Ald1 

Got this email twice today..

GAtkins

I received it once today as well.

Glenn

Baldy1953

I , also , got that or something like it. In fact, I got 2 of them. Found its way to the trash bin without opening either.

spjam

I got this too, and hoped for an explanation from Strava in the form of a corporate email. But nothing.

jpescatore

I got it as well. Since I work in cybersecurity, and given how easy it is on Strava for others to follow you and comment on your rides, I always wondered why that wasn't already happening!

Since there have already been cases on Zwift of people creating rider "bots" to rack up miles and get level prizes faster, not a big leap from that to rider bots that send out spam messages to all the other riders.

Strava will now follow the well-trodden paths of other services in fighting spam and that type of stuff.

taco2ewsday

I got it too, I do not really see it a compromise, someone signed up for a free service and sent notes out to users on that free/freemium service. SPAM yes compromise no

indyfabz

I don't Strava or Zwift (I measure myself against other riders by height.), so I didn't get it.

MoAlpha

Fondo? Mnyeh. I'm more of a walks on the beach and snuggling by the fireside kind of guy.

indyfabz

Well? Any of you write?

Ald1 

Huh. So Strava is supplying my emai to a dirty dating site and allowing them to misrepresent this as anything to do with biking and Strava services??

mstateglfr 

Who are you, Ty Webb?

autonomy

I don't think you understand how social networks work, and Strava is a social network.

indyfabz

No. I think what he's saying is that your contact info on Strava is easy for other members to access themselves. Spammer joins and sends stuff like that to you via your contact info. Strava is not giving it to them.

I could send you a private spam message via this site if I wanted to. Some people can even receive emails from other members.

canklecat

Check the headers. It may not even originate from Strava. Many spammers spoof the identities of legit companies, stealing logos, etc.

There are all kinds of ways for spammers and phishers to target audiences. Any tracking from browsers and apps can provide enough data to target a likely user of Strava or other online business. Doesn't mean the email originated from Strava.

Same method used by most junk callers now. Doesn't do any good to block the numbers because they're spoofed. Blocking phone numbers may block a legit caller who actually owns that number.

Ald1 

Yes. I never thought this came from Strava. However, my Strava account is private so how did the spammer/phishes get my email unless they hacked the Strave database? and yes I'm an old fart that does not facebook or twitter etc. My point is someone is misrepresenting themselves as Strava and I thought Strave should like to know this and take steps against this. They used the logo/content to entice a click to their "product". Not cool.

taco2ewsday

Well, it came from Sendgrid a mass mailer company which Strava authorizes in it's SPF record, the message passes DKIM too. So whoever has their sendgrid credentials got phished or uses a crappy password.

canklecat

I occasionally get Strava friend requests from obviously fake accounts. Always a generically pretty girl in a glamour shot, never suited up for bicycling or running, with a flirty name like Bambi Lotsafun, and zero history of any bike rides or runs.

I get lots of junk mail spoofing Amazon, PayPal, grocery and department stores, etc., but I ignore 'em because they always show up in an email account I never use for those businesses. An immediate clue that it's spam or phishing. And I never click through.

It's difficult to identify scams from a mobile device because the email usually omits headers and we can't hover over suspicious links to see where they go. I only use my PC for that stuff.

Humpy

You snooze you lose suckers!

She is very pretty. I've sent her all the info she asked for to make sure I'm not a creeper and am just waiting to hear back about meeting up at the December Gran Fondo.

sdmc530

Strava is a social app that your data is the product. They have been more lax lately with the security. I have been getting much more interaction from strangers too. 12/31 I am done with strava..no longer the same

gecho

I got that spam at an email address that I used to create a Strava club under separate account for my local bike club. I haven't received it for my personal email address. Are you a club owner? There may be some Strava mechanism for contacting club owners that a spammer is abusing.