As explained on their website, Temu is an e-commerce company that allows sellers and manufacturers from anywhere in the world to sell their products directly to consumers. Unlike other e-commerce sites, deliveries might take a while, but their prices are significantly lower, making them a huge draw for users.
MIRA: Find out which profession artificial intelligence will never be able to replace
According to their website, Temu means: Team up, price down.
The Chinese-origin shopping app allows users to purchase new products with free shipping and offers a return policy of up to 90 days. A large portion of the products come from Asian factories and are categorized into various sections like ‘Home and Kitchen’, ‘Technology’, ‘Appliances’, and more. Similar shopping apps like Shein and AliExpress follow the same model.
These platforms guarantee reliable purchases with secure payment methods through their policies. However, there are also other cybersecurity-related risks. In an interview with El Comercio, Fabiana Ramírez Cuenca, IT Security Specialist at the ESET Latin America Laboratory, and Sergio Azahuanche, Senior Cybersecurity Consultant at Marsh Advisory, discussed these challenges.
Controversies over data privacy
“There is a lot of suspicion that Temu is making sales behind the scenes of what one can enter, for example, card data, because the site finally allows you to enter a credit or debit card”, Sergio points out. The specialist explains that, while not proven, it is a recurring rumor that suggests users pay low prices at the expense of their data and privacy.
“So, common sense no longer tells them, well, if it is so cheap, why is it so cheap?”, reveals Sergio.
The company also mentions that this collection of personal data is part of a broader strategy that involves constant monitoring of users to carry out analyses of their preferences and consumer behavior.
“Amazon or eBay, they always collect data. But it seems that Temu has a greater, let’s say, collection of this type of data, where it is not necessary, for example, the location, but it can still collect it. So, in that case, it may be a little bit more worrying for the user”, he claims.
Along these lines, according to reports from Infobae, the popular Chinese shopping app was sued by Arkansas (US) Attorney General Tim Griffin, who called it a “dangerous malware” that spies on text messages and collects data without authorization. The lawsuit, filed on June 25, alleges that the Temu app can access the mobile operating system of users, allowing it to gain access to the camera, location, contacts, text messages, documents, and other applications.
On the importance of data, Fabiana adds that “Our data is very exposed and it is important to understand that the goal of cybercrime is profit through data. Today, data is like gold in its time.”
The price of using e-commerce platforms can be the exposure of personal data. (Photo: Archive)
Perhaps one of the most sensitive and valuable data is banking data related to the credit or debit card. Understanding this importance, Sergio recommends the following to users in case they decide to purchase from Temu or any other e-commerce:
- Use intermediary payment methods: To avoid directly exposing card data, use intermediary payment services such as PayPal or Mercado Pago, which act as an additional layer of security.
- Use cards with limited funds: Using cards with low funds can limit the risk of loss if data is compromised.
MIRA: ChatGPT at Apple: Could collaboration with OpenAI compromise user privacy?
Vulnerabilities of legitimate sites
“From the field of cybersecurity we always say that there is no system that cannot be violated”, the cybersecurity expert answers when asked if a cybercriminal can attack the store’s official website. She explains that there is no 100% secure system; vulnerabilities can always be found. This means that any e-commerce application or website might be attacked and its information leaked, despite the efforts and security measures that companies implement.
On the other hand, amidst the boom in low-cost stores, both experts identify the proliferation of fake pages that impersonate official ones in order to steal personal and financial data from users. These fraudulent pages usually mimic the design and appearance of authentic sites, tricking buyers into entering sensitive information.
“What they do is appeal to the emotionality of the person, then the person sees an offer that is too good to be true and what they do is quickly proceed to buy. A great technique that is used is to offer a good price, almost irrational of the economic, and that this price lasts for a very short time, which is why the person somehow speeds up and recklessly ends up giving out information,” explains Ramirez.
Cybercriminals use techniques such as irresistible, short-term offers to lure victims. (Photo: Shutterstock)
How to recognize a fake page?
According to Fabiana Ramírez Cuenca, to recognize a fake page, the following signs must be considered:
- Incorrect URL: Scam pages often have slightly different URLs from the legitimate site. There may be errors in the name or they may be hosted on a different domain.
- Security protocol: It is important to verify that the URL begins with “HTTPS” instead of just “HTTP,” which indicates that the information is encrypted.
- Spelling and layout errors: Fake pages often contain spelling mistakes and poor quality design, with pixelated or misaligned images.
- Policies: Legitimate sites usually have well-defined security and privacy policies. The absence of these policies can be a red flag.
- Excessive requests for information: If a site asks for more information than is normally required, especially banking information, this is cause for suspicion.
“There are many antivirus and antimalware software solutions that block potentially unsafe sites and warn the user. Cybersecurity education is very important”, adds the ESET spokesperson.
MIRA: The four books that Bill Gates recommends as a must-read
How to ensure a successful purchase in an e-commerce?
Azahuanche mentions the following recommendations when we decide to buy within an electronic commerce:
- Website verification: Make sure you are interacting with the official page and not a fake one.
- Origin of the product: Buy products from reputable stores or from sellers with high reputation and good ratings.
- Seller reputation: Prefer sellers with multiple sales and four or five star ratings, as this indicates trustworthiness.
- Return Policies: Check that the store has clear return policies in case the product is defective or does not arrive.
Temu: The Cheap Price of Data Privacy?
Temu, the Chinese-origin shopping app, has quickly gained popularity with its remarkably low prices and free shipping, attracting users seeking budget-friendly deals. However, the alluring offers have also sparked concerns regarding data privacy and security, raising questions regarding the cost of these low prices.
Temu’s business model relies on connecting sellers and manufacturers directly to consumers, often sourcing products from Asian factories. While this strategy enables competitive pricing, it also raises red flags for cybersecurity experts who highlight potential risks associated with data collection practices.
Data Privacy Concerns
Sergio Azahuanche, Senior Cybersecurity Consultant at Marsh Advisory, points out, “There is a lot of suspicion that Temu is making sales behind the scenes of what one can enter, for example, a card data, because the site finally allows you to enter a credit or debit card.” This suspicion stems from the recurring rumor that users enjoy low prices at the expense of their data and privacy.
While Temu’s data collection practices are not explicitly demonstrable, the company acknowledges its strategy involves constant monitoring of users to analyze preferences and consumer behavior. Fabiana Ramírez Cuenca, IT Security Specialist at the ESET Latin America Laboratory, explains, “Amazon or eBay, they always collect data. But it seems that Temu has a greater, let’s say, collection of this type of data, where it is not necessary, for example, the location, but it can still collect it. So, in that case, it may be a little bit more worrying for the user.”
Furthermore, reports like those published by Infobae have fueled concerns regarding Temu’s data practices. In June 2024, Arkansas Attorney General Tim Griffin filed a lawsuit once morest Temu, labeling the app a “dangerous malware” that allegedly spies on text messages and collects data without user authorization. The lawsuit claims that the Temu app can access users’ mobile operating systems, gaining access to sensitive information including cameras, locations, contacts, text messages, documents, and other applications.
Ramírez Cuenca underscores the importance of data, stating, “Our data is very exposed and it is important to understand that the goal of cybercrime is profit through data. Today, data is like gold in its time.”
Securing Your Financial Data
One of the most sensitive pieces of data is banking information, particularly credit or debit card details. To mitigate the risk of exposing this sensitive data, Azahuanche recommends using intermediary payment methods such as PayPal or Mercado Pago. These services act as a layer of security, preventing direct exposure of card details.
Additionally, using cards with limited funds can limit potential financial losses in case of a data compromise. This strategy minimizes the damage caused by unauthorized transactions.
Vulnerabilities of Legitimate Sites
While the concerns regarding Temu’s data practices are real, cybersecurity experts stress that no system is impenetrable. “From the field of cybersecurity we always say that there is no system that cannot be violated,” states Ramírez Cuenca. She emphasizes that vulnerabilities can always be discovered, meaning even reputable e-commerce platforms might potentially be attacked and their information compromised.
This vulnerability makes the proliferation of fake websites mimicking official ones a significant threat. These fraudulent websites are designed to deceive buyers into entering their personal and financial information. They often replicate the design and appearance of genuine sites, blurring the lines between legitimate and fraudulent pages.
Ramírez Cuenca explains the tactics used by scammers, stating, “What they do is appeal to the emotionality of the person, then the person sees an offer that is too good to be true and what they do is quickly proceed to buy. A great technique that is used is to offer a good price, almost irrational of the economic, and that this price lasts for a very short time, which is why the person somehow speeds up and recklessly ends up giving out information.”
Recognizing Fake Websites
To avoid falling victim to fraudulent websites, Ramírez Cuenca advises users to be vigilant and pay attention to the following signs:
- Incorrect URL: Scam websites often have slightly different URLs from legitimate sites. There may be errors in the name or they may be hosted on a different domain.
- Security Protocol: Always verify that the URL begins with “HTTPS” instead of just “HTTP,” which indicates that the information is encrypted.
- Spelling and Layout Errors: Fake websites often contain spelling mistakes and poor quality design, with pixelated or misaligned images.
- Policies: Legitimate sites usually have well-defined security and privacy policies. The absence of these policies can be a red flag.
- Excessive Requests for Information: If a website asks for more information than is normally required, especially banking information, this is cause for suspicion.
Ramírez Cuenca also recommends using antivirus and antimalware software solutions that block potentially unsafe websites. She emphasizes the importance of cybersecurity education, highlighting that informed users are better equipped to protect themselves from online threats.
Ensuring Secure E-commerce Purchases
Azahuanche offers additional recommendations for making secure online purchases:
- Website Verification: Always verify that you are interacting with the official website and not a fake one.
- Origin of the Product: Purchase products from reputable stores or sellers with high reputations and good ratings.
- Seller Reputation: Prefer sellers with multiple sales and four or five-star ratings, as this indicates trustworthiness.
- Return Policies: Check that the store has clear return policies in case the product is defective or does not arrive.
By remaining vigilant and employing these strategies, users can navigate the world of online shopping with greater confidence, making informed decisions while prioritizing both value and security.