In early August, I received what looked like a perfectly normal email. The subject line read: PROPOSAL SUBMISSION INVITATION. It was from an independent bookstore I had already been corresponding with about a possible author event. So, I clicked.
The email included a link, one I assumed would contain the event details. But when I clicked it, nothing happened. Thinking it was just a technical issue, I replied to the email, and the representative “confirmed” they had shared the document. They encouraged me to authenticate using my email to access it. So I tried again. Nothing happened, and because I was about to leave on vacation, I didn’t think anything else of it.
That’s when things got weird. About a week later, while on vacation with my family in Myrtle Beach, I started getting messages from clients and friends: “Did you just send me a proposal?” They had received the same strange email… from me. My heart sank. I had been phished, and worse, hacked.
What Is a Phishing Scam?
Phishing is when cybercriminals trick you into giving up sensitive information by pretending to be someone you trust. These scams often arrive via email or text and contain links or attachments that look legitimate, until they’re not. In my case, the email looked like a follow-up from a real conversation with a real person at a real bookstore.
But it wasn’t. It was a fake, designed to harvest login credentials.
According to this Reddit thread on phishing, this type of scam is on the rise. One common version involves subject lines like “New Project Proposal” or “Shared Document” that appear to come from someone you know. The links then prompt you to log in, giving hackers access to your email.
Why Phishing Is So Dangerous
Here’s the real problem: once they’re in, hackers can do a lot of damage quickly. They can:
- Access your inbox and contacts
- Send malicious emails posing as you
- Harvest sensitive information
- Lock you out of your account
Thankfully, Google shut my email down right away, but by then, I had no way of knowing how many people were contacted in my name. Even now, almost a week later, I’m still hearing from people confused about the “proposal” I supposedly sent.
How To Protect Yourself (and Your Business)
Whether you’re a freelancer, a business owner, or someone who just uses email to stay in touch, this could happen to you. Here are some ways to stay safe:
- Be suspicious of links and attachments. Even if the email seems familiar, double-check before clicking.
- Look closely at the sender’s address. Scammers often spoof names but use suspicious domains.
- Avoid logging in through links. Go directly to the site instead of logging in via an email prompt.
- Turn on two-factor authentication (2FA). It’s an added layer of security that can stop hackers even if they get your password.
- Report suspicious emails. Most providers have a “Report phishing” option.
A Quick Word to My Clients
If you got a strange email from my Copywriting For You email address recently (on or around August 15), I sincerely apologize. I would never send an unsolicited proposal or require you to log in to view anything. If something ever looks off, please ask before clicking.
This experience has been frustrating, embarrassing, and eye-opening. But if sharing it helps even one person pause before clicking a sketchy link, then it’s worth it.
Stay safe out there. And keep writing, not worrying.