If you get a mail purporting to be from an "administrator at puzzlers.org", no matter what it says, it is fraudulent and is either an attempt to get you to download malware or to scam you. If it looks suspicious, it probably is fraudulent.
People lose real money this way. Don't be caught!
Legitimate emails from the web team and other League representatives and officials will always include our noms, will usually address you by your nom, not your name or email address, and will not use vague terms like "the administrator," "the IT department," or "the technical support team." Mail from us will come from either our real address (e.g., ) or our puzzlers.org alias (e.g., ), never from some random address you've never heard of. We'll never ask for your credit card information or ask you to verify your membership by clicking a link or viewing some attachment to the email. We'll never send an email to somebody else that looks like this and then cc you or bcc you. These emails are known as "phishing" and are a social engineering way of attempting to take over machines, scam you out of money, etc.
The presence of a nom in an email by itself is not sufficient to guarantee that an email is not a scam. But that alone is not a guarantee that the email is valid. Phishers copy legitimate emails and send modified copies of them to other people. We'll never send you an email that has legitimate content in it (e.g., it's about puzzles) and then tack on something suspicious ("please send money").
In most cases, the best thing to do is to simply ignore the email. If you think there is a chance it is actually real, you can forward it to the person who supposedly sent it (e.g., , , or ) for confirmation.
Never email any password, for this site or any other site, to anyone.
Here are the important things to bear in mind:
All of these statements are pretty much true of any reputable organization or web site. Scammers and phishers use fear as a tactic to get people to act immediately and not question: "you must do this right now or you will lose something." You will never get a message like that from the NPL.
Don't click on links in unexpected or suspicious email. Instead, visit the site directly and do whatever you think you might need to do. Never click on a link that looks like this: http://legitimate-site.com.other-site.com/etc That's not a link to legitimate-site, it's a link to other-site (which is really evil-site). Many web sites do not begin with www. That's fine. For example, this web site is https://krewe.puzzlers.org. What you have to look closely at is the end of the domain name portion of the URL, not the beginning. For example, a recent scam attempt used this domain: updates.puzzlers.org.secure.redacted.org -- the actual (redacted) domain was a well known malware site with a name that made it sound innocuous.
If the domain is wrong, it doesn't matter how good the site looks. Scammers have put up very authentic looking copies of bank and credit card sites. You might think they wouldn't bother cloning the NPL site, but their clone tools are pretty automatic. And they think they might steal your password here and then use it at your bank. This is one of the reasons you should use different passwords on each site you use.
If you receive a link that you are suspicious of in any email, do not click on the link. Instead, manually go to the known site that you want to visit, e.g., by typing "www.puzzlers.org" into your browser.