To report a security or privacy vulnerability in any of Oura’s products, websites, or services, please email security@ouraring.com.
Helpful information to include:
- Device type, operating system, browser, and/or app version
- Screenshots or video of the security bug
- Description of the vulnerability, or steps to recreate the behavior
You can also email security@ouraring.com to report phishing attempts.
Occasionally, people will create fake emails or websites designed to imitate Oura. These sites or domains can be used to attempt to steal personal information, such as bank account information or passwords. This is often called phishing and is something we as an organization take very seriously.
If you receive an email or are directed to a website that looks like Oura but asks for confidential information, we advise you to exercise caution.
How To Identify Fraudulent Emails and Websites
Check for Official Oura Domains
Fraudulent emails often come from domains that may appear similar, such as @ouraringmedia. But legitimate emails from Oura will come from the following domains:
- @ouraring.com
- @m.ouraring.com
Please note, the email address no-reply@m.ouraring.com is in fact a legitimate email address of Oura. If you've recently received a personalized offer from this address, you are safe to engage with it!
If you purchased an Oura Ring with FSA or HSA funds, you’ll receive an email from our partner Sika (support@sikahealth.com) with a confirmation order.
We also have a review program with Bazaarvoice, and you may receive emails from a Bazaarvoice domain asking you to rate your recent purchase from ouraring.com. These reviews are voluntary, but we welcome any feedback.
Check for Legitimate Links
Illicit emails can contain links to fake Oura web pages that try to steal your information. Don’t click on links in any emails you’re unsure of.
A real link to Oura will begin with https://ouraring.com/ or a country-specific URL like https://es.ouraring.com/, https://it.ouraring.com/, or https://ouraring.co.uk.
If you click a link that takes you to a page that looks like Oura but doesn’t start with this address, it's a fraudulent page and you should close it immediately.
Check the Website Address
Pay particular attention to misspellings of Oura's name. If Oura is misspelled in the website address, the website is fake.
Check for a Lock Icon in Your Browser
You can tell if a website is secure by looking for a lock icon in your browser's address bar. All of Oura's websites will have this icon. If this icon isn't in the address bar, your connection to the website isn’t secure. Don't enter any personal information if you don't see this lock icon.
Another way to identify if the site is secure is if the URL includes "https" and not "http."
Be Wary of Manipulative or Threatening Tones
Fraudulent emails and websites often contain urgent tones and threaten account suspension, or show a delayed payout if you don't click a link or provide certain information immediately. Avoid submitting information or clicking pop-ups if you're unsure of the source.
If you believe you've been targeted by a phishing scheme imitating Oura, please contact security@ouraring.com. Our team will review your request and advise you on whether or not further action is needed.
Thank you for helping keep the Oura community safe and secure!