The New Literary Scam: How AI Is Making Fraud Feel Personal
Simon Culley • 29 April 2026
The new generation of scams no longer looks like spam. It arrives as a polished invitation from a book club, podcast, radio producer, editor, festival organiser or fellow author. It references your work accurately, sounds informed, and flatters intelligently.
That is precisely what makes it dangerous.
Generative AI has made highly personalised deception cheap and scalable. Criminals can scrape enough public information to create emails that feel credible, thoughtful and specific. The FBI has warned that criminals are using AI-generated text to make phishing, social engineering and fraud more believable. (FBI IC3)
For authors, academics and educators, the risk is acute because real opportunities often do begin informally: an email from a producer, book club, conference organiser, journal editor or literary festival. Scammers are exploiting that professional openness.
The usual goal is simple: charge a fake “participation”, “promotion”, “feature” or “production” fee; steal personal or financial data; or move the conversation to a platform where credentials can be harvested. The
NCSC defines phishing as scam messages designed to trick people into visiting malicious websites, downloading malware or giving away sensitive information.
Ten ways to protect yourself
This is paragraph text. Click it or hit the Manage Text button to change the font, color, size, format, and more. To set up site-wide paragraph and title styles, go to Site Theme.
1. Treat flattery as a risk signal
Highly specific praise is no longer proof that someone has read your work. AI can summarise books, articles, interviews and public profiles quickly and convincingly.
Ask:
Can I verify who this person is, who they represent, and why they are contacting me?
2. Verify through a separate channel
Do not click links, reply immediately, or use phone numbers supplied in the email. Search for the organisation independently, visit its official website, and contact the person through a published institutional address.
This is known as
out-of-band verification - and it is one of the strongest protections against impersonation.
3. Inspect the sender address
The display name is easy to fake. The email domain matters more.
Check for free email accounts, lookalike domains, odd punctuation, extra words, or reply-to addresses that differ from the sender. Impersonation fraud is now a major category: the
FTC reported nearly
$3 billion in losses from impersonation scams in 2024.
4. Be wary when “opportunities” become paid placements
A common pattern is: invitation, praise, conversation, then a fee. It may be framed as a media package, production cost, book club inclusion fee, author feature or review placement.
Troubador has warned authors about scams where fake book clubs disclose participation fees only after the initial exchange.
5. Use a simple verification checklist
Before accepting an invitation, check:
- Is the sender using an official domain? Yes
- Can the person be found on the official site? Yes
- Can the opportunity be verified independently? Yes
- Is there a fee? No, or clearly disclosed upfront
- Are they asking for sensitive data? No
- Does the process feel professionally normal? Yes
When judgement can be influenced with flattery (we're all susceptible to it), use a process.
6. Separate public contact from private identity
Use a public-facing email address for media, speaking and book enquiries. Keep personal, financial, university admin and cloud accounts separate.
Avoid publishing personal phone numbers, private assistant details, home addresses, travel plans or sensitive calendar information. The aim is not to disappear; it is to reduce the data scammers can use to impersonate, pressure or manipulate you.
7. Strengthen your technical defences
At minimum, use:
- Multi-factor authentication on email, cloud storage, social media, banking and publishing platforms.
- A password manager, which can help detect fake domains by refusing to autofill on spoofed sites.
- Unique passwords for personal, university, publisher and social accounts.
- Updated devices, browsers and operating systems.
Institutions should also enforce SPF, DKIM, DMARC and phishing-resistant MFA for high-risk public-facing staff.
8. Do not move too quickly to another platform
Scammers often try to shift conversations to WhatsApp, Telegram, fake booking portals, file-sharing links or payment pages.
Be cautious of lines such as:
- “Confirm your availability here.”
- “Download the media pack.”
- “Join our author portal.”
- “Pay now to secure the slot.”
The FBI has also warned about AI-enabled impersonation used to build rapport and redirect victims towards attacker-controlled platforms. (Reuters)
9. Publish a warning if you are being impersonated
If scammers are using your name, organisation, podcast, book club, festival, department or imprint, add a clear warning to your official website.
State which domains are genuine, whether you charge fees, whether you solicit authors, and how people can verify contact. This helps victims who search your name and find that you are real - but not that the email is real.
10. Report and share near-misses
Do not treat near-misses as embarrassing. Treat them as intelligence.
In the UK, suspicious emails can be forwarded to the
NCSC’s Suspicious Email Reporting Service.
In the US, internet-enabled fraud can be reported to the FBI’s Internet Crime Complaint Center.
FBI reporting shows the scale of the problem: approximately
453,000 cyber-enabled fraud complaints and more than $17.7 billion in reported losses.
Share examples with colleagues, publishers, agents, departments and professional networks. Pattern recognition is communal security.
A five-step protocol
Before accepting any unsolicited media, book club, conference, podcast, editorial or speaking opportunity:
- Pause. Do not click, download, reply or pay.
- Inspect. Check the email address, domain, links and attachments.
- Verify independently. Use the official website, not the email.
- Escalate. Ask your publisher, agent, department, IT team or a trusted colleague.
- Report. Save and forward suspicious messages.
The new rule of trust
Old advice told people to look for bad spelling, clumsy phrasing and generic messages. That is no longer enough. AI-generated scams can be fluent, flattering and highly specific.
The real test is not how well the email is written.
It is provenance.
Who sent it? From what domain? Can it be verified independently? Is money, data or access being requested? Does the process make professional sense?
For authors, professors and educated professionals, intelligence is not immunity. These scams are designed to appeal directly to professional identity: your work matters, your book deserves attention, your ideas should reach more people.
That may all be true.
It does not make the email true.


