Phishing Scam
NATA is alerting members to an active phishing campaign targeting athletic trainers and convention attendees through fraudulent “Paperless Post” social invitations.
The emails appear highly convincing and are designed to look like legitimate convention-related social event invitations. In several cases, the messages appear to come from trusted colleagues, volunteer leaders or committee contacts whose accounts may have already been compromised.
If a recipient clicks the fraudulent link and enters login credentials, attackers may gain access to email accounts, saved passwords and other personal information. Compromised accounts are then being used to send additional phishing emails to others within members’ professional networks.
At this time, NATA strongly recommends the following actions:
- Do not click suspicious “Paperless Post” convention social invitations unless you can independently verify the sender and event
- Do not enter your email password after clicking any unexpected invitation link
- If you already clicked the link or entered credentials, immediately reset your email password and enable multi-factor authentication (MFA)
- Contact your organization’s IT department as soon as possible if you believe your account may be compromised
- Be cautious of emails creating urgency, requesting logins or directing you to unfamiliar sign-in pages
NATA is actively monitoring the situation and working to notify members as quickly as possible. Please share this alert with colleagues and encourage anyone who may have interacted with these emails to secure their accounts immediately.
