Schedule a Demo


See the latest news and insights around Information Governance, eDiscovery, Enterprise Collaboration, and Social Media. 

All Posts

Cybercrime Update: CatPhishing

Ways to Protect Yourself Online from "Crooked Sweethearts"

Catphishing (or “Catfishing”) is a “romance scam” and form of fraud, highly popularised by the use of social media networks, online chat forums and documentary-turned television series by the same name. The term “catfish” was defined in the Oxford dictionary in 2014 (“to lure someone into a relationship by adopting a fictional online persona”), but is also a form of Phishing for information and so many legal and tech professionals refer to this as “Catphishing”.

The concept is a relatively simple one of impersonation; online predators or “crooked sweethearts” fabricate online identities and curate multiple social media accounts to trick people into emotional or romantic relationships. This form of fraud usually happens over a long period of time, is a big investment of time and effort for both parties and can be done for a multitude of motives.There is no singular, standard objective of a fraudster engaging in catfishing; reasons can vary from less culpable intentions of boredom, loneliness and unrequited love, to revenge, intent to extort money, exploit or emotionally and mentally torment.


CatPhish Techniques

Predators usually create multiple online social media accounts with either stock images or photographs from genuine social media accounts. Due to the personal dimension photographs provide and instantaneous communication via social media, if unsuspecting, a victim can be quickly engaged and entrapped by a fraudster. This is where the dangers lie; as initiating a relationship under false pretences can overlap into other crimes such as fraud, extortion, blackmail, cyber-bullying and child-exploitation.



Though a relatively new cyber-scam, catfishing is slowly finding its legal stance in both civil and criminal cases. Not many protective provisions are specifically in place, but certain internet standards and ethics apply, such as those in Twitter and Facebook’s Terms of Service and the (US) federal Computer Fraud and Abuse Act.

United States: Subject to US law, legal ramifications for catfishing vary from state to state and on the severity of the consequences from the catfish’s actions. When the primary intention of the false account is to obtain money, then the perpetrator is easily prosecuted for fraud. If there is no monetary damage involved but the activity resulted in emotional damage, this may amount to a civil suit, and criminal charges in rare cases.

Canada: Traditionally, a catfish builds this scam and relationship from a foundation of fraud, misrepresentation and lies.  To be a victim of an actionable lie it depends on the circumstances and purpose of the lie. If a lie is told in conscious effort to extort money from an individual, the monetary element amounts to fraud, and so is of course a felony. Lies resulting in emotional harm or stress could be valid for a civil remedy, as pre-internet examples of catfishing can be classified as “intentional infliction of mental suffering”.

There is a three-tier test to establish this test;

  • there must be a degree of outrageous conduct,
  • conduct intended to produce harm and
  • conduct resulted in a visible and provable medical illness.

Proving that the purpose of the lie at hand was to inflict harm may be difficult to prove, as it is possible that a perpetrator honestly “didn’t mean to hurt anybody” is a valid defence – even if the perpetrator was “recklessly indifferent” to the potential harm (Piresferreira v. Ayotte, 2010).

As this ground has a requirement of a provable mental illness, it seems as though catfishing not involving monetary loss or illness is not actionable, as stress and anguish is not enough (Young v. Borzoni).


What does a Catfish look like...

One of the first legal acknowledgements of catfishing occurred in Zimmerman v. Ball State University [2013], in which two students catfished their roommate on Facebook, impersonated a 15 year old girl (“Ashley”) and initiated an online romance. They further “recruited” a local high school student to pose as “Ashley” in cell and text conversations. When confronting him with the reality of his fictitious relationship at the cinema, they recorded the confrontation, placed the video on YouTube and captioned it “[Target] is a pedophile”.

Ball State charged the roommates with two Conduct Code violations, harassment and invasion of privacy. When suspended from the University and facing a year of disciplinary probation on return, the accused challenged the review board in court asserting violation of their First Amendment and due process rights, arguing that their conduct also took place off-campus.

Judge Jane Magnus-Stinson was refreshingly unsympathetic to their claims and claimed their conduct was objectionable enough to warrant censorship by the university. The judge in this instance specifically identified and labelled their antics as “catfishing” their victim. The Judge in this instance also found their catfishing scheme to have been taken that step further- with the recording of the reaction, placing of the video on the internet and giving the video a libellous caption.

Also tricking the Target into engaging in a relationship with “Ashley” to ultimately entrap him into committing a crime by soliciting a minor goes beyond communication protected by constitutional rights, the court held, and so their obvious fraud, intent to inflict emotional harm and actions were punishable.

More elaborate catfishing schemes have been undertaken by unlikely fraudsters; such as 18 year old American teenager Andriy Mykhaylivskyy. Mykhaylivskyy not only created a fictional online character called “Kate Fulton”, “catfished” classmates into a relationship with his fictional character – but feigned a kidnapping, ransom effort, prompted an international man hunt and lied to federal agents and the US embassy.

Originally charged with obstruction of justice, facing a maximum of 5 years in jail and a fine of $250,000, Mykhaylivskyy was sentenced to 6 months in prison for his catfishing hoax, a $500 fine and 3 years of supervised release.

Other “classic” examples of catfishing have occurred to people like Alec Couros; a communications Professor from the University of Regina whose images and name was repeatedly used to leave women defrauded or heartbroken via false Skype, Christian Mingle, eHarmony,, Plenty of Fish,, Twitter and Facebook accounts. Couros claims that at any given time there was at least three fake Alec Couros’ using his images on Twitter or Facebook and likely dozens he didn’t know about.

The darker side of catfishing hoaxes can have devastating results
, especially when advantage is taken of the vulnerability of young people and their emotional state with many instances of catfishing – elevating to Cyberbullying, grooming and child exploitation.

Catfishing is ultimately extremely different from hacking, phishing and other computer based cyber scams as it targets smaller circles of individuals, specifically with the intention to extort, use or hurt their victims for a reason and can do the most emotional and mental damage than other cyber-scams.

The acts of fraud attached to photos provide a more human dimension to the practice which increases chances of taking advantage of people in a vulnerable state.


How can WebPreserver help?

WebPreserver archiving, preserving and authenticating technology can assist Internet Regulators, companies and legal professionals alike in efforts to monitor online activity cyber crime, cyber scams and protect social media accounts from fraudsters.

For Legal Professionals....In instances of fraud, defamation or any form of litigation requiring content from social media and the internet, WebPreserver provides an essential tool for archiving and producing evidentiary standard content in courts. The simple and efficient one-click Snapshot feature, clean and clear interface and online sharing platform provide a reliable in-house data management program for litigation support and professionals, with the resources to share potential evidence with colleagues and clients.

The added benefits of an e-signature, automated time-stamp and collection of Metadata ensures compliance with preservation of records standards and authentic social media and online content in litigation.

For Federal Agencies and Regulators... Federal watchdogs and Internet regulators have a duty to monitor, delete and sanction those infringing internet, advertising and competition laws and general standards of  internet ethics causing harm to the public or other bodies. WebPreserver can provide an essential tool of capturing illegal online content, authenticating, preserving and organising it in compliance with evidentiary requirements and ensuring the security of the internet from cybercriminals in instances where litigation ensues. WebPreserver provides a simple, secure, time and cost efficient resource for these bodies creating strong evidence from any form of content.

The information and materials on this blog are provided for general and informative purposes only and are not intended to be construed as legal advice. Content on this blog is not intended to substitute the advice of a licensed attorney, as laws are subject to change and vary with time, from jurisdiction to jurisdiction. Content on this blog may be changed without notice and is not guaranteed to be complete, correct or up-to-date.

Related Posts

SEC Rule 17a-3 & FINRA Records Retention Requirements Explained

Financial industry recordkeeping regulatory requirements like the U.S. Securities and Exchange Commission (SEC) Rules 17a-3 and 17a-4, and the Financial Industry Regulatory Authority (FINRA) Rules 4511 and 2210, play a crucial role in maintaining the integrity of the U.S. financial markets. These regulations are not just bureaucratic formalities; their oversight involves ensuring that financial services firms adhere to stringent record retention requirements, essential for the transparency, accountability, and trust that underpin the financial system.

The Reddit OSINT/SOCMINT Investigation Guide

According to its IPO prospectus submitted to the US Securities and Exchange Commission on February 22, 2024, Reddit has more than 100K active communities, 73 million daily active visitors, 267 million weekly unique visitors, and more than 1 billion cumulative posts.

Understanding a Request for Production of Documents (RFP)

Requesting production of documents and responding to requests for production (RFP) are key aspects of the discovery process, allowing both parties involved in a legal matter access to crucial evidence.