Catfishing is the deliberate creation of false online personas to deceive and manipulate victims for financial gain, information theft, or emotional exploitation. Attackers construct elaborate fictional identities using stolen photos, fabricated backgrounds, and sophisticated social engineering to establish trust before pivoting to exploitation that can compromise both personal and corporate security.
Modern catfishing operations mirror advanced persistent threats in their patience and methodology, with attackers investing weeks or months building emotional connections before requesting money, credentials, or sensitive information.
Enterprise Security Implications: Catfishing uses fabricated online identities to manipulate victims through emotional deception, creating enterprise security risks when employees share credentials or expose corporate data through compromised personal relationships. Attackers may target employees on professional networks like LinkedIn, social media platforms, or even corporate communication tools to gather intelligence or gain access.
Common Catfishing Tactics
Romantic Catfishing: Creating fake romantic relationships to extract money, gift cards, or sensitive personal information that can be used for identity theft or blackmail.
Professional Catfishing: Impersonating recruiters, business partners, or industry experts to extract corporate information, establish initial access, or facilitate spear phishing attacks.
Authority Impersonation: Pretending to be executives, IT support staff, or government officials to pressure victims into sharing credentials or taking unauthorized actions.
How Catfishing Enables Corporate Attacks: Intelligence gathered through catfishing—including organizational charts, internal processes, and employee relationships—can be used to craft highly convincing spear phishing emails and business email compromise attacks. Pangratis detects impersonation-based attacks that rely on catfishing-style persona fabrication, protecting employees from being manipulated by fraudulent identities.