Hi Tom,
On 26/09/2018 12:22, tom petch wrote:
Mmmm
I got an e-mail with this subject line, from the IETF Secretariat, the
first in three years from them, saying that my personal information
would be deleted unless I gave consent to its ongoing use. The sort of
e-mail used in phishing attacks. I would have expected there to be some
announcement about this beforehand but ....
(I did get an e-mail about GPDR but that was four months ago, from the
IETF Administrative Director, and made no mention of me being called on
to do anything; other organisations did call on me to act, and to act
immediately).
See email with subject "Heads-up Regarding GDPR Consent Request Emails"
on September 20th.
So I clicked on the link, entered userid and password to get a message
that there had been a password leak and that I must reset my password.
Mmm even more like a phishing attack
So I request a password reset, get an e-mail with a link, click on it
and enter a userid and a new password.
Anyone else been similarly 'targetted'?
I believe this is a legitimately sent email.
On the surface, it looks allright, but it seems poor security practice
for this to come out of the blue, encouraging us to get into bad habits.
Best Regards,
Alexey