Syag Lchochma,
I am certainly no expert on IT security, and I don’t know anything about what’s been going on behind the scenes here on the CR.
I personally would not expect an unsolicited e-mail from someone in the CR. If I received one, I would assume that someone hacked the CR’s data, and would report it to the editor. I personally would not respond to the e-mail. Nor would I respond to someone’s request to e-mail them.
Now, if someone I know personally (as in, I know them and their e-mail address personally) e-mailed me and said, “are you Avram in MD in the CR?” I would respond.
If someone claimed to be a person I know but was writing from an unfamiliar e-mail address, I would be more suspicious. I would probably write an e-mail to the address I know for that person, to confirm it really is him.
As far as banking account information, as long as you’re not using the same username and password for the CR as you are for your financial institutions, I think you’re fine:-) Of course, keep in mind that your financial institutions will never send you an unsolicited e-mail prompting you for personal information (e.g., “Your account has been locked, click here to log in and resolve the problem!”). I’d also keep your true PII (first, last name, SSN obviously) away from the CR, and write to the editor/mods if you feel like someone is trying to “out” you.