Skip to main content

Gallery impersonation: How scammers target your collectors

  • Updated
This is the second article in our series about security threats facing galleries online. These articles will help you stay ahead of the curve when it comes to cybersecurity, giving you resources to protect yourself, your clients, and your business and transact online with confidence.

Gallery impersonation is a combination of two common, well-known scams: business impersonation and invoice fraud or theft. These scams affect companies and organizations from insurance carriers to churches. Essentially, a scammer will adopt the identity of a figure of authority at a business. They then use this identity to send fraudulent invoices and get payments.

In the art world, this usually involves a scammer impersonating a figure at a gallery to get payment from a collector for an artwork. Since information about a gallery’s clients is not public, this type of fraud usually requires the scammer to have access to a gallery’s online accounts like their email, content management system (CMS), or customer relationship management system (CRM). The most common way for a scammer to get access to your accounts is through phishing.

Here’s an example of how gallery impersonation works:

  1. The scammer gets access to information about a gallery’s clients. The most common way we believe this happens is by accessing a gallery’s email account through phishing, though this information can be accessed through other accounts, such as your gallery’s CRM or CMS.
  2. They identify active and interested collectors. Once a scammer has access to a gallery’s accounts, they wait for an opportunity. They might monitor your email account, waiting for a collector to email about a work. Alternatively, they could reach out to collectors that you’ve been in contact with in the past.
  3. They impersonate the gallery. Once they have identified a collector to target, they will reach out, either using the gallery’s email account (if they have access) or their own email account faked to look like an official, legitimate gallery email account. Faked email accounts might use an alternative spelling of the gallery’s name (or the name of a proprietor) and can be very hard to distinguish from the real, official gallery email account. For instance, jean@lorumipsumgallery.com might become jean-lorumipsumgallery@gmail.com or jean@loromipsumgallery.net.
  4. They offer an artwork for sale. Once they’ve made contact, they reach out to the collector and offer an artwork for sale. They will then request payment for the work to a bank account controlled by the scammer. If the collector sends money, the money goes to the scammer—not the gallery.

How to spot impersonation attempts

Oftentimes, these scams go unnoticed by galleries since the scammer communicates primarily with collectors. Galleries will typically find out about the scam from collectors who will forward them unusual emails purporting to come from the gallery’s staff.

However, there are a few warning signs that someone might be impersonating your gallery:

  • Signs that you are the target of phishing scam attempts. Phishing scams are often a precursor to impersonation attacks.
  • Unusual sent emails in your deleted folder. If someone is using your email account to impersonate you, they may delete emails they send to avoid tipping you off. You may be able to spot these in your deleted messages folder.
  • Unusual activity on your account. If you receive emails about new log-ins on your account or notice emails sending at unusual times, this may be a sign that someone has accessed your account—or is attempting to.
  • Reports from your collectors. Savvy collectors may flag impersonation attempts with your staff. Investigate any reports quickly and thoroughly.

How to protect your business

Protecting your business’s reputation and the relationships you maintain with your collectors (not to mention the financial resources of those collectors) is paramount. The best way to protect yourself from these scams is to have strong security in the first place and to respond quickly to any incidents.

  • Use strong, unique passwords. Use long passwords with upper- and lowercase letters, numbers, and special characters. Use a different password for each log-in, and make a habit of changing your password periodically. We recommend that you use a password manager like 1Password or LastPass to make it easy to use strong, unique passwords across all your accounts.
  • Check who has access to your accounts. Review the user log-ins to your accounts periodically and purge users that no longer need access. Some email clients will also allow you to see where each user is logged in from and on what device. If you notice anything unusual, you can force all users to log out and set new passwords. For information about users with access to your Artsy CMS, contact trust@artsy.net.
  • Learn how to protect yourself from phishing scams. Phishing scams, where a scammer will attempt to collect your username and password, are a common precursor to impersonation scams.
  • Use secure payment methods—and communicate them to collectors. Narrow the number of ways you transact with collectors to a few secure methods, like Buy Now and Make Offer. Communicate these methods to your collectors to make it harder for impersonators to take advantage of uncertainty, and persuade collectors to use other methods that they control.
  • Consider limiting the visibility of your staff’s contact information. If you have your staff’s contact information available on your website, it is easier for scammers to impersonate specific staff members. Consider limiting the availability of this information to make it harder for scammers to adopt the identities of your staff.
  • Respond to incidents quickly. If you discover an impersonator, act quickly to secure your accounts and communicate with your community. Reset all your passwords and inform everyone who interacts with your gallery of the incident.

How Artsy is countering these threats

These scams are not especially technically sophisticated, relying instead on social engineering. They can target any of your online accounts in search of useful information about your clients. The best protection for our partners is education, improved security practices for Artsy accounts, and secure payment methods for collectors. Here’s how Artsy is responding to these threats:

  • Rapidly investigating any threats to partners. Our dedicated Trust and Safety team investigates threats as soon as they arise, taking steps to protect our partners. Report any suspicious communications to trust@artsy.net.
  • Strengthening passwords. We are strengthening password requirements for our partners to protect their CMS accounts.
  • Rolling out our most secure payment methods, Buy Now and Make Offer, to more partners. We’ve expanded the coverage of our most secure payment methods to 24 countries in North America and Europe, offering collectors trusted ways to transact with galleries through Artsy.
  • Making further improvements. We are also working on further technical improvements to protect you, your account, and the collectors with whom you transact on Artsy. We’ll share more information about these in the coming weeks.


If you have any questions about the topics discussed here or about any communications you receive, please reach out to our Trust and Safety team at trust@artsy.net. We’re dedicated to helping you stay secure online and transact through Artsy with confidence.

Related articles

Comments

0 comments

Please sign in to leave a comment.