News for Authors

How Authors Can Prevent Phishing Attacks

by Phil Stamper-Halpin|January, 2024

Across emails, texts, and social media, phishing attacks have skyrocketed over the last few years. As public figures, authors might be particularly vulnerable. Read on to learn how to protect yourself from scammers.

1.Learn how to recognize a phishing message.

According to the FTC, “Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment.” Some of these stories may be easy to shrug off, but when you get an urgent message from a bank you trust, for example, it might be a little harder to identify.

Let’s say you receive an unexpected email from your bank and you can’t tell if it’s legitimate. Here are a few questions to ask before you click on any link in a message you weren’t expecting:

  • Is the message oddly formatted?
  • Does it use the correct logo for your bank?
  • Are there typos or missed words throughout the text?
  • If you hover over the link, does the url that pops up appear to belong to the correct site?
  • Does the sender’s email address match the formatting of other emails you’ve received from this organization? Is the email address misspelled, or does it have any odd formatting? (e.g., “@penguinradnomcom” or “”)
  • Does the email contain a free offer, or anything that sounds too good to be true?
  • Does it convey a sense of urgency, or is threatening language used? (e.g., “Your account will be terminated in 24 hours unless…”)

Remember that these messages and emails are meant to make you feel compelled to click as quickly as possible. Resist the temptation to react to urgent messages.

2.Keep personal information away from social media.

As an author, you might be particularly at risk for phishing attacks, as so much of your life is in the public eye—whether through your work or through social media. Though social media platforms always suggest being your most authentic self, make sure to do so without leaking any personal information.

  • Check your profiles: Open your personal Facebook and LinkedIn pages in an incognito window to see what info is publicly available. Take a look at the profiles and bios on your social media accounts. If you use a pseudonym, make sure your legal name doesn’t show up quite as easily. If your account shows your birth day/date or a specific town you live in, consider removing that info or keeping it more general.
  • Read through your public posts: Check your posts for anything revealing. Did you participate in any innocent-sounding social media trends that might end up revealing personal information? Delete anything that can be used against you.

3.Take steps to protect yourself from phishing—and other attacks—on social media.

Thankfully, there are many ways you can protect yourself from phishing and other scams:

  • Adjust privacy settings for some of your posts. If you share personal information on Instagram, for example, consider setting up a “close friends” list. This way you can keep your personal information shared only with a list of people you trust.
  • Make sure all your social media accounts have strong passwords. Make the passwords long (at least sixteen characters!), random, and unique. For more tips on strong passwords, visit the CISA website.
  • Don’t click on any links that appear suspicious, even in messages that seem to come from a trusted source—remember, your friend could easily have been hacked! Report any and all suspicious messages to the platform.
  • Set up two-factor authentication whenever possible.

4.How to report phishing emails and messages.

If you’ve received a phishing email, you can report it as spam. If you’ve received it at a company you work for, make sure to report it to your system administrator—you might not be the only one targeted! If you receive a text, delete it and report it as spam through your phone’s operating system (Android, Apple). If you’ve received a message on social media, flag it for the platform. If you personally know the person whose name it attached to the spam message, reach out to them to let them know their account is sending spam.


Ultimately, remember to pause and inspect any messages before clicking links. As our lives get more hectic, spammers rely on us to react to urgent requests without thinking or to click links before scanning an entire email or checking that the sender is legitimate. Though authors might be slightly more common targets, due to the amount of public information there is about them online, keeping all of these tips in mind will help you stay safe online.

Phil Stamper-Halpin is Associate Director, Author Platforms at Penguin Random House.