Scamwatch: a sophisticated spear-phishing scam

Which? unpicks a highly targeted email scam
Faye LipsonSenior researcher & writer

Faye was Headline Money Consumer Money Journalist of 2023 and a Wincott Award finalist in 2025. She's been investigating scams for nearly a decade.

Set as preferred source

In 2009, I published a biography of Depeche Mode lead singer David Gahan, which was rereleased in Germany last year. 

However, I’ve worked at Which? for the past decade and am primarily known as a travel writer. I was therefore surprised to receive an email about the book to my work inbox ‘from’ the publishing house Hachette. This isn’t my publisher. 

The email is effusive and detailed in its praise and asks about any forthcoming projects. The email then asks whether I’m represented by an agent. It’s signed off with the name, picture and email address of an assistant editor at Hachette. This person is a real Hachette employee, but the email address given on its official website is different from the one in the email. 

I then found a warning on Hachette’s website about scams impersonating its employees ‘to trick authors into signing fake book publishing agreements’. The aim is to persuade you to pay a fee for editing or representation.

I’m astonished by this sophisticated scam.

Trevor Baker, Which? Travel

Faye Lipson, Which? senior researcher, says: 

This is a galling scam attempt. Having a public profile has likely made it easier for fraudsters to find you and curate this scam, but targeted scams like this one are getting more common.

The sender has done their homework to hone this approach. The email shows knowledge of your book’s contents, and the scammer has tracked you down to Which?, despite Which? and the book being totally unconnected. 

This type of targeted approach is known as ‘spear-phishing’ and it can be extremely convincing. The reason why it's convincing is that the scammers research you to design a personalised scam. 

Although I can’t prove it, I have a hunch about why you’ve been targeted: your book appears in LibGen, a huge online database that’s been found to contain pirated books. Using the LibGen search tool, published by The Atlantic as part of its investigation into the artificial intelligence (AI) industry, revealed two of your books.

It’s a double injustice for affected authors. Their work has been stolen (reportedly to train AI), and it also puts them in the firing line for fraud. 

Protect yourself from scams by always verifying an unsolicited email, as you rightly did. Authors receiving similar emails should use the publisher’s verifiable contact details to talk to it before going any further. 

Forward scam emails like this to report@phishing.gov.uk.