Someone is stealing unpublished book manuscripts in a phishing scam

It is almost as if e-mail isn’t a secure medium for communication...<p>Look, I am not a security expert so please correct me if I am wrong about any of this:<p>Every time PGP for the masses is suggested as a solution it gets dismissed as being to complex or difficult to wrap your head around, but all these scams would not work in a world where authors and publishers only trust signed e-mails.<p>In my mother’s case I am sure pgp is too complex, but shouldn’t we demand it in a professional context?<p>Whenever some company gets socially engineered through e-mail the response is “we were targeted by a super tailored phishing attack, bla bla” as an excuse for digital negligence which not using digital signatures for e-mails basically is.<p>Or are there things I am overlooking?

B2B companies of HN, how do you communicate with each other privately? I&#x27;m struggling to find a secure communication medium.<p>Setting up PGP is annoying and also requires recipients to have it. Emails are clearly not private. Whatsapp, Messenger, Signal and Telegram are a bit personal (most require a phone number, and companies don&#x27;t provide phone numbers to all people). SMS&#x2F; phones are also not secure. LinkedIn premium is expensive monthly and doesn&#x27;t provide a good messaging UI.<p>Oh, the reason why I ask B2B specifically is because consumer products can communicate through their platforms where users already have accounts. Their either enmeshed in platforms or have their own platforms.

Oddly, a version of this is also happening in my wife’s world, but with music composers instead of authors.<p>The scheme is a little less sophisticated, but the themes are the same. The phisher knows the parties involved and their relationships, they know the lingo and the process of commissioning a composition, it isn’t limited to famous&#x2F;well known people&#x2F;groups (e.g. they target grad students), and it’s very unclear what they’re attempting to achieve (or how they might monetize it).

Even we translators have been targeted! A couple of my colleagues have sent manuscripts of translated Chinese fiction to bogus editors. If you thought unpublished original fiction was unlikely to be a profitable ripoff, unpublished translated foreign fiction is even more head-scratching.<p>I asked a friend to send me one of the emails so I could look at the headers. All I could get was that it appeared to be sent from an Italian-language webmail setup, no other clues I could find.

Since (so far) nobody has been harmed, this is such a fascinating little story. It reminds me of the Adam Pisces episode of Reply All: <a href="https:&#x2F;&#x2F;gimletmedia.com&#x2F;shows&#x2F;reply-all&#x2F;z3hgd2" rel="nofollow">https:&#x2F;&#x2F;gimletmedia.com&#x2F;shows&#x2F;reply-all&#x2F;z3hgd2</a><p>My best guess is it&#x27;s just bored people with private collections, similar to how people were privately collecting and trading pictures off celebrities iClouds (before they were all leaked publicly).

Most likely a super-fan.<p>The only possible <i>nefarious</i> scenario I can figure out is: phisher is connected to a more dodgy publishing outfit -- either piracy sites that offer access to PDFs of books for a monthly subscription, or (much less likely) a not-very-scrupulous publisher in a foreign language territory who would like to publish a translation without paying royalties and before their Anglophone population get access to the official ebook (this is a thing, it cannibalizes translation sales in markets with a big English-literate population).<p>(Ebook piracy sites are a pain in the ass: I&#x27;ve seen novels that I&#x27;ve written advertised for download before publication date, presumably because somebody leaked an early review copy, complete with pre-edit typos.)

Almost certainly a super fan of some kind. The Literary business world is all about insider info, gossip, worthless prestige of one kind or another.<p>If I had to guess they sat down to write their novel and this is the ultimate act of procrastination.

<a href="https:&#x2F;&#x2F;archive.is&#x2F;5BESy" rel="nofollow">https:&#x2F;&#x2F;archive.is&#x2F;5BESy</a>

I can&#x27;t find it now, but there&#x27;s a new standard to associate a logo image width a domain for use in email, using a DNS record. From memory one of the big certificate providers is acting as the official verifier and there will be a fee, when it comes out of trial.<p>On its own it&#x27;s a silly little thing, but confidence scans are all about lots of little things which add up to a greater whole. I think it could help those who embrace it.<p>I remember working at a company where someone in finance gave away a large 5 figure sum to an unknown bank account, because a Hotmail address set up with the MD&#x27;s name, who was on holiday at the time, asked them to do so. They were lucky that their bank agreed to cancel the payment an hour after they made it. This could have helped.

Two possible scenarios come to my mind, but both are a bit far fetched. First one being that this is some kind of phishing training &amp; seeing what kind of techniques could be utilized when doing attacks against high-value targets later (or maybe even being a &quot;final test&quot; in some phishing course for some of the more professional groups (those that are run by nation states)).<p>Another one being that they are doing it to obtain blackmailing material. Maybe they are hoping that there are things in some of the drafts that could be used to blackmail the author (e.g. in some cases there could be things that might be considered to be racist&#x2F;sexist&#x2F;similar, but would normally be caught by the editor).

Even the Japanese authors are targeted and it looks like it&#x27;s not a cheap job. They researched the author, publishers, the agent, and translator of the book to English and wrote an phishing mails that looks like authentic.<p>The effort and resources they put on this scam doesn&#x27;t justify for the cost of pirate. Besides, why do they want draft that isn&#x27;t finished yet?<p>There&#x27;s only handful of authors whose upcoming book is so valuable and worth leaking.

&quot;steal&quot; is a misleading verb here. Even the content of the article agrees with me--<p>&gt; tricking writers, editors, agents and anyone in their orbit into sharing unpublished book manuscripts<p>This is &quot;copying without permission,&quot; &quot;illegal access,&quot; or simply &quot;phishing&quot; which everybody in 2021 understands.<p>The sexy but ambiguous &quot;steal&quot; doesn&#x27;t make clear whether the author still had access to the manuscripts.

Putin!

Is this news? And if so, why bad news?