Go to HBG Authors Resources home

Info for Authors – Scams and CyberSecurity Tips FAQ

Scams and Cybersecurity Tips FAQ

We have seen an alarming rise in scam attempts in which hackers impersonate HBG employees, authors, and agents in an attempt to attain unpublished manuscripts or personal information. Some of these scams are quite sophisticated. The hackers are adept impersonators, comfortable with “editorial” speak, and may refer to recent events in the industry and to publishing e-newsletters such as Publishers Lunch to legitimize their requests. Hackers can easily simulate staff with impersonated domain emails. Sometimes the difference in a hacker’s email address is so subtle that it is easy to miss. Staff, agents, and authors should watch out for the difference between john.doe@hbgusa.com and john.doe@hbg-usa.com, for example.
It is easy to fall victim to hackers if you are not vigilant. The following cyber security awareness tips and reminders are intended to protect you against these attacks.

Be aware of publishing scams:

Scammers frequently impersonate HBG employees in email, on social media, and on the phone to deceive authors into thinking that HBG is interested in publishing their manuscripts. They create fake publishing contracts that include HBG’s name or logo or the names and logos of our imprints. They promise to pay a large advance after the author enters into a publishing agreement and pays a fee. Scammers also pretend to be literary agents or providers of other literary services working with HBG publishers and editors. In other recent scams, they purport to be from “book clubs” and reach out to authors to include their books in a discussion or book club meeting and ask for a small fee to cover refreshments, administration, or promotion costs. Scammers even impersonate bestselling authors to scam other authors by expressing an interest in their work and then asking for personal information or offering to read or review their books for a fee.

For more examples of publishing scams and tips for avoiding them, please click here.

Be aware of phishing attacks by email:

  • Be aware of typos in domain names on received emails. A hacker’s hbg-usa.com email is not the same as our hbgusa.com email.
  • Do not click links if you are not sure of the source.
  • Do not reply direct back to original email requests for documents or information. Call the source directly or start a separate email with the known email address.
  • Hover over the email address to be sure it matches the displayed email address.
  • Be cautious of urgent requests for sensitive information and documents (e.g., draft manuscripts, royalty statements, tax information) and follow the guidelines for sharing those documents below.

Be aware of other social engineering attacks (i.e., by phone, on social media):

  • Do not share information over the phone if you are not confident of the source on the other end.
  • Verify the phone number you are speaking to, call back if needed.
  • Never share credentials or personal information.
  • Do not click links in social media posts or messages if you are not sure of the source.

Sharing Documents:

  • Call the person you are sending the file to and confirm they are expecting it.
  • Share the document using HBG’s File Sharing systems.
  • Consider if there is a portal you can access that has the document instead of emailing a copy.
  • If emailing the document is the only option, use the Encrypt option.
  • Encrypt the document within the application and provide the password separately over text or a phone call.

What if I become suspicious?

  • Contact your editor or business contact if you suspect you are the victim of a scam. They can consult with the CyberSecurity team for further investigation.