Post Number: 1289
|Posted on Saturday, 18 June, 2016 - 03:53: |
Has anyone else had an email saying their password has been reset by an administrator. Just wondering if this is a spam email.
Post Number: 86
|Posted on Saturday, 18 June, 2016 - 04:14: |
Yes but only on the Rolls-Royce and Bentley Forum, not here yet. It is legit, see the postings from admin of the site.
SRC18015 SRE22493 NAC-05370
Post Number: 1290
|Posted on Saturday, 18 June, 2016 - 04:40: |
How embarrassing - wrong forum.
Thanks for the info Jim.
For others, please disregard this entry
Post Number: 2079
|Posted on Saturday, 18 June, 2016 - 08:53: |
Just a heads-up - if you ever receive a message of this type without prior notice that includes a link to finalise the reset and there has not been a post by the Administrator on the forum itself advising of a reset; always email the Administrator requesting confirmation that it is genuine. If you do not have the email address for the Administrator on this forum [adminAT[@]rrforums.net] in your email service, log out of the forum before posting a message as a guest using a different username which will then come up as a message requiring approval by a moderator/administrator and appropriate action will be taken by us to confirm whether the link is genuine or not. Do not activate any unsolicited/unconfirmed link until you have received confirmation that it is genuine.
This is a precaution against hackers who have compromised the forum concerned and are using the link to install malware/ransomware on computers used by unsuspecting members receiving the link.
RR Forums Administrator
Post Number: 95
|Posted on Saturday, 18 June, 2016 - 12:04: |
A forum doesn't need to be hacked for someone to send a phishing email. All they need is your email address - whether obtained from forum posts or elsewhere - and the vague possibility that you are a user of said forum.
I do not reset users' passwords; they should use the password reset or recovery mechanism. I will only reset a password if that mechanism fails and the user has come to me and I am satisfied that they are indeed that user and they have exhausted all means of recovering their password. I don't recall that ever happening.
A general rule of this, other forums, your bank, email service, etc. is to NEVER click on a link in any email you did not knowingly solicit. This includes emails from friends and family because it is almost trivially easy for an email's sender to be forged.
To reduce the risk of being targeted by phishing emails you should not publish your email address in the forum or anywhere that alternatives exist. If you need to contact a forum member privately, use the forum's private messaging function, which conceals email addresses. You can use that to exchange addresses so you can communicate beyond the forum.
Christian S. Hansen
Post Number: 264
|Posted on Saturday, 18 June, 2016 - 12:22: |
As previously noted, when you receive ANY request, pretext, or demand (or your account will be terminated!) that you reset your password, it is 99.9% guaranteed to be a scam. What they are saying is "please tell me your password or other personal data so that I can do evil." Never, never, never. No matter how authentic it may look. Independently contact the account holder, bank, email server, website, whatever, in order to ask what is going on, and they will likely confirm "It wasn't from us". Be vigilant. Be skeptical. Be safe.
P.S. As noted by Jim Walters, above, sometimes, but VERY infrequently, the website may have been so compromised itself...I recall it happened to either EBay of PayPal some years ago...that they find it necessary to ask everyone to find a new password, but as Jim noted, in such cases you can call on the phone or use other methods OTHER than clicking on ANY link in the suspect message to confirm what is going on.
Post Number: 87
|Posted on Saturday, 18 June, 2016 - 15:53: |
Just to clarify, I did not and would not ever click on any link in an email. I checked the forum for posts from the administrator and then entered the new password he sent directly to me into the forum log in. After logging in with the new random generated password he sent I then changed it to one of my own.
SRC18015 SRE22493 NAC-05370
Post Number: 1960
|Posted on Sunday, 19 June, 2016 - 03:31: |
Not that it's pertinent to *this* forum, since the administrator has not done something as bone-headed as the admin on rollsroyceforums.com did, but it was even worse/stranger because the notification e-mail did not even appear to be originating from where one would reasonably expect it to for this sort of request. It had phishing written all over it.
I, and several other longtime members there have made it known that we believe this whole situation was completely, utterly unnecessary and handled in the worst way possible. Even if they insisted on doing this giving a warning message on the forum itself, several times, over a couple of weeks before it happened, and detailing what the user would receive, would have been indicated.
Forums such as that one, and this one for that matter, are not ones where I have great concern that my password strength be particularly high. I have tired of many places insisting that I have a password that could secure entry to the Fort Knox gold storage facility and that I have to change it at any interval of their choosing.
I've used some of my passwords on the order of decades on the different site(s), and have yet to be hacked. I don't think that's an accident and my password strength should be mine to worry about.
Post Number: 194
|Posted on Sunday, 19 June, 2016 - 08:01: |
Hear hear Brian, completely messed up my phone and tablet access.
Think I'll stick to this forum 😊