Catphishing or Emotional Terrorism or Both: You Decide

The Real Scott Humpal. Image courtesy CBS NewsA 65-year-old woman from North Carolina, Roxanne Reed, is in jail for allegedly plotting to kill her mother for the insurance money. Roxanne Reed had swallowed a catphishing scam, one in which the cybercriminal pretends to be someone they're not—usually a completely fictitious person but sometimes, as in this case, a stolen identity—in order to develop a romantic connection.

That connection ultimately enables the catphish to ask the victim for large sums of money for a seemingly legitimate reason. Victims in Canada and the United States have lost close to a billion dollars to catphishing over the last three years. Because of embarrassment, victims rarely admit they were scammed. Most victims are women over fifty years old, single, and looking for a relationship, as reported CBS news’ Meg Oliver explained.

Reed had fallen for a catphish she met on Facebook. He called himself "Scott Humpal," and he evidently asked Reed for money to pay medical bills. Despite never having met him, she sent this stranger more than $50,000 over several months. Reed’s family reported the scam after she ran out of money and showed signs of plotting to kill her 88-year-old mother for the life insurance. Reed has been charged with fraud and conspiracy to commit murder.

There is in fact a real Scott Humpal, although he wasn't the one in touch with Reed. Effectively a victim of stolen identity, he lives in Corpus Christi, Texas. Humpal’s wife had died in a plane crash, and shortly after the tragedy, he began receiving suspicious Facebook messages. Humpal didn’t know the people sending him messages. He responded only to be told that the people who'd contacted him had been conversing with someone claiming to be him on an Internet dating platform. Humpal discovered that scammers had created multiple profiles using his name, and that “hundreds” of women had fallen for the fake Humpal.

Adam Levin, founder of Cyber-Scout, calls catphishers “emotional terrorists, not caring whom they destroy or how they destroy them. All they are after is money.” Levin said Humpal was the ideal victim of identity theft for catphishing: he's a handsome and well-to-do widower.

CBS News learned that Facebook advises users not to accept suspicious requests, and tells users never to send money or share financial information. Levin noted that even though catphishing has become more sophisticated, red flags like poor spelling and grammar are good indicators here as in other forms of social engineering.

73-year-old Beverly Franzke missed the red flags when she met a man on claiming to be a 61-year-old serviceman. His photo and profile struck her as someone she could trust. When her online companion told her he needed cash to pay his son's medical bills, Beverly sent the stranger more than $30,000 from her inheritance, and $10,000 she borrowed from friends.

Since Franzke has a caregiver’s personality, she wasn't disposed to question the request. She is, she said, someone who always takes care of people. Franzke is not embarrassed by falling for the scam. Instead she is “disgusted, mad and hurt.”

These are sad cases. As the district attorney who has the case points out, Roxanne Reed is not only an alleged perpetrator, but a victim as well. Emotional terrorists will socially engineer online relationships to get what they want. This problem will persist as long as there are those who want to help and those who want to take. It's best to follow advice shared by Facebook and Don’t accept suspicious requests and never send money or share financial information.

Organizations have a stake in this, too. Not only are they rightly concerned for the well-being of their employees, but they can be placed at risk by compromised workers, too. Consider the possibility of embezzlement, loss of sensitive data, surrender of credentials, and so forth. Insider threat programs are always on the lookout for approaches that could compromise their employees. Sound security involves creating awareness of social engineering in its various forms, and new-school, interactive security awareness training can help do that.

CBS News has the story:


Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews