Guide

Catfish check from email

Something about the person you’re talking to online doesn’t add up. Here’s how to verify whether they’re who they say they are, using an email address and public tools.

Summary

Catfishing — pretending to be someone you’re not in an online relationship — is a well-established scam pattern, most common on dating apps but also prevalent on LinkedIn, Instagram, Facebook, and messaging apps. A catfish check uses reverse image search (Google, TinEye, Yandex), breach-history verification (HaveIBeenPwned), cross-reference of declared facts (Companies House, LinkedIn, social platforms), and location-signal comparison to verify whether someone’s claimed identity is genuine. For ambiguous cases, an automated OSINT platform like BLACKEYES compresses the full method into around fifteen minutes from an email address. Do the check before committing — emotionally, financially, or physically.

Six catfish red flags

One on its own might be nothing. Two or more together is a warning. All six is a certainty.

No social-media presence at all

A person active online — employed, with friends, with life context — will almost always have some public footprint. Complete absence at an age bracket where presence is normal is a red flag.

Photos too polished, too few, or reverse-image-search matches

Stock-like photos, only two or three photos ever, or photos that a reverse-image search traces back to somebody else’s profile. Any of these suggests stolen imagery.

Refuses video calls or in-person meetings

After weeks of communication, consistent excuses about video or meeting are the most reliable catfish signal. A real person wanting a real relationship will eventually accept.

Declared location doesn’t match digital signals

They say they’re in London, but their social geotags show Manila, or their email registration patterns suggest elsewhere. Geographic inconsistency is hard to fake across every signal.

Stated employer or institution can’t be verified

The company they work for has no website, no LinkedIn presence, or the domain was registered last month. The prestigious role is at an institution whose staff directory doesn’t list them.

Urgent requests for money or personal favours

The classic romance-scam pattern. Family emergency, stuck abroad, medical crisis, investment opportunity too good to miss. Never, ever, send money.

The six-step method

Do these in order. Most catfish are exposed at step 01 — reverse image search. The later steps are for sophisticated operators or ambiguous cases.

Reverse-image the profile photos

Google Images, TinEye, and Yandex Images. Yandex is particularly effective for non-Western profile photos. If the photos are used elsewhere under a different name, that’s typically a lockup on catfish.

Check the email address

Run the email through HaveIBeenPwned to see if it’s real and has history. A brand-new email with no breach history on someone claiming to be 40 years old is suspicious.

Cross-reference declared details

Company name through Companies House or LinkedIn, employer directory, professional-body membership. Real people tend to show up consistently across these. Invented identities tend not to.

Search for their social footprint

LinkedIn, Facebook, Instagram, TikTok. Cross-reference their stated name and location. Sherlock and WhatsMyName help surface alias-username presence.

Compare location signals

What location tags appear on their public posts? Does timezone of messages match the city they claim to live in? Small tells often reveal big lies.

Full email-based OSINT check

For the ambiguous cases where other steps have been inconclusive, an automated OSINT platform compresses all the above into a single fifteen-minute report. Useful when you’re about to make a commitment — emotional, financial, or physical — that depends on the person being who they claim.

When to run a catfish check

Any time something feels off. Also, any time you’re about to do something that depends on the other person being honest.

You’ve been talking to someone online for a few weeks and something feels off

They’ve started asking about your finances, asking for money, or suggesting joint investments

They refuse video or in-person meetings despite the relationship “progressing”

You’re about to send money, share an address, or commit in a way that depends on them being honest

You’re helping a friend or relative worried that they’re being catfished

You’re meeting an online connection in person for the first time and want a safety check

Fifteen minutes to certainty

The six-step method works, but it takes an hour to run manually. BLACKEYES compresses it to around fifteen minutes — one email input, one source-cited report covering breach history, social presence, identity consistency, and geographic signals.

The report tells you whether the email belongs to a real person with a real history, whether the name matches the email, whether the social profiles connect to that name, and whether any of it triangulates to the location they’ve told you. When you’re uncertain and a decision is approaching, it’s the fastest way to a clear answer.

Run a catfish check See a sample report

Frequently asked questions

Is doing a catfish check legal?

Yes. Checking whether someone you’re talking to is who they claim to be uses publicly available information — social profiles, reverse image search, domain registrations, breach history. None of these steps require consent or trigger particular legal barriers. Most catfish-verification work is individual self-protection.

What if I’m wrong and they’re real?

A catfish check is passive — the subject isn’t contacted or notified. If all your red flags turn out to be false alarms, no harm is done. Better to check and be wrong than to commit and be caught out.

What are the most common catfish platforms?

Dating apps (Tinder, Hinge, Bumble, Match.com) are the most common, but catfishing also happens on LinkedIn (for employment scams and investment fraud), Instagram (for celebrity-impersonation), Facebook (for romance scams targeting older demographics), and Telegram or WhatsApp (for crypto and investment fraud patterns).

Should I report a confirmed catfish?

Yes. Report to the platform where you met them — most dating apps and social platforms act on catfish reports. If money or personal data has been extracted, report to Action Fraud (in the UK) at actionfraud.police.uk. If the catfish has used someone else’s photos, you can notify the real person so they can take protective action.

Can BLACKEYES help with a catfish check?

Yes. If you have an email address for the person you’re uncertain about, BLACKEYES runs an automated OSINT investigation in around fifteen minutes — breach history, social presence, identity consistency, geographic signals — and returns a source-cited report. It’s the full version of the method this page describes, compressed into a single workflow.

Verify before you commit

One email. Fifteen minutes. The certainty that matters before you do something you can’t easily undo.

Start Free See pricing

Reports are tools, not conclusive judgements — verify material findings before reliance. See the FAQ