If you're on social media or use Google Shopping, the chances are you've been bombarded with adverts for Temu, a Chinese e-commerce marketplace that offers rock-bottom prices compared to equivalents in the West.
Others have questioned what Temu's rise means in terms of environmental impact and product safety and whether the store is actually legit.
Temu, the Western-branded arm of Chinese online retail giant Pingduoduo, effectively gives shoppers the opportunity to buy direct from famously low-cost Chinese manufacturers.
Users frequently criticize Temu for inbox spam, difficulty receiving refunds, and items arriving in poor condition or not at all.
A US government agency has accused Temu and fellow Chinese retailer Shein of potential data risks in what may bring echoes of concerns that have for a while surrounded the data practices of TikTok, another wildly popular Chinese-owned online service.
To be sure, the above doesn't make Temu a scam site.
If you want to qualify for cash or rewards that can be redeemed when shopping with Temu, you can do so by enticing others to join up and entering your referral code.
One method is to post salacious photos of a celebrity with a cryptic message hinting that users can access nudes if they enter the code into Temu.
Similar to the above tactic, a scammer will post to social media, claiming that users can access a free Roblox Robux gift card, enabling them to purchase upgrades for their avatars or buy special abilities on the site.
All they have to do to claim the reward is enter the referral code on Temu.
The scammer is simply taking advantage of the curiosity of social media users and the fact that Temu is still not universally known.
Another social media scam leveraging the pulling power of Temu involves fake posts from celebrities mocked up to appear as if they have a commercial partnership with the Chinese e-commerce marketplace.
Once again, there's no such deal and the codes simply accrue the scammer more cash/rewards with Temu.
Clicking through will take you to a lookalike phishing site, where the scammers will harvest your card information.
To its credit, Temu is boosting its security by launching a bug bounty program, as well as trying to crack down on scams.
If you want to check out a Temu deal advertised online, visit the site independently.
Temu now offers SMS-based 2FA, which, while nowhere near as secure as hardware security keys or even dedicated mobile authentication apps, is better than nothing.
Don't fall for offers requesting you to type in a referral code on Temu - especially ones featuring celebrities.
More broadly, be careful about how much data you disclose and what kinds of permissions you grant to the Temu app, or any other mobile app for that matter.
While there is no evidence that the site as such is a scam, fraudsters can still try to use it to defraud shoppers.
This Cyber News was published on www.welivesecurity.com. Publication date: Thu, 18 Jan 2024 19:43:05 +0000