I have a Facebook account, with my real name, real photo. I’ll connect to anyone I’ve met. From time to time I get invites from rather random people. Somehow a lot the random people seem to be in the military.
Today’s invite was from John Carter. Here’s his Facebook profile.
So I did a little reverse image lookup and found an article from the Washington Post that begins.
Gen. John F. Campbell, the top U.S. general in Afghanistan, has taken to Facebook with a warning: Think twice before assuming profiles you see of him on the Internet are real.
It goes on to say that his team have discovered more than 700 fake profiles. General Campbell has his own Facebook page on which he explicitly states that he has no other profiles.
So what is this about? It’s the beginning of a catfish scam, an example of social engineering.
Social engineering is a technique used in many frauds, it relies on the fraudster persuading the victim into revealing confidential information or taking action that they wouldn’t have planned themselves. Often the fraudster creates an elaborate scenario to achieve this, and may create an online/social media persona to carry out the fraud. When a such a persona is created the fraud is know as “catfish”.
Steps in the catfish process;
- Catfish Scam Artist is active in a Facebook community or online game, seeking vulnerable target. Often they target someone who is older, lonely, isolated, not particularly knowledgeable about technology. They’re talented and picking the most gullible.
- Catfish builds rapport and makes friend request, the relationship may move to a deeper friendship or even a romantic or (cyber)sexual one.
- Catfish sets up scenario for the financial fraud to begin, they will create a legitimate sounding need for money. Perhaps for medical expenses for themselves or a close family member. Very often the first amounts needed are small but the ‘condition’ worsens and expenses rise.
- When challenged the Catfish will go on the defensive and provide some evidence of their fraud such as some form of medical report, but these “documents” are fake. (As a side note I have seen fake rental agreements, medical records, financial bonds, passports and ID documentation).
Dr Phil regularly does exposé episodes, and provides ten tips on checking potential catfish.
The fake romances can scam thousands or hundreds of thousands of dollars from their victims, in a further clip from the case above Dr Phil adds up the cost and gets a total approaching 200,000 USD. It is estimated that these fraud types are worth 82 million dollars in the US alone. That’s roughly a quarterly profit figure for Apple.
I’ve worked on cyber-security issues in a former job, I’m too suspicious to fall for this. I hope warning other people will help.