Quick Links
- Sponsorship Interest Form
- NYSAIS Sponsorship Protocols
- Conference and Showcase Calendar Dates – 2026
- Sponsorship Email Subscription Form
- Code of Conduct
- Sponsorship FAQ’s
- Fraudulent Attendee Email Lists
- Sponsor – Directory
Upcoming Events
View All
Careers
View All
Fraudulent Emails Claiming Access to Attendee Lists
Associations that host conferences, sponsor showcases, and professional events are frequent targets of email-based fraud. This page explains what we’re seeing and how to protect your organization.
We do not sell, license, or otherwise authorize the distribution of attendee lists to third parties. Attendee information is shared only with event sponsors when an attendee has explicitly opted to. Emails offering to sell “official” or “verified” NYSAIS attendee lists are unauthorized and should be treated as suspicious.
What these messages typically look like
- They claim access to private attendee or exhibitor information.
- They reference real event names, dates, venues, sponsors, or staff names to appear legitimate.
- They offer to sell an “exclusive,” “updated,” or “guaranteed” attendee list.
- They pressure recipients to respond quickly, pay immediately, or “confirm” details.
Why this happens
Scammers routinely scan public event web pages and announcements. They then use that information to craft convincing outreach to sponsors, exhibitors, presenters, and registrants. In many cases, the sender does not actually possess any legitimate attendee data. These emails rely on social engineering to induce payment or elicit additional information.
Does this mean there was a breach?
No. These solicitations did not involve access to our systems or data. They typically originate from external actors using publicly available event information and generic list-selling tactics. While no breach has occurred, recipients should still treat these messages as fraudulent and avoid engaging with the sender.
What to do if you receive one
- Do not respond or click links in the message.
- Do not purchase any lists or provide payment details.
- Do not share internal contacts, attendee information, or event-related documents.
- If the message appears to come from someone you know (or uses a familiar name/domain), verify via a separate channel (e.g., phone call or a known-good email address).
- Report the message to your organization’s IT/security team and mark it as phishing in your email system if available.
Related industry guidance
If you have questions about a message you received, contact our office at support.nysais.org or 518-694-5500.