Mysterious phishing scam targets authors' first drafts

Here's a weird one: For the the last three years, a phishing scam has been targeting authors of fiction, getting them to cough up copies of their new manuscripts.

The scammers have been sending emails to authors — ones like Margaret Atwood, Ian McEwan and James Hannahan — pretending to be from the author's editor or an agent, and asking to see a copy of their latest manuscript.

Whoever's doing it is fluent in publishing lingo; the emails are apparently quite convincing. And since they're emailing authors who are still working on their next book, whoever's doing it would appear to also know the lay of the land in publishing — i.e. they know that an author is working on a new short story collection, or whatever. These aren't your standard mangled appeals from a far-off prince cruelly deposed by his nephew.

Two things are particularly strange:

a) they're not just targeting high-name authors, but also "little-known debut authors", and

b) the manuscripts aren't being leaked for sale on the black market. So, what's the motive here?

The New York Times has the story:

"The real mystery is the endgame," said Daniel Halpern, the founder of Ecco, who has been the recipient of these emails and has also been impersonated in them. "It seems like no one knows anything beyond the fact of it, and that, I guess you could say, is alarming." [snip]

In the past, cybercriminals who lifted Hollywood scripts and screenplays turned a profit by posting them online and charging impatient fans fees to access them. In 2014, someone posted Quentin Tarantino's script for "The Hateful Eight" online, and it eventually found its way to Gawker. Mr. Tarantino threatened to end production before it had even begun. Oren Peli, the screenwriter behind the "Paranormal Activity" film franchise, saw his script outlines end up on the internet.

None of that seems to be happening with the stolen book manuscripts. Apparently nobody has posted them online out of spite or tried to entice eager fans to turn over their credit card information in exchange for an early glimpse. There have been no ransom demands of the authors by extortionists threatening to dump the authors' years of work online if they don't pay up. In this absence, and with no clear monetization strategy to the thief's or thieves' efforts, cybersecurity experts have been left scratching their heads.

Go read the entire piece here — lots more strange detail!

(That CC-2.0-licensed photo of a typewriter courtesy Marco Verch on Flickr)