Catfishing is a common technique used on social media sites to attack victims through fake personalities and accounts. This technique is also used on dating sites, playing on people’s emotions, most often for fraudulent financial gain or identity theft. Catfishing exploits users that are willing to ignore warning signs that a friend or acquaintance may not be who they claim to be.

These interactions on dating or social media sites often end up with victims sending gifts, money, or personal information to the catfisher (attacker) due to the victim believing the catfish is a real person who needs the money or information for a specific reason (ill family member, needs rent money, etc).  They play on emotional insecurities and are perpetrated by people adept at manipulating others against their will through flattery, threats, and other emotional tricks.

Source: TechTarget,

Additional Reading: Catfishing: How Romance Scammers Seduce Seniors

Related Terms: Social Engineering

What does CatFishing mean for an SMB?

The best way to defend your employees against Catfishing is by educating and training them on cybersecurity awareness and best practices. The same measures that teach to spot and watch out for social engineering attacks will help spot catfishing attacks on a person.
Aside from cybersecurity awareness training, CyberHoot recommends following these steps to recognize Catfishing red flags and what you should do:
  • The Relationship Progresses Quickly

      • Most catfishing stories you read will reveal just how strong and quickly a person will come-on to their potential victims. If within the first few exchanges the person seems to be pushing the relationship forward at a rapid pace without having even met you, you are most likely being catfished. Be careful.

  • Not Showing Their Face
      • Strictly using written communication or phone calls (frequently discuss meeting in‐person but repeatedly have circumstances pop up to prevent them from doing so), there is a good chance they are hiding their true identity. If you are truly interested, request a Skype or Face-Time call. 

  • Social Media Usage Is Sparse
      • Having a social media account these days doesn’t guarantee someone’s identity. If their accounts show few friends and fewer posts (being tagged in friend’s pictures is most helpful), they might be a catfish.

  • They Ask For Money
      • Everyone now and then needs a helping hand, but typically it should be from close family or friends that help is requested; someone you have known for a long time. If someone online has shown interest in you and is asking for funds to be sent to them or a ‘friend,” take this as a major red flag. Never give personal information or money to people you haven’t met in person!

  • Too Good To Be True
      • Does every picture look perfectly modeled and flawless? Are their interests broad enough to match with almost anybody? Take these as warning signs and proceed with caution.  They may be a catfish.
  • Bad Grammar
      • If they claim to be from an English-speaking country but there‘s evidence that they have little command of the language, don‘t be afraid to ask more questions. When it seems like you might be on to them, a catfish will typically end communication and look for someone else to scam. Similar to Phishing attacks, poor spelling and grammar may be a dead giveaway. 

  • Elaborate Stories
      • They try to gain your pity or your money, knowing how to pull on emotional heartstrings. Tales of childhood trauma shared early on with a stranger should indicate that they are trying to create quick emotional connection. Catfishers will have grand, elaborate explanations for why they can’t Skype or Face-Time yet again, or even why they need an emergency monetary transfer.

Closing Thoughts:

Catfishing is not much different than social engineering. It uses a relationship, built rapidly through a social media site, to convince the target to do something that will lead to a significant benefit for the catfisher. Teach employees to be skeptical online, to ask questions, to trust but verify the identity of whomever they are communicating with.  Anonymity online is a benefit and a curse. Do not trust anything you have not personally or professionally verified.

To learn more about Warning Signs of Catfishers, watch this short 4 minute video:

Additional Reading:

Catfishing Statistics

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.