We hear about incidents like that roughly once or twice a year and up to now we could always rule out ConfTool as the source of the leaked data. Usually, the information of the individuals targeted (mostly speakers) could be found quite easily on the web by browsing the conference website and by using a search engine like Google to locate the personal homepages of these persons. Still, we recommend that you check if there is a publicly accessible list of your speakers and their information online, for instance by using a search engine.
If you hear from your participants/speakers about suspicious calls or e-mails, we strongly recommend sending out a
bulk warning e-mail to inform everyone about these fraud attempts by third parties. Make it clear that they should never share any payment data over the phone or by e-mail. Please also provide your contact details so they can ask for more information or let you know if they have been targeted as well.
However, we do not think that it makes much sense to ask your participants to change their ConfTool passwords, as passwords are stored encrypted in ConfTool. Even if unauthorized individuals were to gain access to your ConfTool installation, they would not be able to retrieve other users’ passwords.
The most likely scenario of a security breach right now is a "Trojan" on one of the organizer’s / assistant’s PC that forwards all keystrokes and locally stored information of this person to the criminals. This could give them access to the personal account of this organizer and, by extension, all participant data. To ward off such an infection, we strongly recommend browsing the web carefully, refraining from downloading files from unofficial sources, and using Browser plug-ins such as "
NoScript", and "
uBlock Origin" as a security measure. Furthermore,
do not open attachments from unsolicited e-mails. Every PDF, Word and ZIP file could pose a risk. Be particularly careful if you receive unexpected e-mails from alleged administrators of your e-mail account, or e-mails containing links to documents that you were not expecting. In most cases, these links lead to phishing websites, or they will download a file containing a Trojan. We also suggest applying tools like
UCheck or
Patch my PC to regularly check that all programs on your computer are up to date.
If you are concerned that someone accessed your ConfTool installation, you can always check the user actions in the ConfTool system log.
Please go to:
Overview => Browse System Log … to access this data. Please note that you have various filtering options on that page (see image). If you see anything that you find suspicious, please contact us.
NB:
One company reported to us for
unsolicited cold calls, where the phone agents asked for credit card details, identified itself as EHS (Exhibitor Housing Services). While we haven't been able to verify this information, you can find more hints on the web:
Conference Scam Alert - (Exhibitor Housing Services), Exhibitor Housing Management (EHM), Traveller Point (TP) and Travel Housing Team (THT)An
e-mail scam tactic was reported to us as well: a company called "Operations Global" or "Global Travel" has been sending fraudulent e-mails to conference participants, asking for their arrival and departure dates and promising to send an invoice for their hotel reservation. You can find more information here:
Scam E-Mails Going Around From Various E-Mail Addresses
ConfTool Support Forum
Topic: Spam phone calls / e-mails addressing our conference participants asking for credit card data