March 8, 2019
You had a rough day, and you need a pick me up, so on your way home you decide to stop by a café to pick up a treat. While waiting in line, out of the corner of your eye, you see the best-looking chocolate chip muffin you have ever seen. You pick it up with your coffee and decide to save it for later. Now the time has come and all you can think about is your muffin, you pull it out and take the largest bite you can afford and then it hits you, as you start to feel the shrivelled bitter taste in your mouth you realize, this is a raisin muffin. You have been catphished!
What is Catphishing?
All light heartedness aside, catphishing is a very serious type of social engineering scam that plays on one’s emotions and exploits them for money or information. A more formal definition of catphishing (AKA romance scams) would be:
“… (an) Emerging threat…That entails exploiting individuals by targeting them through dating sites (and social media) …Catphishing can be used as a means to gain money, personal details or even notoriety.” – IACP.
The pursuit of money, power, information or intimacy through catphishing can have a very profound negative effect on its victims. This may be in the form of trust issues, financial difficulty, information loss, blackmail, or in some cases even death or bodily harm. Therefore, in a world where our lives are becoming ever more reliant on technology we need to be careful when it comes to “friending” or “following” strangers on the internet, as we may not know who exactly is on the other side.
Credit - Tero Karras, Samuli Laine, Timo Aila - of Nvidia
How is catphishing done?
All the images in the carousel have one thing in common, they are not real people! These are all images of human faces that have been generated by an artificial intelligence developed by Nvidia. These images are so realistic that you would be hard pressed to determine their legitimacy. Now this technique may not be used in a catphishing scams today as it takes weeks on a powerful machine just to generate one of the images, but as this technology advances it may very well be used in the future. For now, those who catphish will simply steal images of attractive looking individuals to entice their potential victims. Once a victim is “hooked” the catphish will start to create an intimate relationship with the victim and will ultimately end up asking for something in return.
How can you tell you are being catphished?
Here are some potential signs that you are being catphished and should cease interaction:
- Everything seems too good to be true
- They refuse to do voice/video chat
- Their photos do not include other people
- They have limited social media accounts with barely any activity or only very recent activity
- They ask for a lot of personal information such as salary or location
- They may agree to meet in person, but will always cancel last minute or refuse all together
These are only a few signs that can point to a catphish, in general if something doesn’t feel right, or it is too good to be true you should be very cautious, and you should probably stop interaction with the individual.
Additional Resources
- http://www.iacpcybercenter.org/catphishing/ [1]
- https://www.nvidia.com/en-us/?cjevent=bd9969e4410a11e9817300ef0a24060e [2]
- https://arxiv.org/pdf/1812.04948.pdf [3]
Written by: Joao Bernardo (Cyber Security Analyst, Information Security)