I can only confirm that here moderators catch a few fake support posts which get removed when found.
Here the private message is opt-in so we don't have much of a leaky boat but anyone could join and claim they are the maker support so the only fix for that is to not use support forums when it comes down to dollars and cents.
So I post a problem on the HP forum and I get an email from HP. But what I didn't know is that HP allows user to send private messages to people that post on its forum by default. I get this email from HP, yes I checked the domain name and everything before I took the next step. It contained the HP logo next to the user signature, it came from the HP domain name and the certificate for the domain name is valid. So I have no reason to expect this to be a scam. Except it is a scam.
I called this number they appeared to be legitimate knowledgeable support people. Except they are not. I allowed them into my PC to see if they could fix the problem it was only after they wanted payment to cover a cross shipping a replacement in form of an iTunes card did I get suspicious. Then I realized they had just remoted into my pc. I spent the next hour re-imaging that machine and changing all my bank account passwords.
Subject: HP Helpdesk
Welcome to HP Support Forums!
We appreciate your concern regarding your HP Product. But its hard to provide you the appropriate solution for this issue in the community. In order to get easy and hassle free HP Technical support for your peripherals. kindly call +1(800) 322-2414 (US/Canada) for assistance.
Thanks & Regards
[HP Banner] Helpdesk
I was not expecting direct private messages from the HP forum, I did not know that was a feature on the forum so I figured the only way they could have my email address is if HP was contacting me directly. When I post on other sites, I don't get private messages, why would I expect that from HP, a tech savvy company, really? There is a simple fix to this and by failing fix this security hole HP is liable for damages. In essence they are allowing anyone to appear to be an official HP. When I called Palo Alto they confirmed that "This happens all the time", well folks if they know it happens all the time then they should fix it. Simple fix, don't allow private messages. Also they can put in a filter on messages blocking phone numbers. They do have a disclaimer not to trust anybody without the HP banner next to their user name, well they seem to have gotten past that one with a private message.