I Got Catfished (December 8, 2025)
The dark side of artificial intelligence is increasing the sophistication of targeted attacks. No one is immune. And despite several years of regular anti-phishing training, I got hooked and am here to tell the story so that you may be on the lookout for similar attacks.
In hindsight, there were signs I should have recognized earlier, but didn’t. I’ll share these two so we can unravel this together and I can “let go” of the desire to beat myself up for being scammed. Well, almost scammed. I was fortunate enough to recognize a few key signs (thanks to my regular security training) before the most critical parts of the scam could do maximum damage. So let’s start at the beginning and I’ll share what happened and how to avoid repeating.
This is the LinkedIn Profile for Anna Perez (who is deceased)
I’m in Vietnam when I receive an email from “Anna Perez” from her gmail account (anna.perez.jobplacement@gmail.com). For me, that’s not uncommon. I receive lots of emails from gmail accounts. It’s usually the personal account of a freelancer or someone who is doing freelance work for a company. For those who are MOST meticulous, I’ll grant you that this was a “yellow flag” — not a “red flag,” but enough that before I responded, I did what I thought was due dilligence. Specifically, I looked for her LinkedIn account and saw it was “active” with 1,700 followers and 500+ connections. It also matched the signature used in the gmail to make it look a bit more professional:
Email signature line of anna.perez.jobplacement@gmail.com
Here’s where the dark side of artificial intelligence comes into play. Not all, but most professional scams come from countries outside the US where English is a second language (for reference, these are the top 19 countries with the most known phishing attacks).
Because English is the second language of the attacker, usually emails are extremely poorly written with obvious grammatical errors and major hints that the email isn’t coming from who it says it’s coming from. Moreover, these scammers are playing a numbers game, so they tend to blast out generic emails that, at best, address you by your first name, but usually know precious little more about you.
Not with AI. Now scammers can create extremely targeted attacks and use technology to scrape lots of information from our social media posts and public profile information. Let’s take a look at the first email that grabbed my attention. The subject line said, “Opportunities in Coaching and Marketing You May Be Interested In”
Beware of unsolicited emails from people you don’t know. I have since learned that Anna Perez died and scammers are using her profile.
This email was personalized and included information about me that was publically available. No “bells” went off with this for me because if Anna Perez were a legitimate recruiter the outreach would go similar to how this started. Someone I don’t know reaches out to me claiming to have an opportunity I might be interested in.
I could have just ignored and deleted this email. But the truth is, I’m not sure what I’m going to do when I get back from my year of travel and much of my success has been around cultivating multiple options so that I never feel pressured to take an action I don’t want to take.
So I did what I’d do with any recruiter. I told her I was traveling around the world and not actively seeking any opportunities, but that I might be interested in about six months time. I further shared what kinds of opportunities would interest me, at what salary level and the basic things a recruiter would need to know to see if there might be a good fit for something I might be interested in.
“Anna” asked some solid clarifying questions (thanks to AI and the sophisticated attack I was unknowingly being gently nudged into). Again, no flags at all with these clarifying questions as they seemed perfectly appropriate for a legitimate recruiter who was doing her due dilligence and ensuring only the “right” opportunities were presented to me. It was also building trust and rapport which are important in these scams. If you’ve ever been scammed, you know what’s next.
Presenting the “Honey Pot”
No one gets scammed without what is lovingly referred to as “the honey pot.” If you prefer sticking with the phishing analogy, then you could refer to this as “the bait” used to spring the trap.
“Anna” came back to me with not one, but five separate job descriptions of what she claimed were active searches she was involved in. Here again, AI can really do a number on you because armed with my background (freely accessible on LinkedIn), programmers can reverse engineer job descriptions that are tailored to your expertise. Then they can choose companies that are likely to be interesting and worthy of going deeper.
Here’s where I took the bait and salavated for that honey pot. One of the job opportunities was for the Chief Marketing Officer of none other than FranklinCovey. Here’s what was shared with me along with four other opportunities.
Page 1 of the AI-generated FranklinCovey CMO position
Page 2 of the AI-generated FranklinCovey CMO job description
Now here’s where I dropped my guard and shifted to a vision of possibility. I mean, wow. I wasn’t looking for this job but it seems to have fallen into my lap. “Anna” made a inference that “one of the five job offers was about to make an offer, but I asked them to hold off until I could see if you’re interested.” Hook. Line. Sinker. I was now considering what it would be like to be the CMO of FranklinCovey.
Moreover, I was directly connected to Sean Covey, the president of FranklinCovey. If I got the job, that’s who I’d be working alongside. Excitement and possibility got the better of me. This is where I skipped a critical step that would have helped me in retrospect. I trusted, but I failed to verify. Instead, I went to work on how I might let Sean know I was interested in the position. I crafted an email and then rewrote it. I spent a few hours thinking about the role and what I could do. I sent him both a well worded email and LinkedIn message.
I talked to my wife who definitely didn’t want me “jumping back into corporate.” I talked to my kids as they both have Sage advice for me having seen me when I was working for Positive Intelligence for the past 6 years. I shared my excitement and feedback with “Anna” as well as some concerns with the other four positions.
“Anna” asked me to send over my resume so that she could begin working her magic and set up interviews. Again, exactly how a recruiter would respond. I told her bluntly that I had never in my life used a resume to get a job. Not from my first job at Modem Media in 1994 (building the first commercial websites) to my most recent position as Chief Coaching Officer at Positive Intelligence. That said, my excitement got the better of me and I sat down and built one. In fact, I was really happy with it. Take a look:
So, despite my historical context of never using a resume, I thought it best to satisfy the request of my new recruiter and arm her with what she needed to do her job on my behalf. So far, so good, right? Here’s where it all came crumbling down. The next email from “Anna”:
And this is when I “snapped out of it” and realized something was wrong. ATS stands for “Applicant Tracking System” and it’s software used by recruiters to filter job applications. Here’s the thing, if this was a retained search, using an ATS should have happened before any of the exchanges I was having with “Anna.” Those Spidey senses that were not activated at the beginning were now on full RED ALERT!
So I did what I should have done much earlier. I did some cybersleuthing of my own to see if FranklinCovey had published their job opening. Instead, I found this:
Yup. If I had done my due dilligence, I’d see they hired Dariusz Paczuski as CMO 7 months ago; unliked to be actively searching to replace him
Bad Word! Bad Word! Bad Word!
So, first thing’s first. I need to apologize for my email & LinkedIn messages to Sean Covey. I acknowledged that I had been scammed and referred to the press release about FranklinCovey hiring Dariusz Paczuski just 7 months ago and realizing I should have checked that first before sending Sean a message of my own interest. To his credit, Sean accepted my apology and left the door open to stay in touch.
Phew. Lots of bad things can happen, but me damaging my own reputation was something I never wanted to do — let alone with someone I highly respect.
Then I did my own damage report. So now the scammers know my phone number and can do some even more sophisticated attacks in the future. They know more about my work history and desires for future career opportunities and can use that against me in a future attack. But luckily, I didn’t provide my credit card, bank account info, social security number, passport number, or a host of other things I could have inadvertently provided as part of a “background check” which recruiters often do before recommending a candidate. Phew.
“Anna” Sticks to Her Lies
Perhaps what’s most interesting is just how manipulative AI messaging can be. When “Anna” asked if I wanted to speak with her friend about updating my resume to improve my ATS score, I simply asked her for the link to the CMO position direclty from FanklinCovey. When there was radio silence, I sent a follow-up email with the link to the press release congratulating her on catfishing me with such a sophisticated attack. She could let go of any false pretense. The game is up. Here’s how she responded:
It’s almost impressive. Almost. But hey, in for a penny, in for a pound as they say. So I simply replied, “Okay, let’s turn over a new leaf. I’m on Zoom and here’s the link, why don’t we speak face to face.”
And, as you can imagine, lots of reasons she was unable to join me live on Zoom. But, her assistant would be free to join me if that was okay. She’d really like to get the ball rolling on hiring her friend as the other four opportunities are totally legitimate. (Yeah, right. Fool me once …)
Ok, I responded, how about accepting my LinkedIn connection request? This was more to see if the LinkedIn profile is a legitimate person being impersonated or part of the elaborate scam.
Sure thing, she responded, I’m just not in front of my computer right now, blah, blah, blah. Again, the AI was really good. So I reported the email to FBI’s Internet Crime Complaint Center and reported the LinkedIn account at fake or impersonated (since I wasn’t sure which). I have since learned from Danika Davis, owner of Merit HR, that Anna Perez is deceased and we both have contacted LinkedIn to request this profile be changed to “In Remembrance” honoring her death and so that more AI-enabled scammers can’t use her profile in the future.
How to report a suspicious LinkedIn account to LinkedIn
What’s most important in all of this (and the reason I’m sharing this publically) is so that you know how sophisticated these scams have become. Please keep your guard up and do your due diligence. It used to be easy to spot phishing attacks, scams and fraud, but with AI, the attacks are more targeted, more sophisticated, and if you haven’t already been targeted, chances are it will be happening very soon — either in your inbox or via mobile phone. Please be aware and vigilant.
