The more we build our online personas and integrate our digital lives with our real ones, the easier it becomes to fall victim to identity theft and impersonation through fake profiles. No matter how much you protect your social channels with two-factor authentication, encryption and careful password hygiene, these scams often operate without breaching your accounts. They simply appropriate your content, borrow your face and pretend to be you while pursuing fraud. Despite all the community standards and identity controls, even empires like Meta can do very little—these profiles multiply too quickly for their sluggish response.
What’s worse is that rapid advances in A.I.—especially hyper-realistic video generators like Sora—are pushing the possibilities and risks of impersonation into a new era. It’s no longer just stolen headshots; scammers can make fabricated videos where your face speaks with your own voice to lure people into fraudulent traps. The barriers to deepfake-level authenticity are collapsing, making identity theft not only easier but also far more sophisticated.
You don’t fully grasp this alarming reality until you realize you’ve become a target—say, when an artist reaches out to double-check an invoice someone sent them using your name, your photo and a clumsy imitation of your Facebook and Instagram profiles. That happened to me two weeks ago, forcing me to alert everyone I knew to the fraud and ask them to report the account. Naturally, the scammer had blocked me from seeing both the personal and business pages they had created. Facebook eventually took the profile down, though with little relief on my end: just four days later another artist reached out, asking if it was really me requesting their work on consignment for an alleged auction—after the scammer posed as an online gallery and asked for money upfront.
This time, I managed to get a phone number, as the scammer had moved the conversation to WhatsApp, along with a copy of the so-called “contract” they were sending around. The red flags were immediate: the document in no way resembled a professional consignment agreement, and the fake profile described me as “Artist, Author, Art Therapist & Art Collector/Art Curator.” It even listed two actual affiliations—my position at Observer and, for many years, at Il Giornale dell’Arte. It’s true that I’ve worn many hats in this industry and still do, but anyone with even minimal knowledge of the art world knows those roles cannot coexist if you expect to be taken seriously as a professional. Interestingly, among the main titles I actually identify with—art writer, advisor and curator—only the latter appeared. Yet there was no mention of “art dealer” or “auctioneer,” which might have at least justified the alleged consignment agreement. To round out the spoofed profile, the scammer filled the feed with an exact copy of my LinkedIn bio and photos stolen from my art trips around the world, all uploaded the same day—without my usual scholarly captions, which were replaced by breezy, Facebook-friendly one-liners.
The red flags were everywhere, yet more than one artist was falling into the trap. I soon realized the scammers were targeting a very specific demographic: artists without enough experience or access to the “real” art world, navigating back alley Facebook groups and marketplaces in hopes of gaining exposure or selling their work. When I looked up the U.K. number I’d been given, I found a Threads comment from a Chinese account encouraging others to “contact our U.K. curator” (under yet another name) to learn how to sell and exhibit their art. That’s when it hit me—the art scam world was far larger than I had imagined, and I decided to dig deeper.
At other times, it’s the artists who are impersonated. Just in those same days, New York-based artist Davide Balliano received an email asking him to confirm whether he was behind an email he had supposedly sent—only it wasn’t him. Someone pretending to be Balliano was inviting artists to participate in a show he was allegedly curating in collaboration with his gallery, Tina Kim, but required them to turn their works into NFTs through a “tokenization” process. These types of emails are becoming extremely common, and as happened here, the scheme often veers into NFTs and cryptocurrency.
Spoofed profiles and unreal consignments
One of the most common fraud schemes involves impersonation emails or entire social profiles posing as a curator, gallery or collector, expressing interest and inviting artists to exhibit or sell. The more sophisticated scams take it a step further, impersonating a legitimate gallery’s email, setting up a fake gallery website or identity, or, as in this case, cloning the account of a known curator or gallery with only a slight change in the handle. They then message artists expressing interest and inviting them to “promote,” exhibit or sell. What follows is usually a fake consignment agreement, where the artist is asked to pay an entry fee or contribute toward the cost of a catalogue, shipping or other fees in advance.
It’s worth noting that professional galleries should never require an entry fee, and it is extremely rare for them to ask artists to split production costs, which are typically covered by the gallery—hence the usual 50/50 percent split in case of a sale.
Given all this, it’s worth revisiting what a real consignment agreement is and what it should look like. Legally, a consignment agreement is a written contract under which the consignor (the owner of the artwork or goods) delivers those goods to a consignee (a gallery, dealer, or merchant), who agrees to sell the goods on the consignor’s behalf. Title to the goods remains with the consignor until a sale occurs. Under U.C.C. § 9-102(a)(20), a “true consignment” applies when the goods are delivered to a merchant for sale, the merchant deals in goods of that kind under a name other than the consignor’s, the value of each delivery is $1,000 or more, the goods are not consumer goods before delivery and the transaction does not create a security interest for the buyer.
Most importantly, the consignment agreement—whether the consignee is an artist, dealer or collector—is a relationship of trust that carries specific fiduciary duties, with both legal and ethical standards. In the case of artists, it implies a proscriptive standard of care, meaning the dealer must refrain from self-dealing and uphold agency duties requiring proactive action for the artist’s benefit. As outlined in § 387, “Unless otherwise agreed, an agent is subject to a duty to his principal to act solely for the benefit of the principal in all matters connected with his agency.”
The main principles to keep in mind are these: in terms of ownership, title to the artwork remains with the artist until the work is sold. The consignment establishes an agency relationship—so by law, the dealer acts as the artist’s agent, and the law of agency applies. The consigned artworks must be treated as trust property, and any proceeds from their sale must be held in trust for the artist, not mixed with the dealer’s own funds or assets. The fiduciary duty established by a consignment agreement continues until the sales proceeds are properly delivered to the artist or until the termination of the consignment period.
A professional consignment agreement should include:
- Purposes of agency: exhibition and/or sale, spelled out in detail
- Inventory sheet: list of consigned works attached to the agreement
- Warranty: clear title and accurate description
- Duration of the consignment
- Transportation responsibilities (packing, shipping, insurance)
- Responsibility for loss and damage/insurance coverage, specifying where gallery coverage begins and ends
- Fiduciary responsibilities
- Notice of consignment / secured works under UCC Form 1 Lien (to prevent the artworks from falling under creditors’ claims)
- Removal from the gallery (how works should be removed, packed and returned)
- Pricing terms/gallery commissions (percentage split, payment deadlines, discount permissions or limits)
- Promotion strategy and credits (gallery’s “best efforts” to promote the artist’s work)
- Reproductions/rights on images
- Accounting profits
- Additional provisions (e.g., exclusivity of representation, limited editions for multiples, arbitration before formal court proceedings, terms of sale, unauthorized destruction or alteration by purchaser)
- Procedures for modification of terms or extension
Once signed by both parties, in two copies each, this agreement formalizes the professional relationship between artist and gallery and serves as a legal safeguard for both sides.
Other types of art scams
Some scammers impersonating galleries, advisors, curators or even collectors may instead request an invoice, pretending to have already sold the work or wanting to buy it. In these cases, the scheme may hide a more sophisticated attempt at money laundering, or they will try to extract funds in a subtler way, often sending a fraudulent check for more than the agreed price, asking the artist to wire the difference back or pay shipping. Later, the check bounces. Be aware, both of these scam methods can also target galleries.
Back in 2017, Art Newspaper revealed how hackers had targeted major galleries to steal large sums of money from art businesses and their clients using a straightforward deception known as “man-in-the-email” or email thread hijacking. Hackers sit quietly in an email thread, wait for a legitimate invoice or payment request to go out, then intervene with a fraudulent version. Among those affected were Hauser & Wirth, Simon Lee, Thomas Dane, Laura Bartlett and Rosenfeld Porcini, with sums stolen (in the cases identified) ranging from roughly £10,000 to £1 million per incident. At the time, Hauser & Wirth said, “Like many others, it’s true that we were targeted by a cyberattack. Due to the systems we have in place and the vigilance of our team, as soon as the fraud attempt occurred we responded swiftly, resulting in a full recovery of the funds. We are very aware of the potential risks that digital transactions bring and have implemented additional security measures to protect our staff and contacts.”
In 2022, another art market-savvy cyber thief posed as the Rome-based gallery T293, offering in-demand artists to collectors and sending invoices on the gallery’s behalf with a convincing grasp of art-world language and discounts for specific artists. One of the victims transferred more than $30,000 to an Italian bank account that was not the gallery’s, believing they were purchasing a drawing by Anna Park.
The art world, built on trust, reputation and a healthy dose of opacity, is especially vulnerable to fraud and impersonation. Compared to other industries, it has also been slower to adapt to the realities of digital security—particularly after the accelerated digitalization during the pandemic, with the surge in online sales, digital catalogues and remote transactions.
Major players have since armored themselves with stricter protocols. Some galleries and auction houses now require clients to verify any change in bank account details by phone or another independent channel, a practice borrowed from more secure sectors like real estate. Others have shifted financial transactions and invoice exchanges to encrypted systems or secure client portals instead of open email threads. Most include standard fraud warnings on every invoice, reminding clients to double-check banking information. Multi-factor authentication, stronger password management, regular security audits and staff training to recognize phishing, social engineering and compromised accounts have become the new baseline for survival.
Still, many mid-sized and smaller galleries (and auction houses) remain dangerously underprepared from a cybersecurity standpoint, often lacking the IT resources or awareness needed to keep pace with new threats. Yet whatever side of the market one sits on, the increasingly digital—and now A.I.-distorted and manipulated—art world experience brings an array of new threats, from deepfakes to synthetic forgeries. The best defense, as ever, begins with due diligence and something much older than technology: trust built through a direct, personal connection. In an industry sustained by the handshake, that human verification remains the most reliable firewall of all.
