Cyber criminals are ready to pounce on the biggest shopping days of the year.

If you shop Black Friday or Cyber Monday this year, you’ll probably be looking for a deal. 

The bad guys know this, and they’re busy setting up tricks, traps and lures to make sure your holiday dollar ends up in their pocket.

One of the big scams this year will be fake Black Friday websites with super-low prices that can suck you in, according to a new report by cybersecurity company Kaspersky Lab.

Enter your credit card number on one of these sham sites, and expect to see someone go on a shopping spree with your money.

“They attract victims with extremely low prices for goods from famous brands,” the Kaspersky report said. “And then – when the victim has chosen the item they like and proceeds to the payment page, they simply steal their financial credentials.”

This is one of a number of scams cyber crooks will try to pull this shopping season, the researchers said, especially on Cyber Monday, which could end up being the biggest online shopping day of the year. 

Example of a fake Michael Kors site. Credit: Kaspersky Lab.

Ready for you

Just like stores get ready for Black Friday in advance, so do thieves, the report said.

Their wish list includes the tools they need to rip you off. And they’ve already started their shopping on the black market.

“Underground vendors of skimmers and dummy plastic cards are already experiencing an increase in sales,” the report said.

This is the time of year when you may be looking for low prices, making a lot of purchases, and checking out new sites—making yourself more vulnerable to cyber crime.

And this is when banks may be more vulnerable, too.

“Due to many employees going on vacation around these dates, banks suffer from a lack of personnel, and it is theoretically easier for criminals to hide fraudulent operations in the stream of legal ones,” the report said.

Fake payment page on fake Michael Kors site. Credit: Kaspersky Lab.

Fake sites

Fake Black Friday sites will pop up soon—if not already—along with fake coupon sites, and pages that try to mimic a real store, according to the researchers.

One coupon site promised a $200+ coupon for Amazon.

“However, criminals sell phony coupons, not real,” the report said. “The only purpose of these websites is to collect card credentials.”

Another site looked very similar to an Amazon page.

“In most cases cybercriminals don’t bother themselves with inventing anything special. Instead they just copy pages of legitimate shops, internet banking and payment systems,” the report said.

Example of a fake Amazon site. Credit: Kaspersky Lab.

More holiday cheer

Your chances of getting a fake message from your bank or credit card company will also go up, with Visa and American Express customers as the top targets, researchers said.

More crooks will be installing skimmers on ATMs during the holidays and your favorite small or medium-sized business will have a bigger chance of getting held up for ransom this time of year.

The free-for-all will go on until after Christmas, Kaspersky predicted, with special attention paid to Black Friday, Cyber Monday and the days before Christmas.

Example of a fake Visa payment form. Credit: Kaspersky Lab.

Extra stress

You may shrug off the warning, thinking that the bank will take care of any fake charges on your card.

But victims say credit card number theft comes with a burden—stress, especially at a crucial time when you need your card right away.

And if you used your debit card instead of your credit card, you might not get the money back.

“Nothing says happy Monday like getting your credit card information stolen!” wrote one victim online.

“Most annoying part of having your credit card info stolen: not being able to online shop until your new card arrives,” said another.

“Had my credit card stolen and waited on hold for 45 minutes to put a stop on the card,” lamented a victim.

“Best day for your credit card number to be stolen? The day before vaca, of course,” wrote another.

Avoid the pain

Some of the top tips to avoid the pain of a holiday shopping cyber scam, from Kaspersky:

—Do not use unreliable (public) Wi-Fi networks to make online payments, as hotspots can be easily hacked in order to listen to user traffic and to steal confidential information.

—Do not enter your credit card details on unfamiliar or suspicious sites, to avoid passing them into cybercriminals’ hands.

—Always double-check the webpage is genuine before entering any of your credentials or confidential information (at least take a look at the URL). Fake websites may look just like the real ones.

—Only use sites which run with a secure connection (the address of the site should begin with HTTPS:// rather than HTTP://) to hinder theft of information transmitted.

—Do not click on any links received from unknown people or on suspicious links sent by your friends on social networking sites or via e-mail. They can be malicious; created to download malware to your device or to lead to the phishing webpages aimed at harvesting user credentials.

Other tips for shopping online include turning off your Bluetooth & switching to cellular before using your phone to buy from the Internet. Credit: Kaspersky Lab.

If you do fall into a cyber trap, call your credit card company as soon as possible, the Federal Trade Commission recommends.

“Once you report the loss or theft, the law says you have no additional responsibility for charges you didn’t make; in any case, your liability for each card lost or stolen is $50,” the FTC advises. “If you suspect that the card was used fraudulently, you may have to sign a statement under oath that you didn’t make the purchases in question.”

Good luck—and may these tips may help you get through your 2016 holiday shopping list fraud-free!