Don’t ignore these red flags. Scammers often use several of these at once. Be especially careful when you’re dealing with two people who seem to be working together—one posing as your agent and the other as an impersonator or industry contact. That pairing is a common tactic to build false credibility.

1. Unsolicited contact

• If you didn’t submit or initiate contact, be suspicious. Legit agents, publishers, and production companies rarely reach out first.

2. Requests for fees or purchases

• Never pay upfront for representation, rights acquisition, or to be “accepted.” If they ask for money, it’s almost certainly a scam.

3. Suspicious email addresses or domains

• Watch for Gmail/Outlook addresses or domains that look slightly wrong. Check the company’s official website—big firms won’t use newly registered domains.

4. Mass or templated emails

• If your name or title is pasted in a different font, the header looks odd, or there’s no personalized greeting, it’s likely a bulk template.

5. Phone numbers that don’t match location

• If the caller claims to be from a specific city but the area code is elsewhere, that’s a warning. Scammers also spoof numbers.

6. Lack of personalization or factual errors

• Genuine contacts reference your name, book title, and specifics. Vague language or mistakes indicate a template.

7. Outrageous offers or guarantees

• Large guaranteed advances, unreal option fees, or promises of movie deals are bait—if it sounds too good to be true, it probably is.

8. Generic, over-the-top praise

• Flowery compliments that could apply to anyone are a red flag. Real praise will be specific to your work.

9. Odd phrases or marketing buzzwords

• Phrases like “traditional publisher” as a selling point or awkward openings (“I hope this finds you in good health and high spirits”) are commonly used in scams.

Watch for the two-person con

• Common setup: One person poses as your new “agent” who vouches for a second person (an impersonator claiming to be a publisher, producer, or established agent). They coordinate messages and call times to seem legitimate. The “agent” builds trust, then the impersonator asks for money, rights, or sensitive files.

• Red flags in this scenario: overly scripted coordination, repeated insistence on secrecy or urgency, and both parties pressuring you to act quickly or pay through non-reversible methods (wire transfers, gift cards).

Pause. Think. Assess.

• Check the company website and official LinkedIn profiles.

• Search both people’s names across multiple sources and look for independent verification.

• Contact the company using contact info from its official site (do not use details from the suspicious messages).

• Ask for five verifiable author references (book title + contact info) and speak with them before agreeing to anything.

If you’ve been scammed—immediate steps:

1. Contact your bank or card issuer now to dispute the charge and start a fraud investigation.

2. If you wired money, contact the sending bank and request a recall immediately.

3. File a police report and report the scam to your country’s fraud authority (e.g., FTC in the U.S., Action Fraud in the UK).

4. Preserve evidence: save emails, texts, receipts, contracts, screenshots, and call logs.

5. Report the fraudulent account to payment platforms used (PayPal, Stripe, etc.).

6. Notify credit bureaus if you share personal/financial data.

7. Seek emotional support if needed—scams can cause serious stress.

Do it now! The sooner you report, the bigger the chance of recovering funds and stopping the scammers.

How to Spot Impersonation and Publishing Scams!

Impersonation-style scams/domain publishing scams are where the attacker uses a changed domain (looks close to the real one) and sometimes copies content or tries to make it seem like you already know the sender.

The Key Mismatch

Scam email shows: jstt2000@outlook.com

“Original”/claimed author address: jst2000@comcast.net (Sandy RUSSELL)

Even if the name looks right, the sender domain changed from comcast.net → outlook.com. Impersonators commonly do exactly this: they copy the name and story, but send from a different (attacker-controlled) account.

Also check for “almost the same” typos

jstt2000 vs jst2000 (extra t) is another big red flag. Real email addresses won’t “randomly” change like that unless something is compromised—or it’s a different person.