A phishing rip-off with unclear motive or payoff is concentrating on authors, brokers and editors massive and small, baffling the publishing business.

James Hannaham was targeted by a scam that attempted to trick him into sending the unpublished manuscript of his next book. “You feel violated,” he said.
Credit…Ian Douglas

Elizabeth A. HarrisNicole Perlroth

Earlier this month, the guide business web site Publishers Marketplace introduced that Little, Brown can be publishing “Re-Entry,” a novel by James Hannaham a couple of transgender girl paroled from a males’s jail. The guide can be edited by Ben George.

Two days later, Mr. Hannaham bought an e-mail from Mr. George, asking him to ship the most recent draft of his manuscript. The e-mail got here to an handle on Mr. Hannaham’s web site that he not often makes use of, so he opened up his traditional account, hooked up the doc, typed in Mr. George’s e-mail handle and a little bit notice, and hit ship.

“Then Ben called me,” Mr. Hannaham mentioned, “to say, ‘That wasn’t me.’”

Mr. Hannaham was simply one in every of numerous targets in a mysterious worldwide phishing rip-off that has been tricking writers, editors, brokers and anybody of their orbit into sharing unpublished guide manuscripts. It isn’t clear who the thief or thieves are, and even how they may revenue from the scheme. High-profile authors like Margaret Atwood and Ian McEwan have been focused, together with celebrities like Ethan Hawke. But brief story collections and works by little-known debut writers have been attacked as properly, although they might haven’t any apparent worth on the black market.

In reality, the manuscripts don’t seem to wind up on the black market in any respect, or wherever on the darkish internet, and no ransoms have been demanded. When copies of the manuscripts get out, they simply appear to fade. So why is that this occurring?

“The real mystery is the endgame,” mentioned Daniel Halpern, the founding father of Ecco, who has been the recipient of those emails and has additionally been impersonated in them. “It seems like no one knows anything beyond the fact of it, and that, I guess you could say, is alarming.”

Whoever the thief is, she or he is aware of how publishing works, and has mapped out the connections between authors and the constellation of brokers, publishers and editors who would have entry to their materials. This particular person understands the trail a manuscript takes from submission to publication, and is comfortable with insider lingo like “ms” as an alternative of manuscript.

Emails are tailor-made so they look like despatched by a selected agent writing to one in every of her authors, or an editor contacting a scout, with tiny modifications made to the domains — like as an alternative of, an “rn” instead of an “m” — which can be masked, and so solely seen when the goal hits reply.

“They know who our clients are, they know how we interact with our clients, where sub-agents fit in and where primary agents fit in,” mentioned Catherine Eccles, proprietor of a literary scouting company in London. “They’re very, very good.”

This phishing train started a minimum of three years in the past, and has focused authors, brokers and publishers in locations like Sweden, Taiwan, Israel and Italy. This yr, the quantity of those emails exploded within the United States, reaching even larger ranges within the fall across the time of the Frankfurt Book Fair, which, like most all the pieces else this yr, was held on-line.

Books focused embrace “Such a Fun Age,” by Kiley Reid, “The Sign For Home,” by Blair Fell, “A Bright Ray of Darkness,” by Ethan Hawke, and “Hush” by Dylan Farrow. Penguin Random House and Simon & Schuster, two of the most important publishers, have despatched out warnings concerning the rip-off.

Cynthia D’Aprix Sweeney, the creator of the debut novel “The Nest,” was focused in 2018 by somebody pretending to be her agent, Henry Dunow. The emails started about eight months after she had bought her second novel primarily based on a pattern of the manuscript known as a “partial.”

Often, these phishing emails make use of public data, like guide offers introduced on-line, together with on social media. Ms. Sweeney’s second guide, nonetheless, hadn’t but been introduced wherever, however the phisher knew about it intimately, all the way down to Ms. Sweeney’s deadline and the names of the novel’s most important characters.

“Hi Cynthia,” the e-mail started. “I loved the partial and I can’t wait to know what happens next to Flora, Julian and Margot. You told me you would have a draft around this time. Can you share it?”

It was signed, “Henry.”

The notice struck Ms. Sweeney as odd, so she forwarded it to her agent. “He freaked out,” she mentioned. She didn’t reply to the scammer, however the emails saved coming. Finally, she mentioned, she wrote again, asking the particular person to go away her alone.

Instead, Ms. Sweeney bought this response: “It’s me, Henry. How could I know about your new novel??”

“It’s so befuddling because it’s not like fiction is driving our economy,” Ms. Sweeney mentioned. “Ultimately, how do you monetize a manuscript that you don’t own?”

Ms. Sweeney’s first guide was a finest vendor, so she, like well-known authors Jo Nesbo and Michael J. Fox, could also be an apparent alternative. But the scammer has additionally requested experimental novels, brief story collections and not too long ago bought books by first-time authors. Meanwhile, Bob Woodward’s guide “Rage,” which got here out in September, was by no means focused, Mr. Woodward mentioned.

“If this were just targeting the John Grishams and the J.K. Rowlings, you could come up with a different theory,” mentioned Dan Strone, chief government of the literary company Trident Media Group. “But when you’re talking about the value of a debut author, there is literally no immediate value in putting it on the internet, because nobody has heard of this person.”

One of the main theories within the publishing world, which is rife with hypothesis over the thefts, is that they’re the work of somebody within the literary scouting group. Scouts organize for the sale of guide rights to worldwide publishers in addition to to movie and tv producers, and what their shoppers pay for is early entry to data — so an unedited manuscript, for instance, would have worth to them.

“The pattern it resembles is what I do,” mentioned Kelly Farber, a literary scout, “which is I get everything.”

Cybercriminals commonly commerce pirated films and books on the darkish internet, alongside stolen passwords and Social Security numbers. Yet a broad search of darkish internet channels, just like the Pirate Warez web site, an underground discussion board for pirated items, didn’t yield something significant when looking for “manuscripts,” “unpublished” or “upcoming book,” or the titles of a number of purloined manuscripts.

In the previous, cybercriminals who lifted Hollywood scripts and screenplays turned a revenue by posting them on-line and charging impatient followers charges to entry them. In 2014, somebody posted Quentin Tarantino’s script for “The Hateful Eight” on-line, and it will definitely discovered its option to Gawker. Mr. Tarantino threatened to finish manufacturing earlier than it had even begun. Oren Peli, the screenwriter behind the “Paranormal Activity” movie franchise, noticed his script outlines find yourself on the web.

None of that appears to be occurring with the stolen guide manuscripts. Apparently no person has posted them on-line out of spite or tried to entice keen followers to show over their bank card data in trade for an early glimpse. There have been no ransom calls for of the authors by extortionists threatening to dump the authors’ years of labor on-line in the event that they don’t pay up. In this absence, and with no clear monetization technique to the thief’s or thieves’ efforts, cybersecurity consultants have been left scratching their heads.

The scammer’s ever-so-slight variations on registered web sites are a tried-and-true tactic. In an try and steal the manuscript for Mr. Nesbo’s “Knife,” the thief despatched e-mail from, a website designed to imitate Salomonsson, the Swedish literary company. The area was registered with GoDaddy, utilizing a pc whose IP handle had by no means been picked up in earlier phishing scams, spam campaigns or cyberattacks. But whoever is behind the phishing emails is maintaining their instruments present: They had arrange the area in June 2018 and re-registered it as not too long ago as Nov. 25 this yr.

“The trouble they went to — fabricating conversations with trusted people and sort of acting as if they are filling in the target on those conversations to grant themselves credibility — definitely demonstrates very specific targeting, and probably more effort than we see in most phishing emails,” mentioned Roman Sannikov, a menace analyst at Recorded Future whom The Times requested to overview the emails.

The thefts have rattled some once-trusting literati and left publishing professionals uncertain of whom they’ll belief. For authors, the stakes couldn’t be larger: This is their unfinished work, nonetheless suffering from typos and plot strains that might not survive a remaining edit, pried out into the open earlier than it’s prepared.

“You feel violated,” Mr. Hannaham mentioned. “I don’t want anyone to know how bad the early drafts of things are.”