Cyber Attack Crime. Photo by Bill Hinton courtesy of Getty Images.
Photo by Bill Hinton courtesy of Getty Images.

A German collector thought he was getting the deal of a lifetime when he received an offer to buy not one, but two works by the young art star Anna Park. He had been trying to get his hands on her densely rendered drawings for years. But just as he wired more than $30,000 to close the deal, something felt terribly off. It all seemed “too good to be true,” he said.

Turns out, it was. The collector, who has asked to remain anonymous, was the victim of an apparent hack of the contemporary art gallery T293 in Rome. A U.S.-based art advisor, who contacted Artnet News independently, reported a similar experience. 

The well-known Italian art gallery, which represents in-demand art stars including Puppies Puppies and Simon Denny, has been ensnared in a type of hack known as a “man in the middle” scheme, in which cyber thieves compromise and intercept emails between a business and a paying client and reroute the money to themselves. The art industry, it appears, remains particularly vulnerable to such schemes.

Anna Park, Intermission, 2021. Courtesy of Half Gallery.

The plot took hold in early January, when a scammer posing as the gallery’s directors used a fake email account (just one digit off from the real one), info@t292.it, and a fake phone number to send offers to clients. The emails had enough of a grasp of art-world lingo and offered discounts for work by specific artists. The German collector confirmed he transferred more than $30,000 to an Italian bank account that was not the gallery’s.

The gallery has confirmed that 19 individuals—four ongoing clients and 14 collectors that the gallery had not yet sold any work to—were contacted by the perpetrator. Both the German collector who sent money to the hackers, and the art advisor who was very nearly taken in, are concerned that their private information may have been compromised, and upset with the gallery’s lack of communication in the immediate aftermath.

The gallery, in turn, has complained that it received “aggressive” threats from individuals affected by the hackers. It said it has worked with the police to get the situation under control.

Redacted email shared with Artnet News, sent from the info@t292.it account.

Too Sweet a Deal

The U.S. art advisor was surprised to get an email purporting to be from T293’s director Alessandro Cazzola two weeks ago. She hadn’t been in touch with the gallery since 2020, when she inquired about work by Park and painter Trey Abdella, and was told nothing was available. This month, however, she was being offered three works by Abdella for a total of $28,500 and a five percent discount.

“This is too good to be true, I thought, but I played it out,” she said. Her initial suspicions were solidified when she saw an invoice with peculiar details. The document, reviewed by Artnet News, listed a Wells Fargo private account in Mills Valley, California—far off from Rome. She then checked back and realized she had been emailing with a “t292” email account, not “t293.”

When she scrolled back through her emails and messaged the proper address, asking Cazzola to call her, she said her email was intercepted again. Someone purporting to be Cazzola informed her that “t292” was simply a secondary email address used in tandem with “t293,” in an email reviewed by Artnet News. Despite this, T293 said their main emails are secured.

“Someone would have had to go deep into the email history to find out that I had requested work,” she said. The advisor filed a report online with the FBI’s internet crime complaint center on January 20.

The defrauded German collector recounted a similar experience. “I have been trying to buy a drawing from Anna Park for two or three years, and it has been almost impossible,” he said. “Then, the gallery sold me two for a very good primary market price.” He transferred $33,000 to cover the two drawings, corresponding with someone posing as the gallery co-founder Marco Altavilla. By the time he realized something was off—the gallery offered to pay shipping, which he said never happens—the money was already sent out.

Luckily, on Monday, January 31, the private bank account was deactivated and his money returned, presumably by authorities tasked with looking into the matter. (The German and Italian police did not reply to a request for comment by the time of publishing).

However, there may be more trouble to come: the collector told Artnet News that he received another email pestering him to close the deal on the Park drawings, from a handle ending in “t293t.” In an email reviewed by Artnet News, the scammer also sent a passport of a Giuseppe Altavilla to try to substantiate their legitimacy.

Artnet News asked T293 about whether they were aware of a second false email and if the passport was indeed that of Altavilla from the gallery, but did not hear back.

Redacted email sent to a defrauded collector.

Feeling Shut Out

As more and more transactions happen solely online, reports of cybercrime in the art world have been on the rise. Most recently, a mysterious Instagram user or group of users were revealed to have been catfishing collectors, luring at least two people to buy artworks by an artist who does actually not exist. 

In 2019, a Swiss collector lost $18,900 when she “bought” a Ryan McGinley work from New York’s Team Gallery’s hacked email.

In the case of so-called “man in the middle” cybercrimes, both the duped client and the impersonated business are victims, which can make the process of reparations unclear. The German collector said he is upset that the gallery is not more communicative with him. Both he and the advisor said they were blocked on Instagram and have been largely ignored. “The gallery needs to act,” said the German collector.

Besides feeling worried about her personal information, the art advisor is also concerned that the gallery has not been more proactive. “I would have expected someone from the gallery to reach out to me and tell me what is happening and what precautions they are taking, she said. “I would have called every single person affected.”

Screenshot from T293’s Instagram.

The gallery told Artnet News that it has been privately contacting clients and replying to other external contacts that reached out about the scam over the past two weeks with reassurances. “Our clients have been warned, and have been very supportive and helpful during this situation,” said co-founder and director Paola Guadagnino. “We can assure you we did everything in our power to stop this scam from continuing and effectively, with the help of the police, we managed to deactivate the fake email accounts.”

The gallery said it has also been dealing with what it called “blackmail” from buyers in the aftermath of the scam. “Some contacts became extremely aggressive, reaching up to a point of threatening us on this matter, using this excuse to blame us or even claim for available pieces of some of our artists,” said Guadagnino. In a screenshot reviewed by Artnet News, one contact who had not yet been able to purchase something from T293 threatened the gallery to sell them an artwork as compensation for the near-scam. The gallery said it was considering contacting their lawyers regarding this matter.

Learn more about how to protect your art business from cybercrime here.

Corrections, February 2: An earlier version of this article said the gallery is in Milan. It is in Rome. The scammers are using the email handle @t293t.it, not @tt292.it. This article has been updated to reflect these changes.