Greetings, everyone! I struggled to come up with a short title that would capture the themes that I want to share in this and some upcoming columns. An alternate title was “Hard Lessons of Social Networking and the New World Order.” This will start a short series of articles in which I share a rather disconcerting tale of my life for the last week. I hope the themes I convey will help you and your colleagues, friends, and family, understand and approach social networking with additional thought and care.
And I want to weave in discussions of technology, of the cloud, and of the new, disconnected world, and the implications for service levels and trust. I expect there will be “lessons learned” that will help both your professional and personal worlds.
It all began when I received what I thought was a spam email message that started, “Ever heard the term Catfish?” I had not. And the adventure began, through which I discovered a scam that was using my profile photos as part of an effort to target women, and discovered just how pitifully Facebook is equipped to respond.
Late last week, I received a message through the “Contact Us” page on my company website. The message was from a woman named Carolyn. It started:
Hi Dan,
Ever heard the term Catfish?
The message included the phrases, “He is using your photos for his fake identity,” “Those darn fb games!” a link to a Facebook profile, and a long paragraph of text at the bottom. It was late when the message arrived, and with a cursory glance, my reaction was that the message itself was spam. I often get spam messages from robots and cheap labor that is paid to spam people through email “Contact Us” forms like mine. This smelled fishy to me, so I wasn’t about to click the link to the Facebook profile.
But I also didn’t delete the message. Good thing I didn’t.
The next morning, I had a few minutes before a conference call, so I examined the email message more closely. On second read, I understood more clearly what the message appeared to be. A woman named Carolyn had been playing a Facebook game and had received a friend request from someone she thought was a player. “Just the wrong kind of player” she reported. “He is using your photos for his fake identity.”
The message went on to say that the Facebook account had sent her a very sketchy message from a lonely man who was looking for a companion to share his life after his wife died in 2009. You get the idea. The message included a link to the Facebook profile in question.
As I re-read the message, I was doing the calculus in my head based on a strong suspicion that the message itself was spam. But the potential that someone was using my identity to scam women concerned me. So I decided to investigate it.
As any good “spam sleuth” would do, I hovered over the link in the email, without clicking it. I could see in the tool tip that the link did, in fact, point to a www.facebook.com URL. So the link itself was not fishy (or phishy). But I wasn’t sure what I’d get on the page itself—perhaps someone had found a way to embed malware into a Facebook timeline. So I made sure that my security software (built in to Windows 8) was up to date with virus definitions, I opened up an “InPrivate” session of Internet Explorer so that security would be higher, took a deep breath, and typed the URL manually into the browser.
The page that opened was a Facebook timeline of a man named “Fred Walker.” Fred Walker looked amazingly like me. In fact, it was me staring right back at me. A photo I had taken standing in front of a map of South America at the Microsoft office in Buenos Aires almost exactly one year ago as part of the Sharing the Point tour. That was his profile picture.
As my shock level decreased, I read his “About” information. He lives in Garden Grove, California—a suburb of Los Angeles. He went to University of Arizona and to a high school in Arizona that I had heard of. He’s a used car dealer. (Side note with 20/20 hindsight: A used car dealer? Really!? )
The calculus in my head told me, now, that the email I had received was genuine. There was a Facebook profile with my photo. The timeline on the profile contained very little information, and certainly didn’t itself have any links to external, suspicious sites, or any sign of embedded malware. So with this profile staring me in the face like a mirror, I had to trust the source of the email message and trust her story that this person had sent a very sketchy message to her. I noticed that there were several other women connected to this guy on Facebook, so I felt it was my duty to report what I had found to the right authorities, in hopes of preventing any scam or exploitation of these women.
What happened next is a story of reporting the issue to Facebook and to my Facebook friends, of learning that “Catfish” means:
A person who creates fake profiles online and pretends to be someone they are not by using someone else's pictures and information.
Wikipedia has a great overview of the phenomenon, which has spawned a “docudrama” (read: trashy semi-reality TV show) on MTV.
And, in the process of learning what “Catfish” means, I gained a huge appreciation for the woman who reported the problem to me, a new respect for Google image search, an understanding of how widespread my catfish problem was, and a sad realization of how poorly Facebook is set up to protect its users from this and other social diseases. Stay tuned!