Hi Tom, On 2018-09-26 13:47, Alexey Melnikov wrote: > Hi Tom, > > On 26/09/2018 12:22, tom petch wrote: >> Mmmm >> >> I got an e-mail with this subject line, from the IETF Secretariat, the >> first in three years from them, saying that my personal information >> would be deleted unless I gave consent to its ongoing use. The sort of >> e-mail used in phishing attacks. I would have expected there to be some >> announcement about this beforehand but .... >> >> (I did get an e-mail about GPDR but that was four months ago, from the >> IETF Administrative Director, and made no mention of me being called on >> to do anything; other organisations did call on me to act, and to act >> immediately). > See email with subject "Heads-up Regarding GDPR Consent Request Emails" > on September 20th. Note, this went out on ietf-announce; not on this list. >> So I clicked on the link, entered userid and password to get a message >> that there had been a password leak and that I must reset my password. >> Mmm even more like a phishing attack >> >> So I request a password reset, get an e-mail with a link, click on it >> and enter a userid and a new password. >> >> Anyone else been similarly 'targetted'? > I believe this is a legitimately sent email. It is. In any case, if you're even slightly doubtful, just manually go to the IETF datatracker, log in, look over your information, etc. >> On the surface, it looks allright, but it seems poor security practice >> for this to come out of the blue, encouraging us to get into bad habits. I would agree. We did try, by sending out the heads-up, though ,:-} Henrik
Attachment:
signature.asc
Description: OpenPGP digital signature
