How a Viral Cat Name Post Can Help Protect Against ‘Hi Mum’ Scams

• scammer trying to trick mum was asked the cat’s name
• a screenshot of his comically random guess went viral
• the story was funny but it makes a serious point
• businesses can screen numbers for credibility but parents can’t
• a family safeword is a simple but effective fraud barrier

It was one of those moments that parents dread: a text message from an unrecognised number purporting to come from one of the recipient’s children who was overseas – and had broken their phone and needed a money matter sorted urgently.

I’m sure we’ve all come across scenarios like this. You strongly suspect you’re being targeted by scammers. But because your son really is overseas and conceivably might be in the situation as set out you can’t be sure.

So what do you do?

When this happened to London parent Sian Sturgis, what she did next ended up becoming a viral meme that went around the world.

Scam target mother asked for cat’s name to check who was texting

“What’s the name of our oldest cat?” she asked the texter who purported to be her son on holiday in South Africa.

“There’s no need to ask me silly questions ahaha” came the instant reply.

She stuck to her guns: “Answer please”

“Mittens?” came the reply.

It seems that Ms Sturgis’ oldest cat is not called Mittens.

Perhaps it was the randomness of the guess at a cat’s name. Or perhaps the pointless addition of a question mark – so that even if by some miracle the guess at the cat’s name had been correct she would still have doubted that she was talking to her son. But the whole exchange amused her.

A screenshot of the hapless scammer bluffing went viral

So both she and her husband shared a screenshot of this SMS conversation which quickly went viral on Twitter/X – and then on Instagram and other platforms, racking up millions of views and tens of thousands of shares and reposts.

“Mittens?” had become one of the funny posts of the summer.

But away from laughing at the haplessness of whoever it was who had tried to deceive her into sending money meant to bail out her son to a thieving stranger…there is a serious point here.

Hi Mum scams are now the single biggest impersonation fraud

And that is the increasingly important question of how to verify whether someone is real or not quickly in these scenarios.

The fraud that was being attempted was of the type that has become known as a “Hi Mum” scam, a message-based fraud which has proliferated over the last couple of years.

Recent research by UK bank TSB suggests that scams like this – also known as ‘friends and family fraud‘ – now account for over half (53%) of all impersonation scams.

Because I work in the field of verification – confirming account users are who they say they are is one of TMT ID’s core functions – I’m often asked by people what preventative steps they can take in situations like this.

It’s easier to use tech to protect businesses than individuals

For our client companies, it’s easy for us to establish very quickly via the number such a message is sent from whether the user is likely to be a scammer or not.

We use live data gathered globally from telco companies to determine in a microsecond if a number is actually located where it purports to be, if it’s associated with fraud if its recent behaviours correspond with those it has exhibited in the longer past. And so on.

This kind of fraud assessment is invaluable to numerous organisations to determine who is real and who is fake – and to keep the latter off their platforms. But this service isn’t yet down-scalable to private individual users.

So what can they do?

Asking a question like a cat’s name can be surprisingly effective

Well, the answer is surprisingly close to what happened in this ‘Mittens?’ story: if someone from an unknown number claiming to be your son asks for money urgently then, yes, ask them the name of your cat.

Or your dog. Or your favourite ice cream flavour, your football team, your favourite Beatle. It doesn’t matter.

The point is to have a pre-agreed family safe word that you can ask for – or, better yet, to train members of your family to volunteer one without being asked. If time is short and they want you to believe them when they’ve been kidnapped or are borrowing a stranger’s phone in the street or whatever the scenario is, there could be no better way for them to very quickly convince you that what is happening is real, that this really is them, than by using a pre-agreed and recognised word.

It doesn’t matter what it is, as long as it’s something that everyone in your family group will recognise, remember and relate to – and something specific, something non-generic that a phishing scammer wouldn’t be able to guess.

A family safeword is no different to verification questions your bank asks

We are all familiar with the procedure from multiple online security set-ups when we are asked for a memorable word to support a log-in. A family safeword is just a variation on that. You can even see what many websites do to assist and provide a hint in the event that someone has forgotten it. But they must and should know the answer.

If they can text you a bank sort code to make a payment to them, they can answer when asked what their cat is called – and if they try to bluster around [as in the ‘ahahah’ response] then you know you’re being conned.

It’s simple, it’s homespun, it’s defiantly non-tech.

And in that regard, it’s the diametric opposite of what we at TMT ID do. But having your own family security procedure might just save you from being scammed: the name of a cat could stop the fraudsters in their tracks.