2016–2021 literary phishing thefts

Last updated

Between 2016 and 2021 multiple prepublication manuscripts were stolen via a phishing scheme that investigators believed were conducted by an industry insider or insiders. In 2022, the FBI arrested Filippo Bernardini, a 29-year-old Italian citizen living in London and working for Simon & Schuster. [1]

Contents

Background

Piracy in the publishing industry can have a negative impact on profits and royalties, and some industry professionals take extreme precautions with highly-anticipated releases. [2] [3] Translators for some books in The Da Vinci Code series were reported by Vulture to have been "required to work in a basement with security guards clocking trips to the bathroom". [2]

Phishing attempts

In 2016, individuals involved in the publishing industry as authors, editors, agents, and publishers reported successful attempts to coerce authors into emailing unpublished manuscripts to email addresses impersonating publishing professionals known to those authors. [4] The attempts were made by emailing from a domain name that resembled a legitimate one; the domain names were created using "common phishing techniques" such as using the letters "rn" to mimic the look of the letter "m" in an organizational name such as Macmillan, instead spelling it Macrnillan. [5] The emails ostensibly came from other publishing industry professionals who worked closely with the target on the manuscript in question. [2] [4] [5] [6] In 2020, a cybersecurity firm found that the thief or thieves had registered over 300 domain names, and that their own security measures were amateurish. [2] Some of the domains may have been paid for with stolen credit cards, according to Vulture. [2]

Many of the phishing attempts involved approaching multiple people involved in a particular book's release; in the case of The Girl Who Takes an Eye for an Eye, the phisher, impersonating the book's Italian translator, emailed the book's publisher and the author's agent within minutes of each other. [2]

The person or persons doing the phishing demonstrated familiarity with the industry and used jargon common within the industry. [4] [2] [6] In the case of The Man Who Chased His Shadow, an industry insider estimated that the number of people worldwide who knew the necessary details to know whom to impersonate and whom to approach was "only a few dozen." [2] The emails themselves seemed believable; one failed attempt was made on a William Morris Agency employee whose suspicions were raised only because 'her boss would never write "please" or "thank you"'. [4] An Israeli publisher became suspicious because the request came in Hebrew, which he does not use for work emails. [3] A literary agent found the emails so convincing they sent multiple manuscripts to the phisher over the course of seven months. [2]

In 2018, the Association of American Representatives warned its members of the phishing scams. [3]

During the coronavirus pandemic, the phishers became "more vicious", according to Vulture, telling one editor who thwarted a phishing attempt, "I hope you die of the Coronavirus." [2] They also started hiring translators to read and report on books they'd stolen, then disappearing when payment was due. [2] The thief also started impersonating the contacts of a journalist who was working on a story about the scam and conducting other online stalking of the journalist and a colleague of the journalist. [2] In the summer of 2020 they started also impersonating industry professionals in Hollywood. [2]

Motives

Motives for the phishing attacks were unclear. [2] None of the manuscripts were subsequently sold on the black market or dark web and no ransoms were asked. [4] [6] Speculation as to motive included talent scouts or others in the industry or in Hollywood seeking early access to anticipated releases, impatient readers wanting the book solely for their own use, or "pleasure in the act itself". [2] One IT professional speculated that portions of a highly-anticipated book might be used to convince readers to enter credit card information online. [2] One agent wondered if the motive could be to sell security software to those who had been targeted. [2] Hackers speculated that the attempts could be a low-risk training program for teaching hacking techniques. [2]

After the arrest, the New York Times wrote, "Early knowledge in a rights department could be an advantage for an employee trying to prove his worth. Publishers compete and bid to publish work abroad, for example, and knowing what’s coming, who is buying what and how much they’re paying could give companies an edge." [6] Other industry professionals were still puzzled, saying that early access to unpublished manuscripts would be of little benefit to a low-level foreign rights specialist like Bernardini. [7] Bernardini would claim that the motive behind the theft was in order to be professionally involved in the publishing industry, and wanted to have access to the manuscripts before anyone else was able to own them. [8]

Fallout

As news of the ongoing scam emails spread in the industry, many publishers increased their security measures to include even very obscure titles. [2]

The attacks surrounding Margaret Atwood's The Testaments were so determined and concerning that her agency delayed sharing the final manuscript with multiple publishers, which delayed the book's global release. [2]

Targets

Thefts or attempts were reported by representatives of Anthony Doerr, Jennifer Egan, Laila Lalami, Taffy Brodesser-Akner, Kevin Kwan, Joshua Ferris, Eka Kurniawan, Sally Rooney, Margaret Atwood, Hanna Bervoets, [9] Ethan Hawke, Ian McEwan, Bong Joon Ho, Michael J. Fox, and Kiley Reid, as well as unknown debut authors. [2] [4] [5] [7] In September 2020, a manuscript was stolen from a Pulitzer Prize-winning author, who according to Forbes has not been publicly identified. [4] Agencies and publishers in Taipei, Istanbul, Barcelona, Sweden and Israel were targeted. [3] [6] Vulture reported as of 2020 at least 200 companies in 30 countries had been targeted or impersonated. [2]

Arrest and charges

The FBI arrested Filippo Bernardini, a 29-year-old Italian citizen living in London, upon landing at John F. Kennedy International Airport on January 5, 2022. [1] [4] [5] [6] He was charged with federal counts of wire fraud and aggravated identity theft. [4] [5] The Washington Post reported that Bernardini's LinkedIn profile listed London's Simon and Schuster as his employer. [5] Forbes reported he described himself in his profile as a "foreign rights management professional and a translator". [4] The company released a statement saying they were "shocked and horrified to learn today of the allegations of fraud and identity theft by an employee." [5]

Prosecutors with the US Department of Justice alleged that Bernardini had registered "more than 160" domain names similar to those used by legitimate publishers, literary agents, talent scouts, and other industry professionals in order to send emails from those domain names impersonating editors, agents, scouts, and other industry insiders in order to convince authors to send pre-publication manuscripts to him. [4] [5] Prosecutors also alleged Bernardini had stolen emails and passwords from industry employees. [5] Combined, the charges of fraud and identity theft are punishable in the US by up to 22 years. [5]

Bernardini pleaded not guilty on condition of surrendering his passport, submitting to electronic monitoring, and providing bail of US$300,000. [10]

Related Research Articles

<span class="mw-page-title-main">Advance-fee scam</span> Type of confidence trick fraud

An advance-fee scam is a form of fraud and is one of the most common types of confidence tricks. The scam typically involves promising the victim a significant share of a large sum of money, in return for a small up-front payment, which the fraudster claims will be used to obtain the large sum. If a victim makes the payment, the fraudster either invents a series of further fees for the victim to pay or simply disappears.

<span class="mw-page-title-main">Identity theft</span> Deliberate use of someone elses identity, usually as a method to gain a financial advantage

Identity theft occurs when someone uses another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term identity theft was coined in 1964. Since that time, the definition of identity theft has been statutorily defined throughout both the U.K. and the U.S. as the theft of personally identifiable information. Identity theft deliberately uses someone else's identity as a method to gain financial advantages or obtain credit and other benefits, and perhaps to cause other person's disadvantages or loss. The person whose identity has been stolen may suffer adverse consequences, especially if they are falsely held responsible for the perpetrator's actions. Personally identifiable information generally includes a person's name, date of birth, social security number, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's financial resources.

Domain hijacking or domain theft is the act of changing the registration of a domain name without the permission of its original registrant, or by abuse of privileges on domain hosting and registrar software systems.

<span class="mw-page-title-main">Phishing</span> Attempt to trick a person into revealing information

Phishing is a form of social engineering where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Centre reporting more incidents of phishing than any other type of computer crime.

Sender Policy Framework (SPF) is an email authentication method which ensures the sending mail server is authorized to originate mail from the email sender's domain. This authentication only applies to the email sender listed in the "envelope from" field during the initial SMTP connection. If the email is bounced, a message is sent to this address, and for downstream transmission it typically appears in the "Return-Path" header. To authenticate the email address which is actually visible to recipients on the "To:" line, other technologies such as DMARC must be used. Forgery of this address is known as email spoofing, and is often used in phishing and email spam.

<span class="mw-page-title-main">Social engineering (security)</span> Psychological manipulation of people into performing actions or divulging confidential information

In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. It has also been defined as "any act that influences a person to take an action that may or may not be in their best interests."

<span class="mw-page-title-main">Email fraud</span> Deception through email, made for personal gain or to damage another individual

Email fraud is intentional deception for either personal gain or to damage another individual by means of email. Almost as soon as email became widely used, it began to be used as a means to defraud people. Email fraud can take the form of a "con game", or scam. Confidence tricks tend to exploit the inherent greed and dishonesty of its victims. The prospect of a 'bargain' or 'something for nothing' can be very tempting. Email fraud, as with other 'bunco schemes,' usually targets naive individuals who put their confidence in schemes to get rich quickly. These include 'too good to be true' investments or offers to sell popular items at 'impossibly low' prices. Many people have lost their life savings due to fraud.

A spoofed URL describes one website that poses as another website. It often applies a mechanism that exploits bugs in web browser technology, allowing a malicious computer attack. Such attacks are most effective against computers that lack recent security patches. Others are designed for the purpose of a parody.

<span class="mw-page-title-main">Email spoofing</span> Creating email spam or phishing messages with a forged sender identity or address

Email spoofing is the creation of email messages with a forged sender address. The term applies to email purporting to be from an address which is not actually the sender's; mail sent in reply to that address may bounce or be delivered to an unrelated party whose identity has been faked. Disposable email address or "masked" email is a different topic, providing a masked email address that is not the user's normal address, which is not disclosed, but forwards mail sent to it to the user's real address.

Voice phishing, or vishing, is the use of telephony to conduct phishing attacks.

A money mule, sometimes called a "smurfer", is a person who transfers money acquired illegally in person, through a courier service, or electronically, on behalf of others. Typically, the mule is paid for services with a small part of the money transferred. Money mules are often dupes recruited on-line for what they think is legitimate employment, not aware that the money they are transferring is the product of crime. The money is transferred from the mule's account to the scam operator, typically in another country. Similar techniques are used to transfer illegal merchandise.

Internet fraud prevention is the act of stopping various types of internet fraud. Due to the many different ways of committing fraud over the Internet, such as stolen credit cards, identity theft, phishing, and chargebacks, users of the Internet, including online merchants, financial institutions and consumers who make online purchases, must make sure to avoid or minimize the risk of falling prey to such scams.

Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services or to make payment to another account, which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help financial institutions process card payments securely and reduce card fraud.

Book store shoplifting is a problem for book sellers and has sometimes led stores to keep certain volumes behind store counters.

<span class="mw-page-title-main">Carding (fraud)</span> Crime involving the trafficking of credit card data

Carding is a term describing the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.

Cryptocurrency and crime describes notable examples of cybercrime related to theft of cryptocurrencies and some of the methods or security vulnerabilities commonly exploited. Cryptojacking is a form of cybercrime specific to cryptocurrencies that has been used on websites to hijack a victim's resources and use them for hashing and mining cryptocurrencies.

A SIM swap scam is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification in which the second factor or step is a text message (SMS) or call placed to a mobile telephone.

<span class="mw-page-title-main">Hollywood Con Queen scam</span>

The "Con Queen" scam is a long-running and elaborate scam perpetrated by the so-called Hollywood Con Queen, an Indonesian impostor named Hargobind Punjabi Tahilramani who was eventually found and arrested. The con, which was successfully operated for several years, targets entertainment industry gig workers, who travel to Indonesia believing that they have been recruited to work on the production of a film or television show.

OpenSea is an American non-fungible token (NFT) marketplace headquartered in New York City. The company was founded by Devin Finzer and Alex Atallah in 2017.

References

  1. 1 2 Cain, Sian (2022-01-06). "Literary mystery may finally be solved as man arrested for allegedly stealing unpublished books". The Guardian . Retrieved 2023-01-06.
  2. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 Wiedeman, Reeves (2021-08-17). "The Spine Collector". Vulture. Retrieved 2022-01-06.
  3. 1 2 3 4 Nawotka, Ed. "Phishing Scam Seeking Manuscripts Spreads Worldwide". PublishersWeekly.com. Archived from the original on 2018-10-16. Retrieved 2022-01-06.
  4. 1 2 3 4 5 6 7 8 9 10 11 Smith, Zachary Snowdon. "Man Swiped Unpublished Novels In Online Scam, FBI Alleges". Forbes. Retrieved 2022-01-06.
  5. 1 2 3 4 5 6 7 8 9 10 Peiser, Jaclyn (6 January 2022). "An elusive thief stole hundreds of book manuscripts in an online scam. The culprit is an industry insider, FBI says". Washington Post . ISSN   0190-8286 . Retrieved 2022-01-06.
  6. 1 2 3 4 5 6 Harris, Elizabeth A. (2022-01-05). "F.B.I. Arrests Man Accused of Stealing Unpublished Book Manuscripts". The New York Times. ISSN   0362-4331 . Retrieved 2022-01-06.
  7. 1 2 Wiedeman, Reeves (2022-01-05). "The Spine Collector Saga Isn't Over Yet". Vulture. Retrieved 2022-01-06.
  8. Sarah Shaffi. "Book thief who stole more than 1,000 manuscripts 'wanted to cherish them before anyone else'". The Guardian. Retrieved March 13, 2023.
  9. Bervoets, Hanna (2021-06-04). "Iemand probeerde het manuscript van schrijver Hanna Bervoets te stelen, maar wie?". de Volkskrant (in Dutch). Retrieved 2022-01-06.
  10. "Simon & Schuster employee denies he stole bestseller manuscripts". BBC News . 2022-01-07. Retrieved 2022-01-09.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.