On the surface, there was nothing unusual about the email that designers Bill Brockschmidt and Courtney Coleman received from the antiques seller in Bordeaux. The founders of New York– and New Orleans–based firm Brockschmidt & Coleman had initiated the conversation, inquiring to purchase a 19th century gueridon they found through a listing on Proantic, an online marketplace for European antiques operating in France. The response—and several others that came after it—was sent with an official-looking header that prominently displayed the seller’s company name, maintained proper spelling and grammar, and included a complete signature with contact information that matched the listing.

“This wasn’t like the Nigerian prince email,” says Coleman. “Nothing about the correspondence seemed weird at all.”

Still, the designers did their due diligence, verifying that the seller—and the gueridon in question—were listed similarly on other antiques sites. Then they proceeded with the purchase, receiving detailed instructions for wire transfer payments to the seller and his preferred shipping company. (Brockschmidt and Coleman were also looped in on conversations between the seller and the shipper as the two parties negotiated fees and logistical details, conversations that followed the familiar cadence of past purchases they had made through Proantic.)

In the end, the pair handed over $6,900 ($4,000 for the table, $2,900 for shipping) in what seemed, at least to them, to be a legitimate arrangement. What they later learned was that the interaction was a ruse perpetrated by a criminal who had hacked into the seller’s email, intercepted the inbound inquiry from Proantic’s site, assumed the seller’s identity throughout the entirety of the correspondence, and posed as a representative of a nonexistent shipping company to swindle the designers. Once the agreed-upon funds were received, the thieves asked for an additional $5,000 in supposed "shipping fees.”

It was that last demand that ultimately tipped off the designers to the scam. After discovering that the shipping company address led to a dead end, they began to put the pieces together with help from ChatGPT. “It pointed out what we should have noticed and opened our eyes to how these kinds of hacks might work,” says Brockschmidt.

Red Flags
Though nowhere near epidemic levels, instances of digital deception have surged in the last few years, with Pew Research Center reporting that 73 percent of U.S. adults have experienced some kind of online attack and nearly $17 billion in losses were reported to the FBI in 2024. It’s easy to see how designers might get caught in the crosshairs of increasingly sophisticated scams. “It’s an industry that moves around in excess of $10 [billion] or $12 billion of commerce annually, so it’s not surprising that someone would look to target it,” says Seth Kaplowitz, an attorney in New York who represents many design industry insiders. He detailed a recent con in which a hacker hijacked a designer’s email and began emailing clients directly with new bank information and wiring instructions.

In Brockschmidt and Coleman’s case, a few elements coalesced to make the scam possible, the first being Proantic’s accountability-light usage terms and conditions. Unlike U.S.–based companies such as 1stDibs, Chairish and Etsy, Proantic’s legal language disclaims it from liability in the event of any damage, financial or otherwise, inflicted by third parties; when making a purchase, visitors assume the risk for their use of the site. “It’s a clear statement that they’re not taking responsibility for anything that happens, whether a user is dealing with a seller who hasn’t been properly vetted or a bad actor who is taking advantage of the situation,” says Kaplowitz.

Still, not all resale sites are created equal. Even in the U.S., it’s up to consumers to do their own research before diving into a transaction. Some companies have vigorous security protocols in place to prevent both fraudulent activity and general disputes, from a robust vetting process for sellers and mandatory in-platform purchasing via credit card (a typical backstop for fraud) to consumer-friendly refunding policies—with terms that clearly indicate what recourse users have should transactions go awry. “There are obvious government mandates involved,” says Kaplowitz, “but there’s also a reputational component, because these companies want people to keep coming back and shopping.”

But others don’t. Proantic works similarly to Craigslist, allowing sellers and buyers to interact confidentially and directly outside of the site’s supervision—with little regard for the jurisdiction in which these transactions are taking place. From there, sellers can determine their delivery terms and payment methods individually, creating an environment where misdeeds and unregulated wire transfers can flourish. This puts the onus of due diligence on buyers and sellers, who often don’t realize there’s a problem until there’s a big one. For that reason, these parties are usually the ones to alert Proantic to instances of fraud rather than the other way around.

Yet the company insists that it takes security seriously. “We have an elaborate detection and alert system to find suspicious messages,” said Stéphane Camus, co-owner of Proantic and the computer engineer tasked with the site’s maintenance, in an email. “Depending on the number of e-mails sent, IP address analysis and different kinds of message filtering, we are able to quickly debunk phishing attempts and alert the sellers who have received the messages.”

He says Proantic regularly educates sellers about scamming techniques; sends automatic replies to incoming inquiries highlighting the seller’s authentic email address while urging potential buyers to stay vigilant against attacks; and encourages sellers to enable a two-factor authentication method when logging into the system. Still, many of the site’s security measures rely on sellers to opt in—and even if everyone did what they were supposed to do, that doesn’t prevent the situation that Brockschmidt and Coleman encountered, a reality Camus regretfully acknowledges. “Today, it’s easy to find anyone’s email address,” he said. “Scammers are smart. They constantly look for cracks in the system and, more important, they understand human weakness. When a client falls victim to one of these scams, it makes me sick to the stomach.”

The Way Forward
Unfortunately, there is little legal or financial recourse for Brockschmidt and Coleman. The cost of litigation for a case like this would far exceed their losses, and the process would likely be both tedious and time-consuming. And, per Proantic’s terms, reimbursement on the part of the seller—who was alerted to the scam after the fact—is neither expected nor encouraged. (The owner of the antiques mall that houses the seller’s booth facilitated communication with the design duo as they followed through with the purchase of the real gueridon—the seller does not speak English—but did not return BOH’s request for comment.)

In the end, it’s better to be proactive than to expect relief after the fact. Though many scamming techniques may seem opaque to the layperson, there are often warning signs—if you know what to look for. To start, Brockschmidt and Coleman’s hacker used all of the same photos and information included in the piece’s original listing to impersonate the seller, but made one key change to the seller’s email address: They replaced an o with a similar-looking c, a minute detail that the designers regret not catching. In hindsight, they also acknowledge that they should have followed up on investigating the shipper’s address sooner; the lagging response to basic logistical questions they had regarding the purchase should have given them pause as well.

But to identify and process these warnings in real time—when designers are juggling the various moving parts of multiple projects and navigating the often rapid nature of online sales of one-of-a-kind pieces, all while living in the middle of a raging attention economy—requires a Herculean verification effort if not a dedicated cybersecurity team. Sometimes, it’s nearly impossible to get ahead of these kinds of situations.

Yet it’s imperative that business owners try. Experts agree that, outside of deploying security software and email filters to detect malware and phishing activity, there are several easy ways to protect yourself. The Federal Trade Commission recommends that consumers always call a seller by phone (assuming that number is listed on a trusted site, not the one received in a potential phishing email) to verify the correct bank details, contact information, location and price, and that the item in question is, in fact, real (perhaps by asking that a unique identifier be included in a photo, like a dated piece of paper); and to be particularly vigilant if an email is coming from Gmail, Hotmail or Outlook rather than a company-owned domain.

Personal emails paired with mandatory wire transfer payments are another red flag, as credit card companies have vigorous protocols for recognizing and combating fraud. Also keep an eye out for language that includes imaginary jargon like “yellow tag stamp document fees,” “release fees,” and anything related to customs and airport detentions, coupled with an indication of urgency, as scammers often prey on the panic and delayed judgment that come from quick decision-making.

If you do find yourself the victim of a scam, Kaplowitz says an all-risk insurance policy can sometimes cover some of the damage inflicted by factors beyond a designer’s control, but it doesn’t supplant the need for thorough research—especially when you’re dealing with an unknown entity. “The most relevant advice I can think of comes from the construction industry: Measure twice and cut once,” he says. “If you’re dealing with someone that you haven’t dealt with before, you need to look twice. The measuring is the due diligence, and the cutting is of the check. At the end of the day, people have to be their [own] first line of defense.”