At Concept Digital Media, we’re committed to helping businesses not only grow, but stay protected.

Recently, a new wave of phishing scams has been targeting organizations with offers that may look legitimate at first glance but are anything but.

One of the most common tactics? Selling so-called “verified” contact databases.

Let’s break down what’s happening, why it’s dangerous, and how you can protect yourself.

The Scam: Fake “Verified” Databases

You may receive an unsolicited email offering access to a large database of contacts, often tied to a trusted organization like a Chamber of Commerce. These emails typically claim to include thousands of “verified” contacts for a price that seems like a bargain.

For example, a recent phishing attempt targeted members of the Siesta Key Chamber of Commerce. The email claimed to sell a mailing list of over 6,185 verified members for $849.

Let’s be clear:

This is a scam.

Legitimate organizations, especially Chambers of Commerce, do not sell, rent, or distribute their member lists in this way.

These scams are designed to:

• Steal your money
• Harvest your data
• Confirm your email is active for future attacks

Why This Tactic Works

Scammers rely on a mix of urgency, credibility, and temptation:

Avoiding becoming a victim of email phishing scams involves being vigilant and following some best practices to recognize and respond to phishing attempts.

Phishing is a cybercrime technique in which unsuspecting individuals are contacted via email, telephone or text message by someone posing as a legitimate business or reputable person.  The emails try to lure people into providing sensitive data such as personal information, banking and credit card details, or passwords.  

Here's how you can avoid falling for email phishing scams:

Verify the Sender

Check the sender's email address. Be cautious if the sender's address looks suspicious, contains misspelled words, or is from an unfamiliar domain. Be particularly vigilant of email addresses that impersonate trusted organizations or people – if you look closely there is usually a slight misspelling of the email address.

Never Trust Unsolicited Requests

Be skeptical of unexpected emails asking for personal or financial information. Legitimate organizations typically will never ask for such information via email. Verify the legitimacy of the request independently, preferably through official channels like the company's website or customer service.

Check for Spelling and Grammar

Phishing emails often contain spelling and grammatical errors. Be on the lookout for these signs.

Look for Generic Greetings