Impersonation has become an increasingly popular tactic used by bad actors in the publishing space, leading to significant personal and professional harm. Recently, the PRH Corporate Information Security Team has been notified of several phishing schemes in which employees at PRH and other publishing-industry companies are being impersonated to target authors and agents.
Social engineering attacks can specifically target professionals by impersonating legitimate media outlets, podcast networks, or journalists offering interviews or speaking opportunities. Scammers often target authors by impersonating or pretending to be literary agents, editors, Penguin Random House employees (often executives), or providers of other literary services. These scams exploit an individual’s trust, employing realistic emails, convincing LinkedIn messages, or even in-person calls referencing credible platforms or recognizable industry names. It’s important to carefully examine both direct and forwarded messages for potential phishing.
The attackers typically use social engineering tactics to coax you into revealing confidential details and personal or professional information, or to lure victims into clicking malicious links. Attackers may also request to go live on social media, tricking victims into clicking on malicious links and giving away their login information.
The following best practices will help you to avoid falling victim to these and other types of fraud.
Verify the Sender’s Identity
Always double-check the sender’s email address and domain. If you are contacted by someone who claims to be a Penguin Random House employee on social media or over the phone, ask them to send you an email from their PRH email address. Be skeptical if the person gives an excuse for not doing so. If an email seems to be from a legitimate contact or company but you’ve never engaged with them before or they’re using a different email address or phone number, verify their identity with known, trusted contact details or by contacting a company’s primary email address or phone number to confirm the sender is authentic.
Pay close attention to the email domain, as scammers often spoof a legitimate email address. PRH’s official company email domain in the United States is: @penguinrandomhouse.com or @prh.com.
Look for Red Flags
Be wary of emails that create a sense of urgency, request sensitive information, offer exciting opportunities or gifts such as an honorarium for participating, or contain unexpected attachments or links. Phishing emails often use these tactics to prompt quick, unthinking responses. Please note that PRH will never ask prospective authors for any form of payment or bank account information as part of the manuscript submission process.
Check for Spelling and Grammar Errors
Professional authors and other organizations typically communicate with a high level of professionalism. Emails with poor spelling, grammar, or unusual phrasing may be a sign of a phishing attempt.
Do Not Click on Suspicious Links
Hover over links to see the actual URL before clicking. If the link looks suspicious or does not match the context of the email, do not click on it.
Stop, Get Help
We understand that these emails can be hard to discern. If you suspect that a message or call is a phishing attempt, you can always stop, get help, and respond later if the message is found to be legitimate. Inquire with your publishing team or reach out to us at portaladmin@penguinrandomhouse.com.