Cybersecurity concerns spark online shopping warning
Australians are being warned about accidentally gifting loved ones products with hidden malware or compromising their own cybersecurity when shopping online.
Anyone tempted by overseas and from smaller retailers offering bargains heading towards Christmas is at risk, according to Australian Information Security Association chair Damien Manuel.
Shoppers need to pay close attention to where products are made and where online retailers are based because they might be unwittingly handing over personal data that could make them more vulnerable to cyberattacks or being spied on, he said.
"Just because something's cheap doesn't mean it's great. It could be that they're selling it to you cheap because they want to collect data on you to then sell you other items or sell that data to somebody else," Mr Manuel told AAP.
He is concerned about buyers handing over details such as names, personal address, credit card numbers and other information at the checkout or for postage reasons without thinking about where it will end up.
Likewise, he warned anything connected to the internet poses a security risk including smart soundbar and speakers, toys, baby monitors, home security devices and even products without obvious cameras such as robot vacuum cleaners.
"Often they'll have cameras to identify where they need to travel in the home. Those cameras actually capture the entire wide-screen image of the house inside," Mr Manuel said.
"Actually it starts to classify different items you have in the house and sends all that data back overseas to the manufacturer to use for other purposes."
It's a growing problem, with one-fifth of Australians falling victim to identity crime and misuse in the past 12 months, according to a survey of almost 14,000 people by the Australian Institute of Criminology in early 2023.
Eight per cent of people were the target of fraud or scams, with the most common being online shopping schemes involving handing over money or sensitive information to fake sellers or buyers.
Mr Manuel suggested shoppers check where manufacturers, retailers and websites were based because privacy was more heavily regulated in some jurisdictions such as the EU, UK, USA and Australia compared with others.
He made the comments ahead of the Australian Cyber Conference in Melbourne and warned people who had already fallen victim to hackings, including the Optus and Medibank breaches, were even more vulnerable because their details are already circulating on the dark web.
Dr Eloise Zoppos from Monash University's Australian Consumer and Retail Studies research unit said there were simple ways to mitigate risks.
Their research shows more than three-quarters of Australians purchased from an online store in the past three months and many choose to have parcels sent to a PO box instead of giving out their personal address.
However, the best way to protect yourself might be before it gets to that stage.
Dr Zoppos suggested browsing at trusted retailers, checking out online reviews, only buying from shops with a large online presence and consider using third-party paying platforms that have buyer protections such as PayPal.
She said there were secure overseas retailers with longer shipping times but it was worth the wait.
"No matter what people are buying online, it's really important that consumers really think about where they're buying from and don't necessarily just buy the best deal online," Dr Zoppos said.