Until
ebastler question is answered, I can deliver one guess.
Perhaps the user registered in another service using the same username and email address? If the service was run or compromised by the adversary, they would have their username, email address, and IP address. The first two is enough to send a scam email, pretending that it comes from some service (EEVblog forum in this case).
(1) Having the IP address just makes it more believable.
(1) The EEVblog forum itself wouldn’t be special in this case. It just happened that the usernames agree for this particular website.