Publishing-related cyber scams have spiked in lockdown with the Rathbones Folio Prize losing £30,000 to an email fraudster, and at least three other awards targeted, The Bookseller can exclusively reveal. Meanwhile, publishers, agents and industry bodies say they have also experienced a rise in cyber attacks to secure author manuscripts.
The Rathbones Folio Prize money, worth £30,000, was sent to a scammer posing as the winning author last year, requesting payment by online payment system PayPal. Minna Fry, executive director of the Rathbones Folio Prize, told The Bookseller: “We can confirm that The Folio Academy Foundation was targeted by sophisticated cyber criminals in March 2020, which resulted in the loss of funds intended for the 2020 Rathbones Folio Prize winner Valeria Luiselli. The police were informed at the time, as were key industry colleagues.
"Our winner Valeria Luiselli was awarded her prize money in full, and the lost funds were absorbed by cost savings elsewhere within the charity. The Rathbones Folio Prize team is a small charity that operates independently of its sponsor, Rathbone Investment Management. Rathbones have supported us through this incident and helped us to put in place additional safeguarding measures.”
The news comes two-and-a-half years after The Bookseller first revealed incidences of phishing attempts in the literary community.
Other awards have similarly been targeted, including the £50,000 Baillie Gifford Prize last November. “Someone emailed the Baillie Gifford Prize pretending to be the 2020 winner Craig Brown and asked us to pay the prize money via PayPal,” a spokesperson said. “It was very obviously a hoax as the tone of the email was unlike Craig.”
The Forward Prizes for Poetry, worth between £1,000 and £10,000, also received a hoax email purporting to be from the winning poet following the award announcement in October 2020. “It was obviously not from our winner but it pretended to be her and asked for the prize money to be sent to a PayPal account," a Prize spokesperson said. "We reported the message to Action Fraud [the UK's national fraud reporting centre] and to PayPal. We also contacted the poet to let them know and emailed other poetry awards with large prizes to alert them to the scam.”
When the Society of Authors (SoA) was targeted last February, in relation to the translation prizes worth £10,000, awards manager Robyn Law was struck by the sophistication of the hoax email. “It was our first real incident of it. We had an email from someone pretending to be the winner, saying ‘I’m so thrilled to have won this prize, can you please send the money to this PayPal account?’ I was surprised by the level of sophistication of it. Whilst they’d misspelled it [the winner's name] on one occasion in the email it was quite an unusual spelling so I wonder if it had been a more usual one, they’d have got it correct. When we looked at it closer there were obviously weird things with the speech patterns and we don’t transfer to PayPal But it was more sophisticated than anything I’d seen in the past.”
Other recent variations in identity theft included a fake social media account for The Women’s Prize. “There was a fake Instagram account being set up using our branding but we have alerted our followers to this on Instagram and contacted the company regarding this account,” a spokesperson said. “It's a scam impersonating the prize to try to get our followers' details. It's pretending that people have won [competitions], requesting to follow them and sending them a link to disclose personal details.”
An SoA spokesperson also told The Bookseller that as well as the prize scams members have experienced incidents such as strange communications and missing payments, with a rise in these activities since March last year. Kate Pool, SoA senior adviser, believes the phishing attempts "can be very convincing". She wrote in Writing Magazine: “ If you are awarded any money, particularly if there is a public announcement about it, contact the administrators at an early stage and ask them to take rigorous precautions to ensure that they send the money to the right person.” She also cited a rise in other scams such as phishers posing as interested publishers of aspiring authors’ work to gain bank details as well as a member whose publishing payments were falsely diverted to a bogus bank account.
Many have been reluctant to speak openly on this sensitive issue. A spokesperson for the Swedish Academy, which oversees the Nobel Prize in Literature worth around nine million Swedish krona (£764,100), would not confirm or deny if it had experienced scam attempts but instead declined to comment.
As reported previously, The Booker Prize was targeted in 2019, in relation to Margaret Atwood’s The Testaments (Chatto) — with her agency Curtis Brown besieged with daily attacks — but said it has not been targeted in the last year. All the other major prizes who responded to approaches from The Bookseller confirmed they had not been targeted, with a few failing to respond.
Additionally, many literary agents and scouts continue to be plagued by requests for manuscripts throughout the pandemic, following on from the initial incidences as reported in 2018 during the Frankfurt Book Fair. The Bookseller recently spoke to around 12 agents and scouts, most of whom had experienced attempts in the last year or so.
Lizzy Kremer, agent at David Higham Associates (pictured left), told The Bookseller: “The issue hit us hard in 2020. Several valuable unpublished manuscripts were stolen by an anonymous person pretending to be agency colleagues, using email addresses with slight errors in them in order to imitate legitimate contacts. Our experience was that the criminal targeted specific books rather than randomly waiting for opportunities. They then made an onslaught of phishing and hacking on every person connected to the book in question, from the author through co-agents and publishers round the world.
"We also saw publishers abroad with less secure servers being hacked and our deal correspondence being interrupted and co-opted. The reason everyone is receiving email right now carrying the advisory, ‘This email comes from outside your organisation’, is to alert you to when someone has adopted the identity of a colleague. People should also be aware that, once you have mistakenly responded to a benign email from a phisher, the ‘wrong’ email address might enter your email address system and it starts to be auto-completed by your software when you start to write emails.”
She added: “In my view the person behind these criminal acts is acting as an illegitimate scout: they are obtaining unpublished work early and selling those works to one or more high bidders who are eager to pay for early access." Most of those who spoke to The Bookseller said they had no idea of who the culprits could be — though many believe the culprits could be from within the industry — and some agreed with Kremer's theory.
Karolina Sutton of Curtis Brown (pictured right) agreed the cyber warfare has remained a challenge over lockdown. “The cyber attacks continue to plague us but we are devising strategies to counter them. It feels a bit Cold War at times as we work on innovative new methods to protect manuscripts — think microfilms in secret pocket compartments.”
Literary scout Lucy Abrahams has found the situation to be significantly widespread in publishing."It has happened to so, so many people. I can hardly think of a scout, agent, co-agent or publisher who hasn't been affected." She was impersonated by a cyber criminal who requested manuscripts from her clients. “When I called GoDaddy [internet domain registrar], who host [the scammer’s] domains, they said they couldn't reveal who registered the domains and it took forever to convince them to shut it down and the perpetrator just created a new one a few weeks later. It's a case of whack-a-mole."
“Scouting is all based on trust and confidentiality so it's made it more difficult for me to ask people to send me things because it shook people’s confidence in the safety of doing so and agents have had to tighten their security making it harder for all of us to do our work.
The attempted thefts do not just focus on big name authors published in the UK or US. An anonymous scout in the US said: “I have been impersonated by someone pretending to ask foreign rights agents for unpublished material that had recently been posted on Publisher's Marketplace. It was mostly fiction from US authors, but also one title in Hebrew. Now I try to write more personal emails when requesting manuscripts so people on the other end will recognise me hopefully. And there are definitely more manuscripts around that are only accessible through NDA's [non-disclosure agreements].”
A London-based literary agent told The Bookseller: “I think the whole industry has to be educated on how easily this can now happen. There need to be guidelines for employees at publishing houses, literary agencies and even for authors themselves.”
Publishers have also seen a rise in cyber scams during lockdown with Penguin Random House UK planning a new senior role to address this. "Within PRH we are committed to a programme of increasing our security awareness and we are currently recruiting for a new permanent position to lead on this going forwards," Deborah Haworth, director of information security at PRH UK, said. "Not only do we provide information security training for all employees but we also issue regular articles to keep them updated on the latest scams and threats, including a series on how to protect themselves and their families’ cyber security at home. As a leader in the publishing ecosystem we also work with our key suppliers to help them improve their cyber security as well."
The Bookseller understands at least one major US publisher has issued a set of guidelines to prevent cyber theft for its authors. The scale of the issue in America has been referred to the FBI, several trade figures told The Bookseller, although the FBI declined to comment.
Individuals who have fallen foul of phishing scams should alert their bank or card provider, according to the SoA which has information on this issue. They should also report the crime to Action Fraud and to the Financial Conduct Authority. For more information on identity theft, visit Money Advice Trust.
- Rathbones Folio expands mentorships and reveals recovery from £30k cyber theft
- Rathbones Folio Prize increases prize money to £30,000
- Costa Book Awards and RSL targeted by cyber criminals as publishers up security
- Antrobus becomes first poet to win Rathbones Folio Prize
- Carmen Maria Machado takes £30,000 Rathbones Folio Prize