Cybersecurity Tips to Avoid Scams Targeting Your Author Business
Scams became much more prevalent with the widespread use of the internet, and as perpetrators grow more sophisticated and continue to update their tactics, it’s no longer just the technologically un-savvy who are falling victim. Cybersecurity professionals categorize many of these scams with the term “phishing,” and these scams are sadly increasing—according to a 2023 report by Zscaler, with a year-over-year increase of nearly 50 percent.
Common email scams can target banking or retail customers—“log in or your account will be closed”—that aim to steal passwords. Other scams demand the receiver submit private data to a malicious website. In my twenty years of working in cybersecurity, I’m seeing more email scams than ever before specifically target authors and other creative businesspeople. Here are some of the latest examples—and how to recognize them.
Scams targeting your livelihood
As indie authors, we’ve all heard the horror stories of authors who say their Amazon or Facebook business accounts were canceled for no reason. As it’s difficult to get the “real reason” behind these disappearing accounts out of the parent companies, many indie authors live in fear of this happening to them. So when emails appear stating the recipient has violated terms or service and will have their account canceled unless they respond immediately, it’s natural for authors to react.
Unfortunately, many authors have fallen victim to giving their Amazon or Facebook username and password—or even payment and banking information—to the perpetrators of these scams. With your Amazon information, scammers can often access your credit card information or send tens of thousands of dollars of merchandise, with you paying for it. With your Facebook information, scammers can access your contact list, making it easier to scam your friends and family or to implement Facebook Marketplace scams under your name.
Scams targeting payment for your work
Several years ago, an email “deposit-and-return” scam became popular where the scammer would try to convince a victim to send a few hundred dollars in order to receive a larger payout. Often, the scammer would tell the victim a sad story over email—often mentioning a large amount of money the scammer can’t access—but promise a larger payout in return for a payment that would allow them to access the large amount of money. The larger payment never materializes.
Today, that scam has evolved into a fake purchase of creative assets. These scams generally work like this: the scammer will request licensing of an author or artist’s story or artwork for several thousand dollars for a project or workshop. The payment will then be made with a cashier’s check or another non-cash method. Immediately afterward, the scammer will send a communication canceling the project and will request a refund of the money. The author or artist might send back the money before the cashier’s check, or other payment type, clears their bank, only to discover later that the check was fake—and they’re out several thousand dollars.
Over the last few years, many authors have received scam emails from a variety of real Hollywood movie studios, literary agencies, and publishers, using the names of real employees at the business, telling the author their book has big potential for a movie, a publication deal, or something similar. The first email often simply asks for a reply. If the author replies, the scammer then sends a variety of paid offers for services to turn the book into a screenplay, a treatment, a professional synopsis—all for thousands of dollars. These scammers take the money and disappear.
How to spot these scams
No matter the target audience of an email scam, most of them have several of the following factors in common:
- uses a business name that is trusted, crucial to your business, or both, such as Amazon, Facebook/Meta, TriStar Pictures, or PayPal;
- expresses a sense of urgency, especially for threats to cancel your Amazon or Facebook ads accounts;
- generic greeting or non-specific references to your books;
- a “from” email address close to—but not a match—with the official business; or
- an email that invites you to click on a link to fix the issue.
Well-established companies are often victims of these scams and employ enterprise-level software solutions, often for tens or hundreds of thousands of dollars, to prevent these scam emails from reaching their users. As indie authors, we’re not in a position to implement these larger security solutions, so vigilance has to be our first defense.
Therefore, experts suggest you look for the following items to minimize the risk of falling victim to one of these scams:
- Look at the “from” email address. If it isn’t from a domain name matching the business, there’s a high probability that it’s a scam. For example, “tristar-pictures-inc@gmail.com” was a scam sender in a scam email to get a movie made of an unspecified book. The company logo in the header or email isn’t proof of anything genuine.
- If there’s a link in the email, move your mouse over the link, but do not click. After a second or two, a URL will appear—and if it’s a scam, the URL will not match a real Amazon or Facebook or Paramount Pictures link.
- Is there a lack of specificity? Genuine emails will never say “Dear customer” or “Dear ma’am or sir.” Requests to turn your book into a movie will specify which book the company is interested in—not refer to it as “your book.”
- Even if the link looks real, never click on a link inside an email to enter your username and password or update your payment information. Instead, exit your email program and log in directly to your Amazon KDP account or Meta Business Suite if you are worried there’s an issue.
- If you receive a one-time passcode on your phone but didn’t request it, do not provide it to anyone over the phone or via text.
- Check it out—outside of email. Call someone at the organization (using a phone number that’s NOT in the email). Search on scam-reporting sites like Writer Beware; an experience just like yours may have been identified as a scam.
Other scams
Email scams that install malware, keyloggers, or viruses on your computer when you click on a link are common, though not usually targeted specifically at authors. Predatory “vanity publishers” will request thousands of dollars from writers in order to publish their book, then expend minimum effort in editing, cover design, and marketing. Similarly, some companies offer author-unfriendly terms for serialized fiction that leave little if any money for the author—and can lock them in for years. Although not the same as the email phishing scams described here, these bad business practices can correctly be called “scams” as well, and Writer Beware has excellent advice on recognizing and avoiding these businesses; an article summarizing 2023’s biggest scams and issues is particularly impactful.
What if you fall victim to a scam?
Time isn’t your friend if you’ve been a victim. First, contact any financial institution that may have been affected and report possible fraud. There is a chance you may not be held responsible for fraudulent transactions, but this depends on the transaction. Change any potentially compromised passwords. If you suspect malware has been installed on your machine, disconnect or power down your device, and contact a professional who deals with malware.
If you’ve disclosed credit card or banking information, or potentially given scammers access to this information via a separate account, you may need to cancel your debit and credit cards, as well as freeze your credit. In the USA, you must freeze your credit with all three credit reporting agencies: Experian, Equifax, and TransUnion.
Many countries offer places to report fraud and scams. In the USA, scam emails can be reported to reportphishing@apwg.org, and victims can report to the Federal Trade Commission (https://FTC.gov/complaint).
Resources
- Defining and avoiding phishing scams: https://webroot.com/us/en/resources/tips-articles/what-is-phishing
- The U.S. Federal Trade Commission’s advice on avoiding online scams: https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
- The prevalence and impact of phishing attacks: https://blog.checkpoint.com/2023/01/23/brand-phishing-report-q4-2022/
- Author-specific advice and resources on avoiding scams of all kinds: https://writerbeware.blog/