A few days ago, I received a message that I thought came from my bank’s security department. The email asked me to verify my account information so that my service would not be interrupted. It provided a link which I could click to enter a few details.
The return email address seemed like my bank’s. I looked closely at the logo in the email, and it was identical to my bank’s.
1. They imitate the real thing.
That reminded me of some literary scams which pass themselves off as legitimate. Fake agents may take kickbacks from vanity presses to make it appear that they have sales, or they claim to have “worked with” commercial publishers. Many vanity presses will say they’re not by any means vanity presses – they’re co-publishers, subsidy publishers, traditional publishers, etc.
2. They rely on social compliance.
Society trains people not to question authority. Hustlers exploit this “suspension of suspiciousness” to make you do what they want.
From a presenter of The Real Hustle (1)
I don’t understand a great deal about banking, so I trust whatever my bank tells me. If they say there’s a security problem, I’ll believe them and do whatever’s necessary to have it fixed.
Many writers do the same thing with people or companies whom they perceive to be in a position of authority over them. Literary scammers play on that. They know that many writers find publishing complex at best, and trust their publishers and agents to deal with the intricacies of the business on their behalf. So they’re likely to comply even when faced with requests for money, as this writer did:
…soon after I signed the contract, they called me home and wanted me to pay with my credit card the sum of $49 saying it was necessary to cover the cost for priority production.
3. They cast their nets far, wide and indiscriminately.
I read through the email a second time (it was pretty short) and noticed that it wasn’t addressed to me.
Oh, it began with “Dear my-email-address”, but that’s not my name. Could whoever sent it have just used a mail merge program and a database of email addresses?
There are phishing scams which target specific victims (spear phishing), but many of them will send out such mass, impersonal emails. It provides the maximum return for the minimum effort. The same thing applies to author mills, which rely on churning out content for the least amount of work… on their part, not on the writers’ part. So they accept almost anything, and their correspondence tends to be form-letters or copy-and-paste.
4. They make it easy for you to comply.
To verify my account’s security measures the hard way, I would have had to look up my bank’s phone number, call them and then wait on the line for someone to answer. On the other hand, there was a convenient, clickable link in the body of the email…
If you want a real agent or a real publisher, you may need to spend years honing your skills and more time undergoing the grueling process of submissions and rejections. It can be difficult and disheartening. And even after the book is accepted, the work is by no means over. I spent most of my Christmas break struggling with edits.
But a fake agent or publisher will be more than happy to accept your manuscript as-is, and will do so quickly. They’re unlikely to ask for edits or changes. They will make it very easy for you to be maneuvered into a situation where you end up paying them.
5. They can be defeated with a little research.
I don’t remember where I first read of phishing scams, but I was pretty sure that banks don’t ask you to provide details of your accounts in emails, just as legitimate agents and publishers don’t ask you for money.
So I called my bank and spoke to a nice customer service agent who confirmed that the email was a scam and suggested I forward it to the bank’s actual security department. He also persuaded me to open another account with them, the smooth talker. But on the whole, this story has a happy ending and I hope any writer faced with a literary scam will also deal appropriately with the scammer.
1. Stajano F, Wilson P. Understanding scam victims: seven principles for systems security. 2009 (retrieved April 3, 2010). University of Cambridge. Available at: http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-754.pdf
8 comments:
That's a great analogy.
I ditto fairyhedgehog.
The scams are dreadful, what a world we live in.
I love how you compare the two. I think there's a special place in hell for people who rip off writers!
I think that I've gone to a grand total of 1 phish link, but I did not proceed further. But in my e-mail client, one can get the URL of a link by mousing over it, an easy way of doing #5. Phish links are always to other places, and are sometimes very weird-looking.
As to #2, some phish messages are rather intimidating, threatening suspension of service unless one logs in.
Another way of doing #5 is that some online-banking companies will use whatever name they have for you:
Dear :
instead of
Dear customer:
As to #3, I'm sure that that's how many phishers work.
The analogies certainly work. I was pretty sure you'd be too savvy to get scammed, but it can happen to the best of us. I competed in a literary contest that I'm almost certain was a scam. They were really good -- and now I'm a whole more careful about entering literary competitions.
Thanks, fairyhedgehog and Glynis!
Angela - I think what makes me detest literary scams is that they don't just take people's money. Some people are so disheartened when they learn the truth that they stop writing.
Money is replaceable. Hope, dreams and a love of writing are less so.
Loren - the bank advised me not to even click on the link, so I didn't. But as you said, it's possible to get the real URL of a link by hovering the mouse over it.
Mary - Thanks! I also had a near brush with a scam - years ago, when I was fresh off the boat in the States - and now I'm more careful.
I'm going to look into fake literary contests as well.
phishing email scams can be very sophisticated, but just don't use links that are in any way related to financial stuff, never answer personal or financial questions unless you contacted them first, and you should be fine.
Post a Comment