+1 (877) 634-6847
Customer Support
Cybersecurity Glossary

What Is Catfishing?

Catfishing is the use of a fake online identity to build a relationship, gain trust, and manipulate someone into a harmful action. In security and fraud contexts, catfishing can support romance scams, fake recruiting, vendor impersonation, social media fraud, and targeted social engineering.

Learn More
Glossary Index Phishing & Social Engineering
Short definition

Catfishing is an impersonation tactic where an attacker pretends to be someone else online. The false identity is used to gain trust over time, then request money, information, access, private images, account help, or another action the target would normally question.

At a glance: Catfishing is usually slower than a one-message phishing attempt. The attacker invests time in the relationship so the eventual request feels personal rather than suspicious.

Catfishing Meaning

Catfishing is often discussed in personal or romance contexts, but the same behavior can create workplace risk. A fake profile can appear on social media, messaging apps, job platforms, professional networks, dating sites, or customer channels. The attacker builds a story and a persona that makes the target more willing to trust them.

The fake identity may be simple, such as a stolen profile photo and a made-up name. It may also be more developed, with a believable work history, mutual connections, AI-generated images, and messages tailored to the target. The attacker may study the target first so the conversation feels natural.

In business settings, catfishing can reach employees who would ignore a cold phishing email. The persona might be a recruiter with a polished job offer, a vendor contact who builds rapport before asking for documents, a customer pressuring support into account changes, or an executive profile that starts a conversation before a payment request.

The danger comes from trust built over time. Once the target feels they know the person, they may overlook inconsistencies, skip verification, or share information they would not send to a stranger.

How Catfishing Works

Catfishing usually develops as a staged relationship rather than a single request.

  1. The attacker creates a persona. They may use stolen photos, generated images, fake work details, copied posts, or a profile built to match the target.
  2. The first contact feels natural. The attacker may start through a shared interest, job role, customer issue, professional connection, or personal message.
  3. Trust is built gradually. The conversation may include flattery, sympathy, shared goals, helpful advice, or claims of mutual contacts.
  4. The request becomes sensitive. The attacker may ask for money, files, credentials, private information, introductions, account help, or secrecy.
  5. The relationship is used as leverage. If the target hesitates, the attacker may use guilt, urgency, affection, authority, or embarrassment to keep control.

Common Catfishing Examples

Catfishing can appear in personal, professional, and customer-facing settings.

  • Romance or friendship scam: A fake identity builds emotional trust and later asks for money, gift cards, travel help, or private information.
  • Fake recruiter: A profile claims to offer a job opportunity and asks the target to share documents, complete forms, or move to a private channel.
  • Vendor relationship fraud: A false contact develops rapport before requesting files, invoice details, or changes to payment instructions.
  • Social media impersonation: An attacker pretends to be a coworker, executive, partner, or customer to start a trusted conversation.
  • Customer support manipulation: A fake identity pressures support teams to reset accounts, reveal information, or override normal checks.

Why Catfishing Matters

A false relationship can move security decisions out of policy and into emotion. Technical controls can block many malicious links, but they cannot always identify whether a person behind a profile is real.

For businesses, the risk is not limited to financial fraud. Catfishing can support insider targeting, recruiting scams, brand impersonation, social engineering, extortion, account recovery abuse, and data theft.

The emotional side also matters. Targets may delay reporting because they feel embarrassed or responsible. A good security culture makes it clear that manipulation is the attacker's tactic and that early reporting helps protect everyone.

How to Reduce Catfishing Risk

The safest approach is to verify identity before an online relationship influences a business action.

  • Verify through independent channels. Use known company directories, official websites, vendor portals, or internal contacts instead of relying on a profile or message thread.
  • Watch for channel shifting. Be cautious when someone quickly asks to move from a public or professional channel to private messaging.
  • Protect sensitive data. Do not send credentials, files, customer data, payment details, or identity documents because of a relationship built online.
  • Check profile consistency. Review work history, account age, mutual contacts, photos, domains, and whether details change across platforms.
  • Report suspicious relationships. Employees should have a low-friction way to report fake profiles, unusual outreach, or identity concerns.

Related Catfishing Terms

Catfishing is closely connected to identity fraud and social engineering.

  • Synthetic Identity Fraud explains how false identities can be assembled from real, fake, and generated details.
  • Social Engineering covers the broader manipulation tactics used to influence trust and behavior.

Catfishing Takeaway

Catfishing is effective because the request does not arrive first. The relationship does. By the time money, access, or information is requested, the target may feel they are helping someone they know.

A safer habit is to separate relationship from verification. Even friendly, familiar, or emotionally convincing online identities should be checked before they influence business decisions.

Navigation
Back to Glossary View Category

Share This Page

Send this glossary page to a teammate, client, or employee who needs a quick explanation.

Email Facebook LinkedIn
FAQ

Questions Teams Ask About Catfishing

Quick answers about fake online identities, business risk, and safer identity verification habits.

What does catfishing mean in cybersecurity?

Catfishing is the use of a fake online identity to build trust, manipulate a target, and eventually request money, information, access, or another risky action.

Is catfishing only used in romance scams?

No. Romance scams are common, but catfishing can also appear in recruiting, vendor fraud, social media impersonation, customer support abuse, and business social engineering.

How can catfishing affect a business?

A fake identity can target employees, executives, recruiters, support teams, or finance staff and lead to data exposure, payment fraud, account takeover, or reputational harm.

How can employees spot possible catfishing?

Warning signs include inconsistent identity details, pressure to move channels, reluctance to verify, emotional manipulation, and requests for money, files, credentials, or private information.