How to Spot and Avoid Phishing Emails: Indie Author Guidance

Following our recent #AskALLi advice post highlighting indie author scams, we're following up with detailed guidance for spotting and avoiding phishing emails.

This scam seems to be increasing year-on-year, and we have even had reports from members receiving phishing emails that appear to be from ALLi. Before we dig into the guidance with Outreach Manager and author Michael La Ronn, this is a good time to remind all ALLi followers that If you receive any emails claiming to be from ALLi that are requesting personal details, do not click on links or provide any sensitive information. Instead, report the email to us immediately: Contact ALLi to Report a Scam.

Cybersecurity and the independent author community

We don’t talk enough about cybersecurity in the independent author community. It’s easy to think that only large companies are the victims of cyberattacks, but cyberattacks against small businesses have been on the rise. And independent authors are, by definition, small businesses.

Consider the following statistics from StrongDM, a technology infrastructure company:

• 46% of all cyber breaches impact businesses with fewer than 1,000 employees.
• 61% of small businesses were the target of a Cyberattack in 2021.
• 59% of small business owners with no cybersecurity measures in place believe their business is too small to be attacked.
• 82% of ransomware attacks in 2021 targeted small businesses.

Small businesses (authors) are less likely to have sophisticated IT controls in place. They are also more likely to believe that they won’t be the victims of cyber crimes. This makes them easy targets for scammers.

If you don’t think authors can be victims, think again. Cyber criminals have recently targeted authors posing as legitimate author organizations and writing contests.

However, there are simple actions we as indies can take to protect ourselves, our businesses, and our data. One of these actions is learning to identify and prevent phishing.

Additionally, securing your website with HTTPS and regularly updating all software, including plugins and themes, can prevent many types of cyberattacks.

What is phishing?

According to Phishing.org, phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

The information is then used to access important accounts and can result in identity theft and financial loss.

According to Cloudflare, the operator of one of the world’s largest network of servers, it is estimated that 90% of cyberattacks begin with phishing attempts.

Therefore, if you learn to identify and avoid phishing attempts, you can protect your author career from a significant number of advances from bad actors.

Many phishing attempts begin with an email that pretends to be from a legitimate source that you trust, such as your bank. But phishing attempts can also pretend to be businesses, organizations, and even influencers that you trust.

Remember the following acronym to help you identify ‘phishers': SALSA.

Photo by FlyD on Unsplash

SALSA – The only spice you don’t want in your writing life

Whenever you receive an email you aren’t expecting asking you for sensitive information, review the following items:

Sender

Attachments

Links

Subject Line

Authentication

It’s okay if you can’t remember all of the letters in the acronym. Feel free to bookmark this page so you can return to it!

S is for Sender

Always look at the sender’s domain information in every email you receive, even from those you trust. Misspelled or unusual domain names are an easy clue that you’re dealing with a bad actor. They don’t expect you to notice the domain discrepancy.

Or, you may receive urgent billing emails from a Gmail.com address. That doesn’t make any sense now, does it?

Beware the sender!

A is for Attachments

It goes without saying that you should NEVER click attachments from senders you don’t know. Ever. Attachments can contain viruses that can disable your computer or render you vulnerable to cyberattacks.

L is for Links

Phishing operators have become more sophisticated and know that many people won’t click on email attachments, so they will instead ask you to click on a link.

The link will, more often than not, take you to a page that mimics a website you trust and ask you to input sensitive information.

If you receive this type of email, the best practice is to visit the website you trust independently and verify if the request came from the institution you trust. Or, call them and speak with a representative.

Never click the link in the email, and never call any phone numbers listed in the email.

And remember—in the self-publishing community, there are very few circumstances (if any) where anyone in our industry will ask you for unsolicited sensitive information such as your bank details by email.

When in doubt, verify the request independently.

Most importantly, there will never be a situation where authors are asked to send money unsolicited via Western Union or cryptocurrency. Both of those should be automatic red flags.

S is for Subject Line

Phishing emails often have subject lines with a sense of urgency, such as:

• Action Required
• Urgent
• Missed Payment

Other common subject lines include “Your account has been suspended” or “Password reset request.”

These subject lines are designed to jolt you into action. However, reputable service providers rarely need action from you so immediately.

A subject line with urgency should make you cautious.

Photo by Franck on Unsplash

Bringing it all together

To avoid phishing attempts against your author business, remember the acronym SALSA:

• Subject Line
• Attachments
• Links
• Sender
• Authentication

Also consider some additional best practices to further protect yourself online:

• Use a password manager such as 1Password or Dashlane to create difficult passwords, making your accounts more secure.
• Enable two-factor authentication on as many accounts as you can to prevent bad actors from getting access to your accounts even if they secure your passwords.
• Use backup software such as Carbonite or Backblaze to back up your data to a secure cloud that you can access it in the event your computer is compromised.

Staying vigilant and being proactive is key. Phishing attempts will continue to evolve over time, and the tactics the bad actors use will change, too. By being aware of the threat, you can stay informed and protect your author business and your important sensitive data.

More about Michael La Ronn

Michael La Ronn is ALLi's Outreach Manager. He published many science fiction & fantasy books and self-help books for writers. He built a writing career publishing 10-12 books per year while raising a family, working a full-time job, and even attending law school classes in the evenings. Visit his fiction website at www.michaellaronn.com and his resources for writers at www.authorlevelup.com.

Find out more:

The ALLi Watchdog Desk

ALLi's Watchdog Desk monitors the self-publishing industry in a variety of ways as part of our ongoing Ethical Self-Publishing Campaign. We have a Code of Standards for ethical authors and ethical services.

ALLi members have access to range of support to identify ethical suppliers and watch out for scams and rogue traders. Those who are not members can purchase some of the support guidance on the ALLi website. Just four of the support services on offer from the watchdog desk are outlined below:

1. Partner Membership:  This is our highest rating for services (see below), awarded to approved self-publishing services. Author members access these partners through our Partner Search database and they and the wider community through a widely distributed Directory of approved services.
2. Directory of Services: Members can access this Directory here (member log in needed) and the wider community can purchase the directory in our Self-Publishing Advice Center Shop.
3. Guidebook: Choosing The Best Self-Publishing Services, our comprehensive guide to the industry. Members: see the Guidebooks page (log-in needed). Non-members can purchase a copy here
4. Services Ratings: As an outreach service to the community, we rate good and bad services on the Services Ratings page in our Self-Publishing Advice Center.

PLEASE NOTE: The ALLi ratings are the opinion of the Watchdog Desk. Ratings are based on careful appraisals of multiple criteria, including pricing and value, quality of service, contract terms and rights, transparency, accountability, and customer satisfaction.

Thoughts or further questions on this post or any self-publishing issue?

If you’re an ALLi member, head over to the SelfPubConnect forum for support from our experienced community of indie authors, advisors, and team. Simply create an account (if you haven’t already) to request to join the forum and get going.

Non-members looking for more information can search our extensive archive of blog posts and podcast episodes packed with tips and advice at ALLi's Self-Publishing Advice Center.

And if you haven’t already, we invite you to join our organization and become a self-publishing ally.