Here's how scammers have evolved their practices.
The thief will obtain either your credit card data or your sign-in credentials at a merchant's website via the so-called dark web. He or she will then use your information to buy goods to sell on the secondary market.
Afterward, the scammer will promote and resell the products at a discount on his own website. When a buyer purchases an item, he unwittingly gives his credit card details to the thief.
While the buyer often gets the purloined goods, Forter said — the scammer now has his information, and the cycle begins again.
Thieves have also stepped up their marketing game. For instance, they've created websites that mirror those of legitimate merchants, and they use social media to funnel traffic to their pages, where they resell the items they bought with stolen data, Reitblat said.
Scammers have also wised up about the items they're reselling, touting affordable luxury goods with believable markdowns, rather than the most expensive products available.