There may be nothing more alluring to a scammer than an unsuspecting shopper looking for online deals.
Today marks Cyber Monday, the Internet's answer to Black Friday, which is pegged to the Monday after Thanksgiving. It's a day when online retailers roll out their deals and discounts, hoping to lure consumers away from brick-and-mortar shopping. But it's also become a holiday for criminals, who are also ready to pounce, especially as Cyber Monday sales are set to reach $3 billion this year.
Ugg boots at an impossibly low price? A "dream car" sold by J.C. Penney (JCP)? Both "deal" are, in fact, holiday scams that emerged this month as crooks ramped up their campaigns to lure unwary shoppers, according to computer security blog Naked Security.
The Ugg boot offer -- which promised the boots for $65, instead of their $100-and-up retail price -- sent shoppers to a site asking for credit card information without a secure payment link, while the J.C. Penney ad linked to a site hawking life insurance and other products.
One favorite technique of scammers is the old-fashioned email, which they design to look as if it comes from a known retailer. The email includes a link that lures shoppers to a fake site, where scammers may try to steal credit card data or personal information, or seek to infect your devices with malware.
Some consumers are already aware of security issues, although older shoppers may be more likely to fall for such schemes, data from the the National Cyber Security Alliance suggest. About 45 percent of consumers 18- to 24-years-old have said they abandoned an online purchase because of security concerns, compared with only 24 percent in the 55-to-69-year-old age group.
So how can consumers be alert to potential scams? Below are five tips recommended by security experts.
Buy from retailers you know -- but don't click on links in emails. While experts recommend that consumers only buy from familiar retailers, be aware that scammers love to duplicate, or "spoof," sites and emails from your favorite stores.
As a result, consumers should avoid clicking on a link in an email, an ad or in someone's blog, according to the New York State Division of Consumer Protection. Sites created by fraudsters often resemble an actual retailer's site, but sometimes there are tip-offs that it's a fake. J.C. Penney, for instance, doesn't sell cars. And on the phoney Ugg boot site, Thanksgiving was misspelled as "Thanksgivin."
Check security measures before shopping online. People shopping at home need to make sure their own Wi-Fi is private and protected by a strong password. When shopping at a site, check that the retailer is using encryption to complete the purchase. A secure purchase page will include "https" at the start of the URL.
Remember that using public Wi-Fi can leave you vulnerable to hackers. Make sure to adjust the security settings on your devices to limit who can access your phone, recommends the National Cyber Security Alliance.
Remember to keep up your guard. If a site asks for your password or other private information, it's likely a scam. If one of your financial institutions reaches out to ask for personal information, don't respond to that email or phone call. Instead, contact the company directly on your own.
Use credit cards -- and even a separate card dedicated to online purchases. Security experts recommend that online shoppers make a purchase using a credit card, given the consumer protections that card issuers provide. For instance, consumers can easily dispute a fraudulent charge on their cards, thanks to the Fair Credit Billing Act. If you use PayPal, link it to your credit card, rather than your checking account.
Lastly, New York's Division of Consumer Protection advises consumers to consider using a separate credit card for online purchases, which will limit the damage if the card is hacked.
Check your records. Given that the holidays are a busy time for purchases, it's never more important to check your accounts each day. Look for unusual purchases, even if they are as small as $1, as they could signal that a hacker has stolen your information and is testing whether the card is viable. If you see anything suspicious, immediately call your financial institution.
© 2015 CBS Interactive Inc.. All Rights Reserved.