Scam Alert: Fake “IHA Members List” For Sale
Recently I got an email that, to tell you the truth, freaked me out a little.
Hi, I’m Keith Livingston, President of the International Hypnosis Association. Here's what happened:
An email came in to a non-IHA-related address that said, essentially:“Hey, you can buy the members list from the International Hypnosis Association. Reply and let us know if you’re interested.”
My first thought was that we had been hacked. They claimed to have over a thousand IHA contacts, including email addresses and phone numbers. I also considered that maybe they had scraped our member directory. But the public member directory does not include email addresses, so if they really had emails, they would have had to hack us.
Fortunately, that does not appear to be the case.
I replied, asked some questions, and was eventually passed up the ladder to someone who seemed to be the list broker. I asked for a small sample from this “IHA members list.” They sent five names with email addresses, phone numbers, physical addresses, and number of employees.
A quick check showed that none of those people are, or ever have been, IHA members. In other words, the list they are trying to sell as “IHA members” appears to be fake.
So people might pay for this list thinking they are getting IHA members, but they would not. They’d just be out $299 (what they are asking for the list).
Here's a copy of the 5 names from the fake list they were trying to sell. I've blocked out the last names, phone numbers, addresses and email addresses as these might be real people, although they're not IHA members. The list includes a cardiologist, an AI research scientist, a tenured professor, a radiologist and an 'owner'. Some of the data appears to be scraped from public sources, other data carries earmarks of being completely made up.
To be absolutely clear: the International Hypnosis Association does not sell or rent member lists to list brokers or any third parties. Any email claiming to sell an “International Hypnosis Association members list” should be treated as a scam.
I'm no lawyer, but I would assume that knowingly selling an email list that doesn't contain what you say it contains is against the law.
If There Ever Was a Real Data Breach
Because we’ve just released the ethics course, this is a good moment to talk about what would happen if there ever were a real data breach.
If a genuine breach occurred, we would be obligated to report it to you. Our plan is simple:
- We investigate and determine, as best we can, whether a breach actually occurred and what systems were affected.
- If there was an actual data breach, we would notify all affected members. We’d notify by email and post a notice on our privacy policy page.
- We would explain, to the best of our knowledge, what data was involved and the extent of the leak.
- Then we would address the cause of the breach and harden our systems so it doesn’t happen again.
Fortunately, we have never had to use this plan. But if you are practicing hypnotherapy, having a short, written breach-response plan of your own will help you know what to do if the time ever comes.
Your Financial Data and How Payments Work
It’s also important to remind you that we don’t have access to your full financial data.
When you pay for your membership, we never see your full credit card number. Payments are handled by large payment processors (such as Stripe), which send encrypted information through to the card networks (Visa, MasterCard, etc.). The processor keeps the sensitive card details in its secure vault and provides us only limited information (like the last four digits), so we can identify a payment if needed.
Even if Maggie or I went rogue and tried to charge everyone’s card, we simply couldn’t, because we do not have your card numbers. And that’s exactly how it should be.
Basic Security Habits (For Us and For You)
In 2026, the security landscape keeps changing, so we all need to keep our habits updated.
Recently, Maggie and I talked specifically about AI: what data should and shouldn’t be put into any AI chat, or stored where an AI tool on our computers could access it.
For your own safety, it’s worth doing periodic “mini-security audits,” such as:
- Avoid using the same password across multiple sites; use a password manager where possible.
- Be cautious about clicking on links in emails; when in doubt, type the website address manually or use a bookmark.
- Review who has access to client data and where you store session notes and contact information.
These basics go a long way toward protecting both you and your clients.
What To Do If You See One of These Emails
- If you’re willing, please forward the email to us. If possible, send it with full headers (in Gmail, open the email, click the three dots, and choose “Show original”). That can help us track where it’s coming from in case we need to take legal or technical action.
Update: When I went to the web site of the list broker, I was quite surprised. Our LLC is set up in Wyoming with a registered agent. We share an address with this 'list broker'!
This address is basically a mailbox with someone there during business hours and acts as a virtual address for thousands of businesses (lots of businesses set up LLCs in Wyoming because of tax and liability reasons).
They have a different registered agent than we do (the company that acts as a representative in the state), and their filing address on the Wyoming Secretary of State listing is different than ours. But the address that appears on their website is the same virtual office service.
Update 2: I have looked at the Wyoming Secretary of State's web site and they have limited powers in case of fraud. Basically, they are limited to closing a business if the said business has false information in their filing. They did have links to other law enforcement agencies.
If you have any questions or concerns about your data, or this issue, feel free to contact us.
