ASIS Email Lists For Sale Are Fake - Warning

Just a heads-up to anyone who might have been contacted by a company offering to sell ASIS databases, this is not endorsed by ASIS, and may not even contain relevant email addresses.

We asked the provider:

I wanted to confirm that this is the official ASIS list and that ASIS has provided permission for you to distribute to us. Is that correct?

They responded:

Yes, absolutely. We work with many event organizers as an extended marketing team to support all the exhibitors and participants. As soon as we receive the registration on the portal, we collect the information on people who attend from each company and we add phone number & Email addresses.

The email list "seller" claimed to be offering the ASIS 2016 email database of ~17,000 contacts. This was brought to the attention of the ASIS organizers, who made it very clear they do not sell email lists of registrants/attendees through companies like this.

Selling email lists can be a profitable business, especially when the lists being sold are not what they are represented to be.

How much did they want?

Does ASIS categorically deny selling such a list to anyone?

If not, maybe it's a resale?

No, ASIS at least rents the list to manufacturers, though I don't know the specific cost.

This company, which is one of those Indian shops that pretend to be US based, was charging 18 cents per contact or ~$3,000 for the entire list. Surely, this can be negotiated but we did not feel the need to go that far.

"No, ASIS at least rents the list to manufacturers, though I don't know the specific cost."

Last year $750.

Good find, $750 is fairly inexpensive assuming it is the whole ASIS attendee list. Trade magazines typically charge thousands for doing an email blast to their lists and I think a fresh ASIS attendee list would be more valuable.

Could this be an "inside job" - someone from ASIS or their marketing company trying to make some cash? For that matter, isn't their a certain level of membership that give normal folks access to this info? I know I can pull all the databases from several large trade organizations when I am on boards or committees.

My guess is that it is a bunch of emails somehow related to security (either purchased previously from other sources, or just harvested by some random site wanting to trade a whitepaper/study/report for an email address).

They are marketing it as an "ASIS list" right now because ASIS is coming up. In a few months it will be the "Intersec attendees list" and then the "ISC West attendees list" and so on.

I do not think it is an inside job from anyone at ASIS.

I have heard random people are added each time a list is generated to allow tracking back to whomever created and leaked these lists.

I wonder......

Much like map-makers add fictitious side-streets and other errata to detect copying.