"The Internet was never designed to be secure," said Alan Brill, managing director of the cyber risk practice at Kroll, a New York-based consulting firm. But retailers and law enforcement experts say there are certain things you can do to protect yourself - and your bank account. Here are five suggestions.
1. Triple-check the URL
First things first: Look at the address at the top of the page, says Craig Williams, outreach director of Cisco Talos, which is Cisco's security arm. Today's consumers are increasingly finding products through social media posts and ads, which means you've got to be vigilant to ensure you're on an authentic site.
Keep an eye out for websites that may be posing as mainstream sites. "We're seeing more domains of varying legitimacy," Williams said. "Maybe there's a typo in the name, or a number instead of a letter, or a vowel missing here or there." All of those, he said, are red flags.
And although shoppers are more comfortable buying from new and unheard-of sites, experts say a completely nonsensical URL may be a sign that a retailer isn't exactly what it says it is.
2. Read the reviews and run an image search
Phony merchants are increasingly populating their sites with high-quality images they've lifted from upscale websites or fashion magazines. That means the leather jacket being advertised for $25 could easily cost 100 times as much.
So do your homework: Read the reviews (but keep in mind that they, too, can be doctored or deleted). Do a quick online search for the seller or URL, too, to check whether there have been complaints about fraud or counterfeits.
A reverse image search on an engine like Google can help turn up the original source of a photograph, says Gabriel Openshaw, vice president of e-commerce for Overland Sheepskin, who says the technique has helped the family-run business identify hundreds of websites that are using its copyrighted images. And although fraudulent sites have become more sophisticated in how they repurpose stolen photos - by altering the background, perhaps, or replacing a model's face with someone else's - he says it's worth a try.
3. Use a credit card or PayPal
"The most dangerous thing you can do is use a debit card, which opens up your entire bank account to the bad guys," Brill said.
Instead, he says, pay for online purchases with credit cards or services like PayPal, Apple Pay or Samsung Pay, which offer an extra layer of protection.
But if you do end up falling victim, Williams recommends contacting the merchant for a refund. If that doesn't work, he says, it's time to call your credit card company.
"Get the charge removed, and ask for a new card," he said. "That second step is very important. You don't know who you've given your personal information to."
4. When in doubt, use a unique credit card number
More credit cards, including those issued by Apple, Bank of America and Capital One, now offer temporary numbers that can be set to expire once a purchase is complete. These unique numbers are a good way to prevent fraudsters from charging unauthorized purchases to your card, according to Williams.
"If you're dead set on giving your personal information to a site you don't know, this is the way to do it," he said.
5. If a deal seems too good to be true . . .
The holiday shopping season is full of never-ending deals and deep discounts. But Williams says you should remain vigilant: "Even on Black Friday or Cyber Monday, you're not going to get a $2,000 purse for $20," he said.
Consumers can protect themselves, he and others said, by comparing prices with those on other websites. And, when all else fails, they said: Use common sense.
"The Internet may be a lot of things, but it is not the home of miracles," Brill said. "If you're looking for a toy that's sold out at all major retailers and suddenly this site you've never heard of says it has it - that's something to worry about."