Updated Feb. 11, 2025 -- MLTC staff and a number of our contacts have recently received emails from multiple senders, offering to sell a list of Visitors/Attendees to the March 21 Mass. Land Conservation Conference being held at UMass Amherst.
After talking with security teams of our CRM (database), our online events and payment platform, and to our computer consultant, we are confident that details of our contacts have not been leaked or hacked from those systems. As we've learned during this investigation, there are a number of other ways bad actors can obtain names and emails.
We have learned:
1. Information about people in our community (land management / conservation / environment) can come from anywhere. It needn't be from a list that WE put out. It could be from a list from another conference that's similar, from organizations that people on our lists belong to, etc.
2. A malicious entity does not need to have hacked into our systems to get people's information.
3. Bots can scrape the web for information, and make correlations about belonging to a community that could have similar interests to our conference.
4. These malicious entities can tweak the emails slightly to make it less likely that organizations put a block on all emails that have certain characteristics (i.e., number of attendees changes slightly, or the title of the conference, etc.)
We are being as safe as we can be. We do not publish or distribute contact details. We have notified you about these scams and have emphasized that we do not sell attendee lists (we do not sell or distribute any lists). And our computer consultant has already enabled strong email authentication to reduce impersonation risks.
What you are seeing are phishing attempts, in that the data they are offering to sell does not match information we are collecting as part of our conference registration process, and the emails are coming from random gmail accounts rather than a legitimate company. Please do not be tempted by their offer.