From The New York Times:
Earlier this month, the book industry website Publishers Marketplace announced that Little, Brown would be publishing “Re-Entry,” a novel by James Hannaham about a transgender woman paroled from a men’s prison. The book would be edited by Ben George.
Two days later, Mr. Hannaham got an email from Mr. George, asking him to send the latest draft of his manuscript. The email came to an address on Mr. Hannaham’s website that he rarely uses, so he opened up his usual account, attached the document, typed in Mr. George’s email address and a little note, and hit send.
“Then Ben called me,” Mr. Hannaham said, “to say, ‘That wasn’t me.’”
Mr. Hannaham was just one of countless targets in a mysterious international phishing scam that has been tricking writers, editors, agents and anyone in their orbit into sharing unpublished book manuscripts. It isn’t clear who the thief or thieves are, or even how they might profit from the scheme. High-profile authors like Margaret Atwood and Ian McEwan have been targeted, along with celebrities like Ethan Hawke. But short story collections and works by little-known debut writers have been attacked as well, even though they would have no obvious value on the black market.
In fact, the manuscripts do not appear to wind up on the black market at all, or anywhere on the dark web, and no ransoms have been demanded. When copies of the manuscripts get out, they just seem to vanish. So why is this happening?
“The real mystery is the endgame,” said Daniel Halpern, the founder of Ecco, who has been the recipient of these emails and has also been impersonated in them. “It seems like no one knows anything beyond the fact of it, and that, I guess you could say, is alarming.”
Whoever the thief is, he or she knows how publishing works, and has mapped out the connections between authors and the constellation of agents, publishers and editors who would have access to their material. This person understands the path a manuscript takes from submission to publication, and is at ease with insider lingo like “ms” instead of manuscript.
Emails are tailored so they appear to be sent by a particular agent writing to one of her authors, or an editor contacting a scout, with tiny changes made to the domain names — like penguinrandornhouse.com instead of penguinrandomhouse.com, an “rn” in place of an “m” — that are masked, and so only visible when the target hits reply.
“They know who our clients are, they know how we interact with our clients, where sub-agents fit in and where primary agents fit in,” said Catherine Eccles, owner of a literary scouting agency in London.
“They’re very, very good.”
. . . .
Often, these phishing emails make use of public information, like book deals announced online, including on social media. Ms. Sweeney’s second book, however, hadn’t yet been announced anywhere, but the phisher knew about it in detail, down to Ms. Sweeney’s deadline and the names of the novel’s main characters.
“Hi Cynthia,” the email began. “I loved the partial and I can’t wait to know what happens next to Flora, Julian and Margot. You told me you would have a draft around this time. Can you share it?”
It was signed, “Henry.”
Link to the rest at The New York Times