2016–2021 literary phishing thefts

Last updated

Between 2016 and 2021, multiple prepublication manuscripts were stolen via a phishing scheme that investigators believed were conducted by an industry insider or insiders. In 2022, the FBI arrested Filippo Bemardini, a 29-year-old Italian citizen living in London and working for Simon & Schuster. [1]

Contents

Background

Piracy in the publishing industry can have a negative impact on profits and royalties, and some industry professionals take extreme precautions with highly-anticipated releases. [2] [3] Translators for some books in The Da Vinci Code series were reported by Vulture to have been "required to work in a basement with security guards clocking trips to the bathroom". [2]

Phishing attempts

In 2016, individuals involved in the publishing industry as authors, editors, agents, and publishers reported successful attempts to coerce authors into emailing unpublished manuscripts to email addresses impersonating publishing professionals known to those authors. [4] The attempts were made by emailing from a domain name that resembled a legitimate one; the domain names were created using "common phishing techniques" such as using the letters "rn" to mimic the look of the letter "m" in an organizational name such as Macmillan, instead spelling it Macrnillan. [5] The emails ostensibly came from other publishing industry professionals who worked closely with the target on the manuscript in question. [2] [4] [5] [6] In 2020, a cybersecurity firm found that the thief or thieves had registered over 300 domain names, and that their own security measures were amateurish. [2] Some of the domains may have been paid for with stolen credit cards, according to Vulture. [2]

Many of the phishing attempts involved approaching multiple people involved in a particular book's release; in the case of The Girl Who Takes an Eye for an Eye, the phisher, impersonating the book's Italian translator, emailed the book's publisher and the author's agent within minutes of each other. [2]

The person or persons doing the phishing demonstrated familiarity with the industry and used jargon common within the industry. [4] [2] [6] In the case of The Man Who Chased His Shadow, an industry insider estimated that the number of people worldwide who knew the necessary details to know whom to impersonate and whom to approach was "only a few dozen." [2] The emails themselves seemed believable; one failed attempt was made on a William Morris Agency employee whose suspicions were raised only because 'her boss would never write "please" or "thank you"'. [4] An Israeli publisher became suspicious because the request came in Hebrew, which he does not use for work emails. [3] A literary agent found the emails so convincing they sent multiple manuscripts to the phisher over the course of seven months. [2]

In 2018, the Association of American Representatives warned its members of the phishing scams. [3]

During the coronavirus pandemic, the phishers became "more vicious", according to Vulture, telling one editor who thwarted a phishing attempt, "I hope you die of the Coronavirus." [2] They also started hiring translators to read and report on books they'd stolen, then disappearing when payment was due. [2] The thief also started impersonating the contacts of a journalist who was working on a story about the scam and conducting other online stalking of the journalist and a colleague of the journalist. [2] In the summer of 2020 they started also impersonating industry professionals in Hollywood. [2]

Motives

Motives for the phishing attacks were unclear. [2] None of the manuscripts were subsequently sold on the black market or dark web and no ransoms were asked. [4] [6] Speculation as to motive included talent scouts or others in the industry or in Hollywood seeking early access to anticipated releases, impatient readers wanting the book solely for their own use, or "pleasure in the act itself". [2] One IT professional speculated that portions of a highly-anticipated book might be used to convince readers to enter credit card information online. [2] One agent wondered if the motive could be to sell security software to those who had been targeted. [2] Hackers speculated that the attempts could be a low-risk training program for teaching hacking techniques. [2]

After the arrest, the New York Times wrote, "Early knowledge in a rights department could be an advantage for an employee trying to prove his worth. Publishers compete and bid to publish work abroad, for example, and knowing what’s coming, who is buying what and how much they’re paying could give companies an edge." [6] Other industry professionals were still puzzled, saying that early access to unpublished manuscripts would be of little benefit to a low-level foreign rights specialist like Bernardini. [7] Bernardini would claim that the motive behind the theft was in order to be professionally involved in the publishing industry, and wanted to have access to the manuscripts before anyone else was able to own them. [8]

Fallout

As news of the ongoing scam emails spread in the industry, many publishers increased their security measures to include even very obscure titles. [2]

The attacks surrounding Margaret Atwood's The Testaments were so determined and concerning that her agency delayed sharing the final manuscript with multiple publishers, which delayed the book's global release. [2]

Targets

Thefts or attempts were reported by representatives of Anthony Doerr, Jennifer Egan, Laila Lalami, Taffy Brodesser-Akner, Kevin Kwan, Joshua Ferris, Eka Kurniawan, Sally Rooney, Margaret Atwood, Hanna Bervoets, [9] Ethan Hawke, Ian McEwan, Bong Joon Ho, Michael J. Fox, and Kiley Reid, as well as unknown debut authors. [2] [4] [5] [7] In September 2020, a manuscript was stolen from a Pulitzer Prize-winning author, who according to Forbes has not been publicly identified. [4] Agencies and publishers in Taipei, Istanbul, Barcelona, Sweden and Israel were targeted. [3] [6] Vulture reported as of 2020 at least 200 companies in 30 countries had been targeted or impersonated. [2]

Arrest and charges

The FBI arrested Filippo Bemardini, a 29-year-old American citizen of Italian descent, upon landing at John F. Kennedy International Airport on January 5, 2022. [1] [4] [5] [6] He was charged with federal counts of wire fraud and aggravated identity theft. [4] [5] The Washington Post reported that Bernardini's LinkedIn profile listed London's Simon and Schuster as his employer. [5] Forbes reported he described himself in his profile as a "foreign rights management professional and a translator". [4] The company released a statement saying they were "shocked and horrified to learn today of the allegations of fraud and identity theft by an employee." [5]

Prosecutors with the US Department of Justice alleged that Bernardini had registered "more than 160" domain names similar to those used by legitimate publishers, literary agents, talent scouts, and other industry professionals in order to send emails from those domain names impersonating editors, agents, scouts, and other industry insiders in order to convince authors to send pre-publication manuscripts to him. [4] [5] Prosecutors also alleged Bemardini had stolen emails and passwords from industry employees. [5] Combined, the charges of fraud and identity theft are punishable in the US by up to 22 years. [5]

Bemardini pleaded not guilty on condition of surrendering his passport, submitting to electronic monitoring, and providing bail of US$300,000. [10]

Related Research Articles

<span class="mw-page-title-main">Scam</span> Attempt to defraud a person or group

A scam, or a confidence trick, is an attempt to defraud a person or group after first gaining their trust. Confidence tricks exploit victims using a combination of the victim's credulity, naivety, compassion, vanity, confidence, irresponsibility, and greed. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators at the expense of their victims ".

<span class="mw-page-title-main">Identity theft</span> Deliberate use of someone elses identity

Identity theft, identity piracy or identity infringement occurs when someone uses another's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term identity theft was coined in 1964. Since that time, the definition of identity theft has been legally defined throughout both the U.K. and the U.S. as the theft of personally identifiable information. Identity theft deliberately uses someone else's identity as a method to gain financial advantages or obtain credit and other benefits. The person whose identity has been stolen may suffer adverse consequences, especially if they are falsely held responsible for the perpetrator's actions. Personally identifiable information generally includes a person's name, date of birth, social security number, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's financial resources.

<span class="mw-page-title-main">Phishing</span> Form of social engineering

Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim navigates the site, and transverses any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of cybercrime.

<span class="mw-page-title-main">Internet fraud</span> Fraud or deception using the Internet

Internet fraud is a type of cybercrime fraud or deception which makes use of the Internet and could involve hiding of information or providing incorrect information for the purpose of tricking victims out of money, property, and inheritance. Internet fraud is not considered a single, distinctive crime but covers a range of illegal and illicit actions that are committed in cyberspace. It is differentiated from theft since, in this case, the victim voluntarily and knowingly provides the information, money or property to the perpetrator. It is also distinguished by the way it involves temporally and spatially separated offenders.

Email fraud is intentional deception for either personal gain or to damage another individual using email as the vehicle. Almost as soon as email became widely used, it began to be used as a means to defraud people, just as telephony and paper mail were used by previous generations.

A spoofed URL involves one website masquerading as another, often leveraging vulnerabilities in web browser technology to facilitate a malicious computer attack. These attacks are particularly effective against computers that lack up-to-date security patches. Alternatively, some spoofed URLs are crafted for satirical purposes.

Email spoofing is the creation of email messages with a forged sender address. The term applies to email purporting to be from an address which is not actually the sender's; mail sent in reply to that address may bounce or be delivered to an unrelated party whose identity has been faked. Disposable email address or "masked" email is a different topic, providing a masked email address that is not the user's normal address, which is not disclosed, but forwards mail sent to it to the user's real address.

<span class="mw-page-title-main">Romance scam</span> Confidence trick using romantic intentions

A romance scam is a confidence trick involving feigning romantic intentions towards a victim, gaining the victim's affection, and then using that goodwill to get the victim to send money to the scammer under false pretenses or to commit fraud against the victim. Fraudulent acts may involve access to the victim's money, bank accounts, credit cards, passports, Cash App, e-mail accounts, or national identification numbers; or forcing the victims to commit financial fraud on their behalf.

Voice phishing, or vishing, is the use of telephony to conduct phishing attacks.

Edward Forbes Smiley III is an American former rare map dealer and convicted art thief. He was found guilty in 2006 of stealing 97 rare maps originally valued at more than US$3 million, and sentenced to 42 months in prison.

A money mule, sometimes called a "smurfer", is a person who transfers money acquired illegally, such as by theft or fraud. Money mules transfer funds in person, through a courier service, or electronically, on behalf of others. Typically, the mule is paid for services with a small part of the money transferred. Money mules are often recruited on-line under the guise of legitimate employment, not aware that the money they are transferring is the product of crime. Similar techniques are used to transfer merchandise illegally.

Internet fraud prevention is the act of stopping various types of internet fraud. Due to the many different ways of committing fraud over the Internet, such as stolen credit cards, identity theft, phishing, and chargebacks, users of the Internet, including online merchants, financial institutions and consumers who make online purchases, must make sure to avoid or minimize the risk of falling prey to such scams.

<span class="mw-page-title-main">Credit card fraud</span> Financial crime

Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services or to make payment to another account, which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help financial institutions process card payments securely and reduce card fraud.

Social hacking describes the act of attempting to manipulate outcomes of social behaviour through orchestrated actions. The general function of social hacking is to gain access to restricted information or to a physical space without proper permission. Most often, social hacking attacks are achieved by impersonating an individual or group who is directly or indirectly known to the victims or by representing an individual or group in a position of authority. This is done through pre-meditated research and planning to gain victims’ confidence. Social hackers take great measures to present overtones of familiarity and trustworthiness to elicit confidential or personal information. Social hacking is most commonly associated as a component of “social engineering”.

<span class="mw-page-title-main">Carding (fraud)</span> Crime involving the trafficking of credit card data

Carding is a term of the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.

The Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the group, researchers have attributed many cyberattacks to them since 2010.

An IRS impersonation scam is a class of telecommunications fraud and scam which targets American taxpayers by masquerading as Internal Revenue Service (IRS) collection officers. The scammers operate by placing disturbing official-sounding calls to unsuspecting citizens, threatening them with arrest and frozen assets if thousands of dollars are not paid immediately, usually via gift cards or money orders. According to the IRS, over 1,029,601 Americans have received threatening calls, and $29,100,604 has been reported lost to these call scams as of March 2016. The problem has been assigned to the Treasury Inspector General for Tax Administration. Studies highlight that most victims of these scams are aged 20-29 years old and women are more affected than men. One way to decrease the risks of an individual falling victim to IRS impersonation scams is through awareness programs.

A SIM swap scam is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification in which the second factor or step is a text message (SMS) or call placed to a mobile telephone.

<span class="mw-page-title-main">Hollywood Con Queen scam</span> Scam perpetrated by Hargobind Punjabi Tahilramani

The "Con Queen" scam is a long-running and elaborate scam perpetrated by the so-called Hollywood Con Queen, an Indonesian impostor named Hargobind Punjabi Tahilramani who was eventually found and arrested. The con, which was successfully operated for several years, targets entertainment industry gig workers, who travel to Indonesia believing that they have been recruited to work on the production of a film or television show.

References

  1. 1 2 Cain, Sian (2022-01-06). "Literary mystery may finally be solved as man arrested for allegedly stealing unpublished books". The Guardian . Retrieved 2023-01-06.
  2. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 Wiedeman, Reeves (2021-08-17). "The Spine Collector". Vulture. Retrieved 2022-01-06.
  3. 1 2 3 4 Nawotka, Ed. "Phishing Scam Seeking Manuscripts Spreads Worldwide". PublishersWeekly.com. Archived from the original on 2018-10-16. Retrieved 2022-01-06.
  4. 1 2 3 4 5 6 7 8 9 10 11 Smith, Zachary Snowdon. "Man Swiped Unpublished Novels In Online Scam, FBI Alleges". Forbes. Retrieved 2022-01-06.
  5. 1 2 3 4 5 6 7 8 9 10 Peiser, Jaclyn (6 January 2022). "An elusive thief stole hundreds of book manuscripts in an online scam. The culprit is an industry insider, FBI says". Washington Post . ISSN   0190-8286 . Retrieved 2022-01-06.
  6. 1 2 3 4 5 6 Harris, Elizabeth A. (2022-01-05). "F.B.I. Arrests Man Accused of Stealing Unpublished Book Manuscripts". The New York Times. ISSN   0362-4331 . Retrieved 2022-01-06.
  7. 1 2 Wiedeman, Reeves (2022-01-05). "The Spine Collector Saga Isn't Over Yet". Vulture. Retrieved 2022-01-06.
  8. Sarah Shaffi (13 March 2023). "Book thief who stole more than 1,000 manuscripts 'wanted to cherish them before anyone else'". The Guardian. Retrieved March 13, 2023.
  9. Bervoets, Hanna (2021-06-04). "Iemand probeerde het manuscript van schrijver Hanna Bervoets te stelen, maar wie?". de Volkskrant (in Dutch). Retrieved 2022-01-06.
  10. "Simon & Schuster employee denies he stole bestseller manuscripts". BBC News . 2022-01-07. Retrieved 2022-01-09.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.