Naked Security Naked Security

Literary-minded phishers are trying to pilfer publishers’ manuscripts

In a twist on Business Email Compromise, they're spoofing literary agents and going after manuscripts at Penguin Random House and Pan Macmillan.

A scammer has been trying to steal manuscripts by spoofing their email address to make it look like messages are coming from literary agent Catherine Eccles, owner of the international scouting agency Eccles Fisher.
The scammer is targeting literary agencies, asking for manuscripts, authors’ details and other confidential material, as the industry publication the Bookseller reported on Thursday.
The attack on Eccles Fisher is just part of a broader, global spate of phishing attacks that’s prompted Penguin Random House (PRH) North America to issue an urgent warning to all staff just as the five-day Frankfurt Book Fair began, the Bookseller then reported on Friday.
PRH sent the warning to staff on Wednesday, when the book fair began. The email warned that…

We have recently seen an increase in attempts to steal our manuscripts. This has occurred in multiple locations across the globe. The individuals attempting to access these manuscripts have a sophisticated understanding of our business. We need to protect ourselves from these threats.

At least some of the emails look like they’re coming from a genuine Eccles account, including with the owner’s signature. But as is typical of spoofed email, the reply-to email address is going to a different domain with a slightly altered address, the Bookseller reports.


PRH confirmed the warning message, saying that publishing is like any business these days in that its employees have to recognize and avoid falling for such come-ons:

Like all companies, Penguin Random House takes all reports of phishing activity and email scams seriously and, when appropriate, notifies its employees to recognise and prevent such attempts. Employee awareness and training … is a critical component of our company’s cybersecurity program.

Besides PRH North America, the phishers are reportedly also going after PRH UK, Pan Macmillan and another global publisher that the Bookseller didn’t identify. Similarly, the scammers targeting the other publishers are hiding behind legitimate-looking, spoofed email addresses, purportedly sent by literary agents and foreign-rights staff, to try to get at manuscripts.
An unidentified publisher told the Bookseller that scams targeting confidential information such as contracts are nothing new, but targeting manuscripts is a new twist.
Crooks spoof email addresses by creating email messages with a forged sender address when they want to trick recipients into providing money or sensitive information by posing as colleagues or trusted suppliers – in this case, well-known literary agents or other industry players.
It’s one form of what the FBI calls Business Email Compromise (BEC): a highly lucrative criminal enterprise that has cost businesses dearly. Between 2013 and 2015, the FBI reported that its Internet Crime Complaint Center (IC3) had received complaints of BEC that totaled more than $1.2 billion in losses.
The FBI said that these scammers, who appeared to be members of organized crime groups operating out of Africa, Eastern Europe and the Middle East, targetted businesses that work with overseas suppliers or regularly make wire transfer payments.
Instead of sending funds to legitimate suppliers, the money transfers were winding up in bank accounts controlled by the fraudsters, mostly with banks based in China.
The scammers sometimes compromise legitimate email accounts through social engineering or malware that steals account credentials.
The fraudsters then use access to email accounts to gather intelligence such as information about billing and invoices that won’t raise the suspicion of employees who send transfer payments.
The scammers are adept at forging invoices and accounts, giving them the ability to concoct sophisticated, convincing, highly targeted phishing attacks.

What to do?

In the past, we’ve offered security tips for avoiding this kind of email threat.
Beside that advice, here are even more tips from Naked Security’s Paul Ducklin:

  • Revisit your outbound email filtering rules to prevent sensitive information from going out to inappropriate destinations.
  • Require multiple approvals for overseas wire transfers.
  • Have strict controls over changes in payment details or the creation of new accounts.
  • Use strong passwords and consider two-factor authentication (2FA) to make it harder for crooks to gather intelligence from your network in the first place.
  • Consider a “back to base” virtual private network (VPN) for remote users so their online security is kept up, even on the road.
  • Have your own “central reporting” system, in the manner of IC3, where staff can call in suspicious messages to prevent crooks trying different employees with the same scam until a weak spot is found.
  • Think twice about publicly posting personnel information that could be abused in phishing attacks.