Teo said he was a victim of a, "sick joke" and that he, "maintained what [he] thought to be an authentic relationship".

But catfishing is not reserved for filmmakers and elite athletes. And its use is not limited to fake relationships. It’s actually pervasive across all social media platforms and has victimized a variety of people for a variety of purposes. There is a good chance that someone you know has been catfished, or is being catfished right now.

After some conversations we've come to know that many people have been victims of this cyber-act. The most common method of catfishing is when a person takes someone’s picture and name and pretends to be that person. The culprit will send friend requests to that person’s friends and family members and will often times try to obtain sensitive information.

In most cases catfishing is not illegal. But in the hands of criminals, it becomes an effective strategy to commit cyber-crime. Simply put, catfishing is deception for the purpose of acquiring something. What that something is can be the difference between an annoying prank and a serious crime.

Recently, a TFB member almost became the victim of a catfishing attempt. The culprit created a fake Facebook account using a picture and name of a relative in an attempt to sign people up for a fake grant.

The catfisher (gray text) attempting to trick a victim (blue text) with a fake Facebook profile using a relative's name and picture.

Their conversation is as follows:
(names have been darkened or redacted for privacy)
CF = Catfisher
PV = Potential Victim

CF = "Click on the link and message the agent" (fake link).
PV = "Who is your friend that told you?"
CF = [redacted name]
PV = [redacted name] "who"?
CF = [redacted name]. "Message the agent right now and let him know a beneficiary told you to contact them that you haven't get [sic] your grant yet."
PV = "so who else is doing this back there?"
CF = "My cousin is doing it as well"
CF = "Message the agent now"
PV = "Delete the account now while you are still at the beginning of trouble. Don't take this any further"

The fake profile has been deactivated.

Cyber-criminals will utilize a number of tricks and usually target unsuspecting individuals. Some cyber-criminals will send mass emails posing as reputable companies or persons to try and trick as many people as possible. Think of it as casting a wide net. This specific type of cyber-crime is known as phishing, and it bears the same purpose as catfishing: deception for the purpose of acquiring something.

So how do we protect ourselves from these new-age offenders?

By following some basic steps:

  • BE CAUTIOUS. Be cautious of any email or contact that asks for important information. Usually, companies will not ask for important information such as your password, social security number, bank account, and other important information.
  • TRUST YOUR GUT. Be cautious of things that don't feel right or is too good to be true. For example, if the person you're contacting seems different or awkward, be suspicious. Also, if a person seems persistent that you apply for a deal, or visit a website, or sign up for something, be suspicious.
  • PAY ATTENTION. Pay attention to the URL or the web address as well as the email addresses. If it doesn't look legitimate then it's probably not real. A simple rule to follow is, if the URL is too long, then it's probably fake. When at a website, try to find bad grammar. That is a simple way of finding fake emails/websites. Also look for the "about us" page. Most legitimate sites will have one and they will list details of their companies.
  • SEEING IS BELIEVING. For online purchases ask for an address or a physical store. Ask if you can walk in to their store or to see an address, then check if it's real. If you are suspicious of catfishing ask to have an audio conversation or for a video chat. If they seem apprehensive then they may have something to hide. Basically, ask if you can communicate by another means, email, phone, video chat, in person. In most cases, frauds only communicate using one or two methods.
  • RESEARCH. Take some time and Google the product or website. For catfishing, try to contact that person by other means (phone, video-chat etc.). Check with friends and relatives.