The New Literary Scam: How AI Is Making Fraud Feel Personal

Simon Culley • 29 April 2026

A thick, bright pink arrow pointing diagonally down and to the right.

The new generation of scams no longer looks like spam. It arrives as a polished invitation from a book club, podcast, radio producer, editor, festival organiser or fellow author. It references your work accurately, sounds informed, and flatters intelligently.


That is precisely what makes it dangerous.

Generative AI has made highly personalised deception cheap and scalable. Criminals can scrape enough public information to create emails that feel credible, thoughtful and specific. The FBI has warned that criminals are using AI-generated text to make phishing, social engineering and fraud more believable. (FBI IC3)

For authors, academics and educators, the risk is acute because real opportunities often do begin informally: an email from a producer, book club, conference organiser, journal editor or literary festival. Scammers are exploiting that professional openness.

The usual goal is simple: charge a fake “participation”, “promotion”, “feature” or “production” fee; steal personal or financial data; or move the conversation to a platform where credentials can be harvested. The
NCSC defines phishing as scam messages designed to trick people into visiting malicious websites, downloading malware or giving away sensitive information.

Ten ways to protect yourself

This is paragraph text. Click it or hit the Manage Text button to change the font, color, size, format, and more. To set up site-wide paragraph and title styles, go to Site Theme.

1. Treat flattery as a risk signal

Highly specific praise is no longer proof that someone has read your work. AI can summarise books, articles, interviews and public profiles quickly and convincingly.

Ask:
Can I verify who this person is, who they represent, and why they are contacting me?

2. Verify through a separate channel

Do not click links, reply immediately, or use phone numbers supplied in the email. Search for the organisation independently, visit its official website, and contact the person through a published institutional address.

This is known as
out-of-band verification - and it is one of the strongest protections against impersonation.

3. Inspect the sender address

The display name is easy to fake. The email domain matters more.

Check for free email accounts, lookalike domains, odd punctuation, extra words, or reply-to addresses that differ from the sender. Impersonation fraud is now a major category: the
FTC reported nearly $3 billion in losses from impersonation scams in 2024.

4. Be wary when “opportunities” become paid placements

A common pattern is: invitation, praise, conversation, then a fee. It may be framed as a media package, production cost, book club inclusion fee, author feature or review placement.

Troubador has warned authors about scams where fake book clubs disclose participation fees only after the initial exchange.

5. Use a simple verification checklist

Before accepting an invitation, check:

  • Is the sender using an official domain? Yes
  • Can the person be found on the official site? Yes
  • Can the opportunity be verified independently? Yes
  • Is there a fee? No, or clearly disclosed upfront
  • Are they asking for sensitive data? No
  • Does the process feel professionally normal? Yes


When judgement can be influenced with flattery (we're all susceptible to it), use a process.

6. Separate public contact from private identity

Use a public-facing email address for media, speaking and book enquiries. Keep personal, financial, university admin and cloud accounts separate.

Avoid publishing personal phone numbers, private assistant details, home addresses, travel plans or sensitive calendar information. The aim is not to disappear; it is to reduce the data scammers can use to impersonate, pressure or manipulate you.

7. Strengthen your technical defences

At minimum, use:

  • Multi-factor authentication on email, cloud storage, social media, banking and publishing platforms.
  • A password manager, which can help detect fake domains by refusing to autofill on spoofed sites.
  • Unique passwords for personal, university, publisher and social accounts.
  • Updated devices, browsers and operating systems.


Institutions should also enforce SPF, DKIM, DMARC and phishing-resistant MFA for high-risk public-facing staff.

8. Do not move too quickly to another platform

Scammers often try to shift conversations to WhatsApp, Telegram, fake booking portals, file-sharing links or payment pages.


Be cautious of lines such as:

  • “Confirm your availability here.”
  • “Download the media pack.”
  • “Join our author portal.”
  • “Pay now to secure the slot.”


The FBI has also warned about AI-enabled impersonation used to build rapport and redirect victims towards attacker-controlled platforms. (Reuters)

9. Publish a warning if you are being impersonated

If scammers are using your name, organisation, podcast, book club, festival, department or imprint, add a clear warning to your official website.

State which domains are genuine, whether you charge fees, whether you solicit authors, and how people can verify contact. This helps victims who search your name and find that you are real - but not that the email is real.

10. Report and share near-misses

Do not treat near-misses as embarrassing. Treat them as intelligence.

In the UK, suspicious emails can be forwarded to the
NCSC’s Suspicious Email Reporting Service.

In the US, internet-enabled fraud can be reported to the FBI’s Internet Crime Complaint Center.
FBI reporting shows the scale of the problem: approximately 453,000 cyber-enabled fraud complaints and more than $17.7 billion in reported losses.

Share examples with colleagues, publishers, agents, departments and professional networks. Pattern recognition is communal security.

A five-step protocol

Before accepting any unsolicited media, book club, conference, podcast, editorial or speaking opportunity:

  1. Pause. Do not click, download, reply or pay.
  2. Inspect. Check the email address, domain, links and attachments.
  3. Verify independently. Use the official website, not the email.
  4. Escalate. Ask your publisher, agent, department, IT team or a trusted colleague.
  5. Report. Save and forward suspicious messages.

The new rule of trust

Old advice told people to look for bad spelling, clumsy phrasing and generic messages. That is no longer enough. AI-generated scams can be fluent, flattering and highly specific.

The real test is not how well the email is written.

It is provenance.

Who sent it? From what domain? Can it be verified independently? Is money, data or access being requested? Does the process make professional sense?

For authors, professors and educated professionals, intelligence is not immunity. These scams are designed to appeal directly to professional identity: your work matters, your book deserves attention, your ideas should reach more people.

That may all be true.

It does not make the email true.


OTHER POSTS


Farmer beside crates of produce and “unexpected food shortage” sign, with labels like “tax” and “rising costs”
by Simon Culley 10 June 2026
The UK produces just 62% of the food it needs. Why farming isn't just a policy issue, it's a brand issue, and what businesses can do about it.
Man in a light blue shirt gesturing toward striped curtains on a stage
by John Walters 28 May 2026
An ice cream van taught me something about marketing: the shopper journey moves at the buyer's speed, not yours.
Woman looking worried at a smartphone in a café, with blurred city lights in the background
by Chris da Costa 25 March 2026
Gen Z doesn't trust ads that look like ads. Why speed beats budget for winning their attention, and what that means for how agencies work.

Some of the others we've helped along the way