Money

Here's how to protect yourself against scams over Black Friday and Cyber Monday

Online shopping can be convenient, but experts say shoppers should be on high alert for email scams this holiday season. 
filadendron | E+ | Getty Images
Online shopping can be convenient, but experts say shoppers should be on high alert for email scams this holiday season. 

This holiday shopping season, it's your emails you should be checking twice.

Black Friday and Cyber Monday provide the perfect environment for cyber criminals, cybersecurity experts say: They offer up distracted shoppers and ample opportunity. An estimated 164 million people are planning to shop between Thanksgiving Day and Cyber Monday, and online sales alone are expected to reach up to $143 billion, according to Deloitte's annual retail holiday sales forecast.

"As consumers rush from one store to the next, they'll be distracted and hurriedly accessing email from their phones, looking for that last-minute deal from their favorite store or brand," says Adrien Gendre, North American CEO of email security provider Vade Secure.

Because your guard may be down, you'll be more susceptible to phishing attacks and spam emails, Gendre says. Plus, he says, consumers are actually pre-wired to expect too-good-to-be-true deals this time of year.

Overall, fraud losses this year from online shopping, airline tickets, money transfer and banking services are expected to hit $22 billion, according to a new report from Juniper Research.

What to look for when receiving holiday emails

Emails are a particularly common way for fraudsters to gain access to your credit card information or identity. Hackers sends what's called a phishing email, in which they copy a store's sale or discount email and include a link to a false portal asking for your info.

Sometimes it's easy to tell which emails are fakes. Look closely for odd sender email addresses, typos, or language that feels off.

Plus, a reputable company will never ask in an email for personally identifiable information such as a Social Security number, a credit card number or a bank account number.

A screenshot of a gift card phishing attack Dave Baggett recently received
Source: Dave Baggett
A screenshot of a gift card phishing attack Dave Baggett recently received

Cyber criminals are often quite savvy, though, and experts say they're seeing attackers sending picture-perfect replicas of major brands' emails. "These are nearly impossible to discern as fakes, even by trained experts," Baggett says.

So, as a general rule, be skeptical of any emails from retailers. "Just because you see a big Amazon logo doesn't mean it's from that brand: anyone can copy any image on the internet and use it in an email," says Dave Baggett, co-founder & CEO of the anti-phishing company Inky.

And it's not just deal emails that are suspect. Cyber criminals also send out fake notifications, Gendre says: Hackers might send a phishing email that seems to come from Amazon or Apple, for example, and that says something like, "There was a problem with your order. Please log into your account and confirm your payment details."

Hackers try to create a false sense of urgency to convince you to provide login credentials or credit card information. "Hackers possess endless creativity in their attempts to trick recipients, and we expect they'll successfully steal a large number of credit card numbers this holiday season," Gendre says.

What to do if you suspect a scam

The best thing you can do, even if you're juggling shopping and checking emails for sales alerts during the post-Thanksgiving sales, is avoid clicking on any emails directly, Gendre says. If the email says it's from Amazon, for example, still go directly to the website and log-in. "That ensures you're talking to the real brand," he says.

If an email looks suspicious in any way, check if it's being sent from a corporate email address, says Ivan Novikov, a white hat hacker and CEO of security company Wallarm. For example, if you use Gmail, click the down arrow on an email to access more information on the origin and reply-to email address. Look for any signs that the address may not be legitimate.

Other email clients give you similar capabilities, Novikov says.

Cyber criminals aren't only impersonating retailers, either. You could get a fake email that seems to be from a major shipping company like UPS, FedEx or DHL, Baggett says.

Instead of clicking on a tracking number listed in an email, consumers should go directly to ups.com or fedex.com to input what's supposedly the tracking number, Baggett says. You can also enter any package tracking number into a Google search and the results will tell you which carrier it is for.

And if you get an email from a major brand or retailer that asks you to take a survey of similar in exchange for a gift card, be wary. Almost all of these are fraudulent, Baggett says: "Assume any gift card email is a scam and ignore it."

Don't miss: How billion-dollar start-up Darktrace is fighting cybercrime with A.I.

Like this story? Subscribe to CNBC Make It on YouTube!