A New Scam Hits the Art World, Targeting Collectors and Art Advisors

Emilie Trice | January 25, 2022 (Updated September 20, 2022)


Photo by lilartsy on Unsplash


Art world hackers are becoming increasingly creative in their cons. 

Last week a hacker managed to infiltrate the computer systems of a contemporary and well-respected art gallery based in Italy. In doing so, they somehow identified almost a dozen of the gallery’s clients and their artists of interest, going back more than one year.

The hackers then sent emails to those would-be buyers, posing as the gallerists themselves, and claiming that work by the artist they had coveted was suddenly available on the secondary market. Would they like to make an offer? 

Like the best cons, this scam contains many truths. These were real artists, whose works the buyers were actually hoping to acquire. Sales offers were quickly confirmed. Invoices were swiftly generated in the mid-five figures and sent out. These invoices were almost identical to the gallery's actual invoices—same formatting, same font, etc.

But there were a few red flags, some so minor that they could have been missed. Fortunately, one intrepid art advisor noticed certain inconsistencies and raised the alarm (meaning: a less experienced and /or paranoid art advisor probably would have fallen victim to this particular fraud). 

The gallery is apparently now working with authorities in Europe to track down the hackers. While this cyber scam certainly isn't on the same mass scale as when Art Basel's VIP list was hacked last fall, it's extraordinary in its phishing ingenuity and a cautionary tale for collectors and advisors currently active in the market.

Here’s what we learned from this most recent artworld cyber-hack.

Update: Artnet published an article with images of the emails and more details of the breadth of this scam.
 

Redflag #1: A different domain name (aka website) in the email address

The emails received by said art advisor came from a domain name that was almost identical to the gallery’s actual website, but not quite. In fact, only one letter was different

However, when that same art advisor emailed her original contact at the gallery, using the correct email address, the gallery director quickly replied — from the correct email address — assuring her that he had, indeed, sent the first email. He stated he had sent it from the gallery’s “secondary domain.” 

This means that the hackers actually got into the gallery’s main email account, in addition to “cloning” the gallery’s domain name, thereby committing identity theftHad the original offer come from the correct email address (rather than the "secondary domain"), it's likely the art advisor would never have suspected that she was not actually communicating with the true gallery director. Thankfully, she noticed the inconsistency in the sender's inital email, minor as it was.

Takeaway: Always double check the email address of the sender of any suspicious email or offer. If you are unsure about any digital correspondence, try to connect with the sender via phone, video call and/or social media, in order to verbally (and visually) confirm their identity and that they actually sent the email. 

 

Redflag #2: The payee was an individual, not the gallery itself

The invoice sent to the art advisor for their client listed a random individual in California as the payee, rather than the gallery itself. This is highly unusual. A gallery will almost always act as the intermediary in any transaction, unless alternative arrangements have been made and agreed upon in writing.

The funds could have been easily transferred and never seen again, had the advisor simply forwarded the invoice to her client without reading the fine print first. The advisor could have then been an accessory to international wire fraud

Takeaway: Always read the fine print on an invoice, including bank details, before forwarding to your client/bank/accountant, etc. If the bank account holder is not the same as the gallery, make sure to ask the gallery why.

 

Redflag #3: The gallery pressured the client to send funds ASAP

When the art advisor followed up with the gallery director (not realizing that email address had also been hacked) to ask about the abnormalities in the invoice, the advisor received a reply that pressured them to “effect payment for the work” as soon as possible because of the artist’s “waiting list” of eager collectors. The email and its tactics seemed unnecessarily curt and aggressive. 

While certain art dealers may be known for their heavy-handed sales strategies, the tone of this email seemed excessively urgent. Rather than take the bait, the advisor waited until they were able to talk to the Italian gallerist on the phone, at which point they were able to ascertain the extent of the attempted scam. 

Takeaway: 

Trust your instincts when it comes to irregular or questionable correspondence, especially in regards to transferring a relatively large payment in a time-sensitive manner.

This is a developing story. Check back for more updates as they unfold. 

Artwork Archive offers collectors, advisors and all art world professionals industry-leading data security to protect both their art and their relationships. Try it free for 14 days.

 

Share This Article
Cookies help us deliver our services. By using our services, you agree to our use of cookies. Cookie Policy