Holiday shopping is expected to top $655 billion this year, and hackers are trying to get their share by scamming consumers looking for deals.
"This is a great time for hackers to do business," said Varun Kohli, vice president of marketing for mobile cybersecurity company Skycure, which recently issued a report on holiday shopping risks.
Hackers are targeting smartphones, where 25 percent of purchases are expected to be made this holiday season, according to the consulting firm, PwC. To get the best prices, 90 percent of smartphone users check their devices while shopping in brick-and-mortar stores, according to Skycure.
That can be a costly mistake. In a quest to save on pricey cellular data, many look for free Wi-Fi, which could be putting their device and sensitive financial information at risk.
If you connect to a malicious Wi-Fi network, hackers can view any transaction you do and gain information, such as your credit card number.
"Every transaction that you're doing on your cellphone is actually going through the bad guys," Kohli said.
Malicious Wi-Fi networks appear to be just like those offered by stores and restaurants, but are actually run by cybercriminals.
"Hackers are very, very sneaky. When something bad happens, you would not know in most cases," Kohli said.
Malicious Wi-Fi at malls
Skycure tested available Wi-Fi networks at some of the most visited malls in the country.
"We found that every single mall that we studied in the [Travel & Leisure Magazine] top 10 had more than five bad Wi-Fi networks," said Kohli.
The most dangerous location was Fashion Show Mall in Las Vegas, according to Skycure.
"In the Fashion Show Mall there were 14 bad Wi-Fi networks in just that small area," Kohli said.
Kevin Berry, a spokesman for General Growth Properties, which manages Fashion Show, said in a statement emailed to CNBC: "GGP takes security very seriously. We do periodic audits of our Wi-Fi systems, including a recent audit at Fashion Show and did not find any suspicious public networks."
Fake apps
Even if you don't visit a physical mall, your smartphone can still be hacked when holiday shopping.
Cybercriminals create fake or repackaged apps that look authentic but contain malicious code that can siphon banking and credit card information stored on your phone.
"It takes less than a minute for someone to take any app in the app store, repackage it, and put it in a third-party app store for anyone to download," Kohli said.
The malicious apps, such as one called Amazon Rewards that Skycure found, can be downloaded from third party app stores, in other words, those not controlled by Apple and Google.
"This looks exactly like an Amazon app. Uses the real logo. But, in fact, it is stealing information in the background and sending users to fake websites with fake coupons," Kohli said.
"We take security very seriously and we encourage customers to download content only from sources they trust," Amazon spokeswoman Angie Newman said in a statement emailed to CNBC,
Hackers capitalize on the stolen financial information by selling it on the black market.
"Once your credit card information is sold to someone, anyone can make any purchases on your behalf," Kohli said.
Protect yourself
To protect yourself, Kohli suggests being especially careful of Wi-Fi networks with the word free in them. "We found in the study 10 percent of all bad Wi-Fi networks have the word "free" in them," he said.
Skycure also suggests you make sure there is a physical store to match the network. "We found Macy's free Wi-Fi in Denver. We found Bloomingdale's free Wi-Fi in Philly. These Wi-Fi had nothing to do with those brands. These were fake networks," Kohli said.
When it comes to apps, download from the official app stores monitored by Apple and Google. "You are 72 times more likely to download malware if you're downloading it from a third-party app store," Kohli said.