How often do you hear from Oprah? Clearly March 28th was my lucky day. I’ve heard from Oprah’s producers before – they’ve even been to my home to tape a session for her show, and they’ve included some of my safety content on her website – but an actual email from Oprah? No. And alas, it still hasn’t happened.
This scam is rather obvious if you stop to look at it, but the scammers are betting you’ll be so dazzled by getting an email from Oprah and the chance to visit her weight loss link that you’ll click before you think. To stay safe you need to flip that phrase around and think first, and then never click.
Test Your Skills
You should be able to find at least four red flags that tell you this e-mail is fraudulent. Scroll down to the picture below to see the answers, but try to find them yourself, first. If you find four, you’re a pro with little to worry about. If you find fewer than three, consider practicing on some more of our spam scam examples.
Here are the red flags that identify this message as a scam:
- Oprah’s last name is misspelled, and the email alias is a dead giveaway – pedimentMn3@wikimedia.org???? Pleeze.
- There is no subject, just a ‘Re:’ (short for regarding) but since you haven’t exchanged emails with Oprah in the past, this email isn’t referencing anything.
- The email isn’t addressed to you. If Oprah was going to send you an email, you can be darn sure she’d know your name.
- If you open the email (frankly you should have deleted for the scam it is well before this point) you’ll see the point of the scam – the scammers want you to click that link, land on a malware riddled site, from which they can infect or take over the control of your computer.
The only thing this scam has going for it is the ‘star power’ name they’ve grabbed; the rest of the scam is just flat out pathetic.
Would you have fallen for it if the scammers had made it more real?
- What if the scammer had your email address and full name, and they personalized it for you? (See my blog The Epsilon Threat – How a Company You’ve Never Heard of Increased Your Risk of Personalized[L1] Phishing Scams to learn how easily this is done.
- What if the scammers took the time to make the message have the ‘Oprah look’? Her company sends out email to consumers, if this scam came nicely packaged with the same color, font, and feel of a real “O” message would you believe it? Keep in mind scammers can copy and paste that look in a matter of seconds.
- What if the URL looked more believable? It’s hard to take http://pounds-loss.com/ seriously, but what if it said try Http://OprahsSecretWeightLossPlan? And what if when you hovered over the link to see what the actual URL shown on the bottom of the email displayed and it appeared to be on an “O” site?
If any of these changes – or the combination of these changes – would have influenced your choice, you’re a sitting duck for the next polished scam. While it’s easy to spot many scams by looking at obvious errors, there is ONLY ONE WAY to find out if an offer is genuine. Fortunately, the way to find out is easy.
It can be summed up in four little words: find out for yourself. Go to your search engine of choice, and get started. In this example you would search to find Ms. Winfrey’s official website.
Note: Always use a URL safety tool like McAfee’s Site Advisor (it’s free!) to see whether your search results are safe. The tool shows a green check mark if the site is safe, a yellow exclamation point if there are risks, and a big red X if the site is clearly malicious.
Once on the official site, you would use the site’s search engine to look for the phrase “pounds-loss”. Only if you can find the same offer (or warning, alert, notice, sale, etc) through the official channel can you be sure the email was NOT a scam.
Remember, a scam may look cheesy or it may be extremely sophisticated. It may come in email, via a social network, or through your phone. It may come from a friend, from a company, or just look like it comes from one of these sources.
The ONLY way to know if the message is legitimate is to go to the source independently and find out for yourself.
It takes just a moment to validate something; it can take a very, very long time to clean up the mess if you get scammed. Or, as Ben Franklin put it……