Gizmo thanks for your reply, at fisrt I was only thinking it was for the forum but it could be for the domain I don't know. I wanted to make you guys aware that someone may phish yours as well as my members for passwords.
the url that the email settings link was for a domain in indonesia, not sure how to report it to their web host. Not sure I should post the link here
There are millions of phishing ads online these days, you should educate your users on ensuring the domain name on any communications is indeed your own, and that you'd never request their passwords via EMail. Additionally, you might point out that any forum generated emails will be sent through the forum software and they should look like the forum (posting an example from a PT notification would probably work really well).