----- Original Message ----- Sent: Wednesday, September 26, 2018 2:34 PM Hi Tom, On 2018-09-26 13:47, Alexey Melnikov wrote: > Hi Tom, > > On 26/09/2018 12:22, tom petch wrote: >> Mmmm >> >> I got an e-mail with this subject line, from the IETF Secretariat, the >> first in three years from them, saying that my personal information >> would be deleted unless I gave consent to its ongoing use. The sort of >> e-mail used in phishing attacks. I would have expected there to be some >> announcement about this beforehand but .... >> >> (I did get an e-mail about GPDR but that was four months ago, from the >> IETF Administrative Director, and made no mention of me being called on >> to do anything; other organisations did call on me to act, and to act >> immediately). > See email with subject "Heads-up Regarding GDPR Consent Request Emails" > on September 20th. Note, this went out on ietf-announce; not on this list. <tp> Henrik Thank you for the follow-up. I am subscribed to the ietf-announce list but have no recollection of seeing such an e-mail. I do receive all e-mail on that list and filer them into three folders but can see no sign in any of them; and given that I am in Europe, references to GDPR catch my eye. So, puzzlement remains except that my ESP has an aggressive view of spam and tells me that its policy is confidential - I find, for example, that it will expunge any e-mail I send that makes reference to the 'IGP that is not OSPF', now serviced by the lsr working group so aggressive filtering is my best explanation to date. I think, too, that I was surprised to see what the datatracker held on me; not much, nothing I would regard as risky, but I probably would not have guessed that such information was being held. One up for GDPR:-) Tom Petch >> So I clicked on the link, entered userid and password to get a message >> that there had been a password leak and that I must reset my password. >> Mmm even more like a phishing attack >> >> So I request a password reset, get an e-mail with a link, click on it >> and enter a userid and a new password. >> >> Anyone else been similarly 'targetted'? > I believe this is a legitimately sent email. It is. In any case, if you're even slightly doubtful, just manually go to the IETF datatracker, log in, look over your information, etc. >> On the surface, it looks allright, but it seems poor security practice >> for this to come out of the blue, encouraging us to get into bad habits. I would agree. We did try, by sending out the heads-up, though ,:-} Henrik
