Try Business for freedownload
Blog
Recent
Blog
Recent
Industry News
LastPass For Admins
LastPass Labs
Product Updates
Tips And Tricks
bg
Security Tips

What Is Catfishing, and How to Protect Yourself

LastPassAugust 21, 2024
What Is Catfishing, and How to Protect Yourself

Romance scams are a $500+ million dollar industry – a windfall for catfishers who prey on vulnerable people online. The problem is so acute that Homeland Security has even launched awareness campaigns about it. 

Yet, far from fading into the shadows, romance scams are occurring with frightening regularity.  

The results are devastating. Crypto-romance scammers, for instance, leave victims grappling not only with financial loss but also the anguish of loving someone who abused their trust. 

Below, we examine the psychology behind catfishing and the best ways to protect yourself from its onslaught. 

Understanding Catfishing 

Definition of catfishing 

Catfishing involves using a stolen online identity to mislead victims for personal, financial, or emotional gain. 

This deceptive practice often occurs on social media sites and online dating platforms. The term “catfishing” comes from a highly acclaimed 2010 documentary film.  

In “Catfish,” Nev Schulman (a New York City photographer) begins an online relationship with Megan, the attractive older sister of Abby (one of Nev’s Facebook connections). 

Nev is fascinated by Megan and becomes romantically involved with her, even though he’s never met her. However, as the relationship deepens, inconsistencies in Megan’s stories begin to gnaw at Nev. 

Eventually, Nev, his brother Ariel, and a friend named Henry Joost decide to confront Megan at her home in Michigan. The climax of the documentary occurs when the three men discover that there never was a Megan. Nev had effectively been communicating with Angela, Megan’s mother. 

Angela is married to Vince and helps care for his two mentally disabled children. In the documentary, Vince mentions that catfish are often shipped with live cod from North America to Asia. The catfish chases the cod in the tanks, keeping the cod alert and agile. This ensures that the cod stays healthy, and its flesh remains fresh and succulent. 

Vince implies that people like Angela are like catfish, who keep others alert and ready for trouble. This corresponds to the documentary’s central theme about those who disrupt the lives of others, making them question their own realities and perceptions. 

Today, catfishing is a serious matter, with Homeland Security playing a critical role in high-profile investigations that result in heavy jail terms for romance scammers. 

Motivations behind catfishing 

Why do people catfish? While the motivations behind catfishing are varied and complex, the common theme is that scammers enjoy the feeling of power and control they exert over victims.  

Essentially, there are three main reasons people engage in catfishing. 

  • Financial gain. Consumers lost an eye-watering $1.14 billion (about $4 per person in the US) to catfishing scams in 2023. The greatest losses were in cryptocurrency, with bank transfers a close second. In Q1 2024, a Chicago-area woman named Sally lost $80,000 to a man who pretended to be Taylor Kinney, an actor from NBC’s acclaimed “Chicago Fire.” The woman’s sister says that Sally cashed out her 401 (K) and took out loans to meet the romance scammer’s demands. 
  • Emotional fulfillment. Some scammers act out of a need to receive validation from others, like Angela in the “Catfish” documentary. Angela created Megan’s character as a form of escapism. The online world allowed the middle-aged Angela to feel young, relevant, and admired. Essentially, the character of Megan gave Angela an outlet for experiencing excitement and adventure, in contrast to the monotony and hardships of her reality. 
  • Malice. Some scammers act out of a sense of malice. Take for example, the devastating case of Kirat Assi, who fell in love with a man named Bobby. “Bobby” turned out to be Kirat’s distant female cousin Simran Bhogal. Bhogal supposedly held a grudge against Kirat, deceiving her for ten (10) years and shattering her mental and physical health in the process. 

How to Know If You’re Being Catfished 

Common red flags of catfishing 

What does it mean if someone is catfishing you? 

Recognizing the signs of catfishing is critical to protecting your health, sanity, and financial assets. Here are eight (8) common red flags that may indicate you’re dealing with a scammer: 

  • An insatiable desire to know everything about you 
  • A seeming rush to accelerate an emotional connection with you 
  • Intense expressions of love for you, even though you’ve never met 
  • Cagey behavior when confronted about the tendency to ask very personal questions  
  • Strong objections to meeting in person or chatting on video calls 
  • Impossibly sexy social media photos that appear to be Photoshopped  
  • Social media photos that appear dated 
  • Overly dramatic stories about traumatic experiences coupled with an urgent request for money  

Here, you may ask, “How do I check if someone is a catfish?” According to the FTC, catfishers are prone to telling lies, and these are their favorite lines: 

  • I or a much-loved relative is sick, hurt, or in jail (24%) 
  • I can teach you how to invest your money for quick gains (18%) 
  • I'm away on a military mission in a faraway place (18%) 
  • I need help with an important delivery (18%) 
  • We’ve never met, but I’m ready to marry you (12%) 
  • I’ve come into some money or an inheritance, and I want to share it with you (7%) 
  • I’m on an oil rig or ship in a dangerous part of the world (6%) 
  • You can trust me with your pictures, you know (3%) 

Techniques used by catfishers 

What are signs that you’re being catfished? 

Catfishers employ a variety of techniques to lure their unsuspecting victims into a treacherous abyss of mental torture. They include: 

  • Creating detailed but fraudulent social media profiles, complete with friends and family connections that don’t exist 
  • Sharing scenarios that elicit sympathy, such as a chronic illness or personal crisis. This leads you to become emotionally invested in the relationship. 
  • Crafting elaborate backstories about their wealth or accomplishments to elicit admiration 
  • Using digitally altered or stolen images to create an attractive persona   
  • Creating a turbulent cycle of highs and lows. During “high” moments, they shower you with endearments, compliments, and promises of a happy future together. They send romantic gifts and share intimate secrets with you.  

However, during “low” moments, they lash out, become unexpectedly distant, and cease all communication. When you’re finally able to establish contact, they make threats about leaving you. They may also accuse you of not caring about their welfare, filling you with guilt and self-doubt. 

So, what’s an example of catfishing? 

Many online predators pose as military men. They use stolen photos of actual service members, express support for the military, and share elaborate stories about their heroic actions in battle. They usually boast about having a high rank or being a decorated hero. Some scammers may share a military ID badge that looks real. Here are six ways to spot a fraudulent military ID card

These wannabe warriors, however, can never meet in person or join a video call because they “are deployed to a remote combat zone.” They may also provide inconsistent details or conflicting information about their role.  

For example, they may misidentify their MOS (Military Occupational Specialty) or show a lack of understanding of what soldiers with a particular MOS do. 

When asked for specific information, they often change the subject or provide vague answers. Trust your gut: when in doubt, do a Google image search of their profile photos. 

Psychological manipulation tactics 

Often, attackers experience great success by using psychological manipulation tactics. They may: 

  • Use flattery, attentive behavior, and affectionate overtures to make you feel special and valued 
  • Try to appear more human and relatable by sharing fabricated experiences of severe trauma or hardship 
  • Use empathy to exploit your desire or longing for a romantic, long-term relationship 
  • Create a sense of urgency to prompt you to act quickly, especially when making requests for financial assistance 

It may surprise you to know that even famous people aren’t immune to the charms of a scammer. In 2012, a talented Notre Dame linebacker named Manti Te’o fell victim to an elaborate catfishing scheme that left him vulnerable to a vicious online culture. 

Te’o’s online love interest was supposedly a woman named Lennay Kekua. They carried out their romance over the phone and online. However, Kekua turned out to be a man named Ronaiah Tuiasosopo. To make matters worse, vicious gossip emerged that Te’o was, in fact, in on the elaborate scheme to gain national attention.  

Within a short time, Te’o became the butt of jokes and a national embarrassment, alongside Tiger Woods (who was dealing with his own marital infidelity scandal) and Lance Armstrong (who was in the throes of a doping investigation). Today, Te’o advises people to be cautious when embarking on romances with online connections. 

The Dangers of Catfishing 

Psychological toll  

It’s important to be vigilant when surfing online and engaging in communication with others. The psychological consequences of catfishing can be devastating. They include: 

  • Depression, anxiety, and suicidal ideation 
  • Disillusionment with online dating and relationships in general 
  • The sudden onset of attachment trauma, which fuels intense fears of intimacy and hyper-reactions to stress 

Social media and online dating platforms as breeding grounds for catfishing 

Many people use social media to find that special someone. However, it often results in unintended consequences and broken hearts. Scammers favor online platforms because they provide anonymity and access to a large pool of potential victims. 

Popular sites like Facebook, Instagram, and X allow catfishers to create profiles using stolen photos. Such profiles can seem legitimate because they have many followers and follow other reputable profiles. 

Online dating sites like Tinder, Plenty of Fish, and OkCupid are also prime targets for catfishers.  

In 2023, an Indiana woman created a fake profile on Plenty of Fish and scammed a 96-year-old widower out of $80,000. 

Due to the rise in catfishing, platforms like Meta, Coinbase, and Match (the parent company of Tinder and Hinge) joined hands to create the Tech Against Scams coalition. The goal is to fight romance and pig butchering scams that has led to the tragic suicides of victims. 

The FBI estimates that pig butchering scams stole nearly $4 billion (about $12 per person in the US) from Americans in 2023.  

Meanwhile, Tinder now has an enhanced verification process that requires you to submit both a video selfie and one form of government ID before signing up for an account. 

How to protect yourself from falling victim to catfishing 

Many people ask, “How can I prevent from being catfished?” 

Protecting oneself requires diligence and a proactive approach, and these are the strategies we recommend: 

  • Verifying identities: Use reverse image search tools like Social Catfish to determine if profile pictures have been used elsewhere. The Social Catfish website includes resources on catfishing techniques you should look out for on sites like eHarmony, OKCupid, Tinder, and Match. Want to know if your new cutie is a scammer? Check out Social Catfish’s 2024 collection of the 100 most used romance scam photosYou can also use an online tool like BeenVerified to uncover information about criminal, vehicle, and property records pertaining to your new love interest. Meanwhile, Swindler Buster lets you know which Tinder users have uploaded the same image to their profiles. 
  • Protecting your privacy: Be cautious about sharing personal information such as your street address, Social Security number, phone number, or any sensitive financial information with online connections. 
  • Being skeptical of grand overtures: If your new friend has a penchant for sharing dramatic stories of personal courage or making overly dramatic statements about falling in love, be wary. Genuine relationships take time to nurture. Ask direct questions about how they came to develop such sudden, strong feelings for you. 
  • Using secure platforms: Use platforms with robust security policies and verification processes. Meta now offers verification badges for Facebook and Instagram profiles. While not everyone will pay the minimum fee of $14.99/month for a verification badge, it’s a good idea to remain vigilant as you navigate these platforms. 

Protecting Your Online Identity

Importance of strong passwords 

Weak passwords are often easy to guess, especially if they’re based on your birthday, favorite foods, or the names of pets. 

If you use passwords that follow predictable patterns across all your accounts, the catfisher may successfully gain entry to them using a brute force attack or dictionary attack

For example, you may mention that you have a Wells Fargo account in one conversation. In another conversation, you may mention using your dog’s name as a password for your online accounts.  

While guessing is by far the most popular technique catfishers can use, they can also leverage password cracking tools to decipher your password. 

Using a secure password manager 

According to CISA, storing strong passwords in a password manager is one of the best ways to protect your sensitive information.  

If you’re in the market for a password manager, look for one with these characteristics: 

  • Offers a secure vault for storage 
  • Auto-fills your information on legitimate sites only 
  • Syncs across all your devices so you have access to your credentials wherever you are 

Two-factor authentication for added security 

In addition, you’ll want to choose a password manager that offers two-factor authentication and/or passwordless login for added protection. 

Two-factor authentication adds an extra step to the login process to ensure that only you can access your accounts. 

Meanwhile, passwordless login allows you to log into your business or personal password vault without a master password. Instead, you’ll use an authenticator app, FIDO2 certified biometrics (face & fingerprint), or FIDO2 certified hardware keys (Yubikey or Feitian) for login purposes. 

Since no one else shares your unique biometric characteristics or hardware keys, your accounts remain secure from unauthorized access. 

Educating Yourself and Others 

Tips for raising awareness about catfishing 

Who are the most common victims of catfishing?  

You’ll be surprised that only 20,000 cases of catfishing are reported each year, while the actual number of victims is 20-30 times higher. 

Almost 45% of catfishers target CEOs, self-employed individuals, and founders. They do so assuming these targets have more disposable income than others. 

Here are more alarming catfishing statistics

  • One out of five millennials have been targeted by catfishers 
  • About 22% of victims have sent adult-rated photos to catfishers 
  • Female catfishers often lie about their age to deceive unsuspecting male victims 
  • Almost 80% of women over 40 who were catfished experienced financial losses 
  • 40% of male catfishers falsify their income and occupations 

Unfortunately, some catfishing victims are far younger. One of the world’s largest catfishing investigations led to the arrest of 25-year-old Alexander McCartney, who was convicted of over 180 charges involving over 60 child victims. 

One of his victims, an unnamed 12-year-old girl, died after being exploited by McCartney. 

To raise awareness about catfishing, consider implementing these key strategies: 

  • Hold workshops to educate your employees about catfishing on social media accounts. 
  • Emphasize cybersecurity literacy and teach your employees how to secure their online accounts, set up two-factor authentication, and use a robust password manager
  • Collaborate with cybersecurity experts and invite them to chair panel discussions on catfishing and online safety. 

Teaching online safety to children 

While employers focus on workplace safety, there’s a growing need to address the topic of children’s online safety.  

Child online safety is a community concern.  

Thus, teaching all employees to foster a culture of responsible digital behavior is critical. 

Involving all employees in discussions about online safety also promotes inclusive policies that leverage their diverse experiences and insights to protect vulnerable populations. 

Below are some key resources to help your employees contribute to child online safety: 

  • Explain the dangers of communicating with strangers online and how to look out for fraudulent profiles. 
  • Teach children to protect their personal information such as Social Security numbers, date of birth, street address, and any information pertaining to their families. 
  • Use real-life examples and role-playing games to help them recognize potential threats. 
  • Model good online surfing habits. 
  • Show them where to get resources that protect them against fraud and scammers. 

Analyzing personal vulnerabilities in preventing catfishing incidents 

What makes catfishers target one person and not another? Exploring the personal vulnerabilities that can make someone more susceptible to a romance scam is critical to the health and safety of your employees.  

According to the book The Voices of Scam Victims: A Psychological Model of the Experience of Fraud, the most vulnerable are those who are easily intimidated, risk-takers, susceptible to flattery, reliant on authority, gullible, greedy, or inattentive. 

If an employee has been catfished, you’ll want to encourage a dialogue with a therapist or mental health professional to help build trust again. 

Reporting and Taking Action Against Catfishing 

Steps to take if you suspect you're being catfished 

So, how do you handle a situation if you suspect you’re being catfished online? 

It can be devastating to realize you’ve been targeted in a catfishing campaign. However, taking immediate, appropriate action can help protect you or someone you love from more negative consequences. This includes: 

  • Ceasing all communication with the predator: Immediately stop responding to calls, texts, or emails. 
  • Gathering your documentation: If you have copies or screenshots of online chats, texts, and emails, save them in a folder. The evidence you gather will be useful to law enforcement during an investigation. 
  • Determining your legal and financial liabilities: If you’ve shared banking, financial, medical, or legal information with the scammer, contact the relevant institutions to secure your data. 
  • Informing your social media contacts, friends, and/or family: Alerting your friends and family can help protect them from being targeted by the same unscrupulous individual. 

Reporting catfishing incidents to the relevant authorities 

If you or someone you know has been catfished, it’s natural to ask, “How do I report a catfishing scam?” 

Making a report can be a traumatic experience, as you’ll have to relieve the experiences you shared with the scammer.  

You may also feel a range of emotions, such as shame, anger, confusion, and/or embarrassment. You may even have fantasies of revenge. 

These feelings are completely normal, and here’s how you can navigate the process with an eye towards protecting your reputation: 

  • Use platform reporting tools: Most social media sites offer ways to report a catfisher’s profile, and many platforms like Facebook allow anonymous reporting. Your report will be kept confidential, so you don’t suffer repercussions for your actions. 
  • Contact site support: Reach out to the customer support team and be sure to share all evidence you have gathered. 
  • Use identity theft protection services: If your personal information has been compromised, consider using identity theft protection services to monitor your identity. 

LastPass: Your Trusted Online Security Partner 

How LastPass can help protect against catfishing 

Often, catfishers adopt a fake online identity to gain your trust – so that they can steal YOUR identity.  

They may use your birth date, address, phone number, and Social Security number to open new credit card accounts, get a car loan, or purchase a new cell phone plan.  

Thus, login information to banking, medical, or insurance portals should be closely guarded – however much you trust your new love interest. 

LastPass can help protect you from unscrupulous scammers by storing your passwords, security questions & answers, banking, medical, and insurance information securely in a password vault that only YOU can access.  

Even if a catfisher gained your master password, they would still need to bypass our two-factor authentication process to get into your accounts. 

Features and benefits of LastPass 

At LastPass, we use PBKDF2-SHA256 with 600,000 iterations to secure your passwords. Here’s the process in a nutshell: 

  • User Input: You create a master password. 
  • Salt Generation: A unique salt or random value is added to your password before hashing. So, if someone else happens to share the same master password, the salt ensures that you both end up with unique derived keys. 
  • PBKDF2 Key Derivation: LastPass runs 600,000 iterations of PBKDF2 through the salt and master password to derive a key (hash output). 
  • Key Usage: The derived key is used as the encryption for your password vault. 
  • Storage: LastPass puts the salt, number of iterations (600,000), and the hash output in storage. 

To access your vault, you’ll enter your master password. LastPass retrieves the salt, hash, and iteration count.  

It then runs PBKDF2-SHA256 with these inputs and compares the resulting hash with the stored hash. If they match, the derived key is used to decrypt or open your password vault. 

Integrating LastPass into your digital life 

Installing LastPass and integrating it into your digital life is easy and painless.  

  • First, create a LastPass account. 
  • Next, you’ll want to download the LastPass app on your devices and the LastPass browser extension on Safari, Chrome, or Firefox. 
  • Third, you’ll want to create a master password. Be sure to use the LastPass password generator to create a strong, secure password
  • You’ll also want to set up multi-factor authentication as an extra layer of security for your account. 
  • Import your passwords from other password managers or your browser’s built-in password manager.  
  • Finally, you’ll want to update your trusted devices, and you’re done! 

To continue protecting yourself from catfishers, follow these best practices: 

  • Track your Security Score, and act if you have at-risk passwords. Strong passwords make it harder for scammers to access your information. 
  • Use the LastPass app and browser extension to access your passwords securely on your mobile device, desktop, or laptop.  

If you’re ready to protect yourself and your employees, sign up for a free LastPass trial on us today. 

 

bg

Get started with LastPass Business

14-day free LastPass Business trial. No credit card required.