Shining a bright light into the dark corners of the shadow-world of literary scams, schemes, and pitfalls. Also providing advice for writers, industry news, and commentary. Writer Beware® is sponsored by the Science Fiction and Fantasy Writers of America, Inc.

December 22, 2020

Spooky Phishing Scam Targets Traditionally-Published Writers

 
Posted by Victoria Strauss for Writer Beware®

The New York Times has published the story of a strange international phishing scam: unknown actors targeting traditionally-published writers, posing as their agents or editors to obtain copies of their unpublished manuscripts.
Earlier this month, the book industry website Publishers Marketplace announced that Little, Brown would be publishing “Re-Entry,” a novel by James Hannaham about a transgender woman paroled from a men’s prison. The book would be edited by Ben George.

Two days later, Mr. Hannaham got an email from Mr. George, asking him to send the latest draft of his manuscript. The email came to an address on Mr. Hannaham’s website that he rarely uses, so he opened up his usual account, attached the document, typed in Mr. George’s email address and a little note, and hit send.

“Then Ben called me,” Mr. Hannaham said, “to say, ‘That wasn’t me.’”

Mr. Hannaham was just one of countless targets in a mysterious international phishing scam that has been tricking writers, editors, agents and anyone in their orbit into sharing unpublished book manuscripts. It isn’t clear who the thief or thieves are, or even how they might profit from the scheme. High-profile authors like Margaret Atwood and Ian McEwan have been targeted, along with celebrities like Ethan Hawke. But short story collections and works by little-known debut writers have been attacked as well, even though they would have no obvious value on the black market.
The phisher, or phishers, employ clever tactics like inserting or transposing letters in official-looking email addresses (like "penguinrandornhouse.com" instead of "penguinrandomhouse.com") and masking the addresses so they only show when the recipient hits "Reply". They know how publishing works and appear to have access to inside information, utilizing not just public sources like acquisition announcements in trade publications, but details that are harder to uncover: writers' email addresses, their relationships with agents and editors, delivery and deadline dates, even details of the manuscripts themselves. 

And they are ramping up their operations. According to the Times, the scam began appearing "at least" three years ago, but in the past year "the volume of these emails has exploded in the United States."

So what's the endgame? Publishing people are stumped. Manuscripts by high-profile authors have been targeted, but also less obviously commercial works: debut novels by unknowns, short story collections, experimental fiction. The manuscripts don't wind up on the black market, as far as anyone can tell, and don't seem to be published online. There have been no ransom demands or other attempts at monetization. 
One of the leading theories in the publishing world, which is rife with speculation over the thefts, is that they are the work of someone in the literary scouting community. Scouts arrange for the sale of book rights to international publishers as well as to film and television producers, and what their clients pay for is early access to information — so an unedited manuscript, for example, would have value to them.
I heard about the scam a couple of months ago, from an author who was targeted after their forthcoming book was announced on Publishers Marketplace. What they reported to me tracks with the information above, including the credible approach by what appeared to be the writer's own editor or agent (complete with authentic-looking email signature), a credible excuse for why they wanted the writer to send the manuscript again, and the altered sending address. The writer did send the ms., and didn't discover until they talked to their agent that they'd been tricked.

Penguin Random House and Simon & Schuster have sent out warnings, as have agents, one of whom offers this helpful advice:
If you receive an email requesting sensitive information or items (manuscripts, contracts, etc.) to be sent via email, or to follow a link to sign a document, please consider the following steps:

1. Carefully inspect the sender’s email address. Ensure the person’s name is spelled correctly and, most importantly, that the company’s domain name (which is located after the @ symbol in an email address) is spelled correctly.

2. Call the supposed sender to verify that the items/information requested in the email are legitimate.

3. Do not reply to the email. Message headers can look real but have hidden text triggered when “reply” is hit. Instead, start a separate email chain with the sender asking if they did, in fact, request that item/information from you.

4. Carefully look at the email header, which contains detailed information about the email – where it came from, who it was sent to, date, time, subject, etc.
To be clear, there's no connection here with the crude agent and publisher impersonation scams I've been writing about for the last year or so. This is a sophisticated scheme by a person or persons familiar with the publishing industry (including its lingo) who understands the ins and outs of acquisition and production and has access to inside information. There's also no obvious monetary angle--unlike the impersonation scams I've previously reported, where the whole point is to screw as many thousands of dollars out of unsuspecting writers as possible.

More reporting at Jezebel.

8 comments :

Tonya L said...

I remember hearing about "books" that seemed to be generated by bots and taking whole sections of separate novels and pieces of fiction, and smashing them together

Perhaps they're trying to refine these 'bots'?

(shrug)

Petrea Burchard said...

I just heard about this yesterday. It's a great mystery and I want to know how it turns out. But I feel for those writers. That's an awful kind of theft.

Unknown said...

Thank you for this informative article! It is a mystery, but I had one of my unfinished fanfics stolen in its entirety and reposted, with the thief even putting a "copyright" on it (dated years after I'd first posted it on ff.net) so I guess I shouldn't be surprised by anything anymore.

Raymond Dale said...

How deep is this "Swamp" in the publishing world with these "Things" that creep and crawl in and out of this polluted " Swamp." What a corrupt world we live in. I find it hard to trust, that is why i have not published other books I had finished several years ago. I have written to people in high places about these professional Swampy Crooks, only to receive deafening silence about injustices in our publishing world. Who do you turn to in this uncaring world about these Swamp sharks. Thank God for People Victoria of Writer Beware.
Raymond Dale

Mark Ellis said...

Received an email similar to this a few months ago, regarding a graphic novel of mine published a short time before by UK publisher. Because the sender's address was misspelled, it came into my spam folder and I didn't see it for a while. I quickly deleted it and blocked the sender. I didn't realize it was a "thing".

Suzanne Newnham said...

Timely reminder - thanks. I had sent a few emails to various publishers who have responded using the title, however a few days ago I received an email and checked the e-address which seemed legit, but something was still niggling. In a generic worded email it just referred to 'your book' instead of its title.
In the past I have googled for the sender's website and if it is a genuine site I have sent a message via the Contact page - sometimes the return email to the Contact message I have received is genuine so I reply as normal; but there have been occasions when I have got a "not us" response so I block as spam the sender of the original email.

Valda DeDieu said...

Part of being an author is paranoia. Your imagination works and so, tells you all that's possible and therefore, you take measures to prevent it. Authors should, when possible, own their own domain. Further, keep rigorous records regarding origination/content of your works, should there be a dispute.

Lastly, when looking for an agent, look up their record/email address/contact info online and double-check it before initiating contact. It's a simple thing to call a publishing house and simply ask if a particular agent still works for them, then verify the email addy. Use a public email to contact agents, BUT, give them a private email to reply to you. Always communicate with them from that private email once a dialogue is established.

Your email to the public (your fans, critics, and on your blog, social media) should be different from the email used for your agent and that too, should be different from the email used for banking, etc.

This will alert you -- and them -- should an impersonator attempt fraud using your identity. Prevention is always easier and better, than cure.

Anonymous said...

You might want to check https://inspiriumconsultancy.com/

The company is owned by a certain Mike Ramsey AKA Mike Gornz from the phils. In asia, We got scammed and was told that John Sacchi is interested with our book and he is an executive in Lions Gate. He made a skype call through us pretending to be John Sacchi.we paid $12,000.

 
Design by The Blog Decorator