Is Nate spamming me?

Anyone else get this email from support@trainerroad?
The links look legit, but the lack of explanation is troubling.

image

That looks suspicious to me, don’t click on the link!

2 Likes

that would be a fun one to look at the email headers and source-code view.

3 Likes

I wouldn’t click on that link. Seems like some sort of phishing.

got this too, seems phishy
image

would be nice to hear from @IvyAudrain on this one. If this is not legit and is going out to TR users, then it would seem somehow folks got some contact information from TR users somehow. was there some kind of data breach?

2 Likes

I think a direct email to support@trainerroad.com could be worthwhile for anyone who got this.

Effectively, a separate one to the same apparent source should be able to clear this up.

1 Like

I’ve just had the same email except it didn’t say Nate@ it said support@

The email I got is from support@trainerroad.com but the link in the body of the email says nate@trainerroad

Hovering over the hyperlinks makes both email addresses look legit.

I just sent an email to support@trainerroad asking them what’s up.

Maybe Nate is putting together a new list of guys over 55 with feeble FTP’s!

3 Likes

Looking into this now, all. Thanks for your patience!

3 Likes

Hey everyone, these emails aren’t phishing emails and we haven’t had any sort of data breach. These emails are “double opt-in” emails for our mailing list.

We pushed a change today that inadvertently changed a setting in our mailing system to request a double opt-in for some mailing lists. You can ignore the emails.

Sorry for the inconvenience and for any scare! We have an engineer digging into this now.

Let us know if you have any other questions. :slight_smile:

15 Likes

Well… Glad it’s not phishing, but man it really looks like it…

You don’t need a data breach for a phishing attempt anyways

1 Like

Well, in this case to know that a certain email is used in a TR account you need some additional information compared to the usual phishing attempts, information that I don’t think is publicly available.

Do you know if there are other ways for such targeted attempts to happen? (I’m genuinely curious, not trying to have an argument)

Hover over the link. See what it says. Although, the grammar is fine and no misspelled words it’s pretty elementary school copy. Not high level TR copy or email template.

Copy alone makes it fake to me. Further, you would know if you subscribed to something.

I mean, phishing is a very lucrative business.

It’s not super complicated, and they hide a bunch of information in the html body and embedded Java script. The spoof the source and make it look legit.

Not sure if there is any value to gain from phishing a tr user tho…

1 Like

We’re sure. We found the source causing the few athletes to get sent that message (for example, athletes that signed up via a certain pathway from a Plan Builder page instead of home page were sent that email again), duplicated it to confirm, and the team is working to resolve that ‘logic’ so it doesn’t keep happening. :sunglasses:

4 Likes