On Wed, 2018-09-26 at 11:22 +0000, tom petch wrote: > Mmmm > > I got an e-mail with this subject line, from the IETF Secretariat, the > first in three years from them, saying that my personal information > would be deleted unless I gave consent to its ongoing use. The sort of > e-mail used in phishing attacks. I would have expected there to be some > announcement about this beforehand but .... > > (I did get an e-mail about GPDR but that was four months ago, from the > IETF Administrative Director, and made no mention of me being called on > to do anything; other organisations did call on me to act, and to act > immediately). > > So I clicked on the link, entered userid and password to get a message > that there had been a password leak and that I must reset my password. This didn't happen to me, my username and password just worked. Lada > Mmm even more like a phishing attack > > So I request a password reset, get an e-mail with a link, click on it > and enter a userid and a new password. > > Anyone else been similarly 'targetted'? > > On the surface, it looks allright, but it seems poor security practice > for this to come out of the blue, encouraging us to get into bad habits. > > Tom Petch > -- Ladislav Lhotka Head, CZ.NIC Labs PGP Key ID: 0xB8F92B08A9F76C67
