Odd email from RMweb

[S.A.C Martin]

*********,

This email has been sent from http://www.rmweb.co.uk/community/index.php

 

You have received this email because this email address

was used during registration for our forums.

If you did not register at our forums, please disregard this

email. You do not need to unsubscribe or take any further action.

 

------------------------------------------------

Activation Instructions

------------------------------------------------

 

Thank you for registering.

We require that you "validate" your registration to ensure that

the email address you entered was correct. This protects against

unwanted spam and malicious abuse.

 

To activate your account, simply click on the following link:

 

http://www.rmweb.co.uk/community/index.php?app=core&module=global&section=register&do=auto_validate&uid=18863&aid=8386a7bab9d98304ece50acf9855b9e1

 

(Some email client users may need to copy and paste the link into your web

browser).

 

------------------------------------------------

Not working?

------------------------------------------------

 

If you could not validate your registration by clicking on the link, please

visit this page:

 

http://www.rmweb.co.uk/community/index.php?app=core&module=global&section=register&do=05

 

It will ask you for a user id number, and your validation key. These are shown

below:

 

User ID: *****

 

Validation Key: *******************************

 

Please copy and paste, or type those numbers into the corresponding fields in the form.

 

If you still cannot validate your account, it's possible that the account has been removed.

If this is the case, please contact an administrator to rectify the problem.

 

Thank you for registering and enjoy your stay!

 

I've had this email in my inbox today, and on a first glance it looks odd - but the details with " ***** " were details of another forum user, and not my own.

 

I've had PMs with the user in question recently, so that's just about the only link I can think of for an email with his RMweb details being sent to my email address.

[Guest oldlugger]

A phishing email I think Simon.

[Andy Y]

Simon,

 

Can you please forward the full email without the replacement * for investigation?

[Andy Y]

Simon,

 

Initial checks show that a Phillipines IP address did attempt a registration and did enter an email address which I can identify of being a form which is likely to be yours at 9.21 a.m.

 

They did complete the whole of the registration process and is therefore not a conventional spammer. The account has been flagged at this end as a spam account.

 

There's no associated security issue at this end; it's just someone choosing to play about and involve you in such a process.

[S.A.C Martin]

Hi Andy - I will forward it to you now.

[Ian J.]

I almost hate to bring this up, for fear of making spammers or other dodgy types aware, but isn't it time to think about putting the login to RMweb inside a SSL page (https)?

[Andy Y]

It shouldn't be necessary Ian to be honest and can add further complexities.

 

It wouldn't have any benefit in this case where it's specifically someone playing silly beggars (not Simon).

[Ian Hargrave]

Hi Andy - I will forward it to you now.

Thank you for alerting us to this,Simon. A highly responsible reaction.

[Ian J.]

It shouldn't be necessary Ian to be honest and can add further complexities.

 

It wouldn't have any benefit in this case where it's specifically someone playing silly beggars (not Simon).

 

OK. My main concern was the potential for passwords being sent 'in the clear' to get sniffed out, but the risks associated with that can be mitigated by members if they make sure their RMweb password isn't shared by other logins.