An Italian citizen named Filippo Bernardini has pleaded guilty in New York to stealing more than a thousand unpublished book manuscripts from various well-known authors. The targeted authors included Margaret Atwood, Ian McEwan, Sally Rooney, and Ethan Hawke.
Bernardini worked for publishing company Simon & Schuster in London, and crafted convincing phishing emails that impersonated hundreds of real people and publishing entities.
“In carrying out this scheme, Bernardini created fake email accounts that were designed to impersonate real people employed in the publishing industry, including literary talent agencies, publishing houses, literary scouts, and others,” the US Justice Department stated.
“Bernardini created these accounts by registering more than 160 internet domains that were crafted to be confusingly similar to the real entities that they were impersonating, including only minor typographical errors that would be difficult for the average recipient to identify during a cursory review. Over the course of this scheme, Bernardini impersonated hundreds of distinct people and engaged in hundreds of unique efforts to fraudulently obtain electronic copies of manuscripts that he was not entitled to.”
Bernardini also used phishing attacks to gain access to the database of a New York City-based literary scouting company. The Justice Department stated, “[I]n or about July 2020, Bernardini impersonated a Scouting Company-1 employee and emailed two individuals, directing them to Bernardini’s look-alike webpage and prompting the users to provide their usernames and passwords. Bernardini’s webpage was programmed to automatically forward the input usernames and passwords to an email account controlled by Bernardini. Bernardini obtained the login information of approximately 20 users.”
US Attorney Damian Williams said in a statement, “Filippo Bernardini used his insider knowledge of the publishing industry to create a scheme that stole precious works from authors and menaced the publishing industry. Through impersonation and phishing schemes, Bernardini was able to obtain more than a thousand manuscripts fraudulently. I commend the career prosecutors of this Office as well as our law enforcement partners for writing the final chapter to Bernardini’s manuscript theft scheme.”
It’s an odd case, at least in terms of what the criminal was interested in stealing, but it shows the ways in which social engineering can turn up in all manner of crimes. New-school security awareness training can enable your employees to thwart social engineering attacks.
The US Justice Department has the story.