Authors need to be aware of a current scamming effort aimed directly at them. Lots of authors have gotten random emails from so-called publicists and marketing agents, offering to help with online book promotions. While some may be legitimate, the bulk are not.

The first sign of a possible scam is the use of third-party emails, such as Gmail, Hotmail, or Yahoo. Real businesses use “domain” email for initial outreach and formal business. At some point, after a relationship has been established, they may switch to Gmail or Yahoo for quicker interactions via mobile devices. Just remember that third-party email is almost never used for an initial contact.

Domain used for an email must match the website of the business in question, such as: contact@__.com. When larger businesses have several website domains, they almost always show them on their primary website to verify which ones belong to them. This is now standard business practice.

Another type of email scam relies heavily on using a slightly different business domain. For example, instead of “amazon.com” it might look like “amzn26.net.” That’s not Amazon. A lot of email scams now try to trick people into logging into fake websites that look like the real thing.

What happens is hackers somehow get hold of email client lists for online business sites, both platforms and retailers. They then set up fake login panels with fake landing pages that on the surface look like the real site in question. Again, the difference will be that the domain is slightly different. It could also use a different extension. The main business domain extensions are dot-org, dot-com, and dot-net.

Logging in to a fake website gives scammers your real email and password, which they then use to access your account. — In other words, you just gave them your login.

Security exports advise that you never “click” on a link from inside an email. While there are still some circumstances when a business sends a link in an email to verify who you are, those links should never take you to a login page where your information could be compromised. These days, most legitimate businesses and sites send one-time pass-codes via phone text messages or emails. You get the pass-code, which is usually a 5-9 digit number, input that in the real login panel, and proceed.

Instead of clicking on email links, go directly to the site in question and login from the front page. If there are issues with your account, the real site should show a notice. If no notice appears, then the email was a scam. At that point you should contact the site, via customer support online chat or email, to ask if there is a problem. If they say no, then report the email scam and be sure to give the email address from which it was sent.

Eager to increase book sales, authors are always looking for good marketing tools and promotion sites. However, do not engage with anyone who sends a direct email. First, how did they get your private email? Most authors use third-party emails for online contacts, such as Gmail, but never publicly post their private email addresses.

The first clue of a scam is that someone has your private email.

The best advice I can give is for authors to share information about good marketing companies with which they have worked. If you find a new (or new to you) marketing website with associated social media presence, then do a little homework to verify its legitimacy.

Remember, what scammers want is your money and your personal information. Do not give them either one.