Every year more and more shoppers turn to the Internet for their holiday gift giving. In fact, this year it is estimated that there will be 115 million shoppers spending $1.3 billion in online transactions. Ease of use and the option to steer clear of the crowds certainly has its appeal.

Be that as it may, more and more criminals are coming online now and you can bet that they too will be doing holiday shopping. The problem is that they plan to help themselves to your wallet and they have a variety of new ways to do so.

As is stands today, you not only have to watch retailers’ prices but you also need to keep a very close eye on the familiar places where you shop. The bad guys have an excellent understanding of how sites like Ebay work and have crafted very clever scams that are designed to defraud you of thousands of dollars.

To add insult to injury, many of these scams are based in parts of the world where there is little to no chance of ever seeing justice, or your getting money back for that matter. Below are a few of the scams that are out there this holiday season and perhaps you’ve already encountered one of them in your travels. Some are spins on older scams and some are brand new, but all can be devastating to an individual’s finances.

Ebay is one of the most popular holiday shopping sites in the world. Equally, it’s the most phished site as well. There are as many scams aimed at Ebay as there are features for the buyers and sellers. One particular scam floating around this year is aimed at your desire to own that must-have item.

Here is how it works.

The bad guys troll Ebay for high dollar auctions that have ended. When they find one that has ended for let’s say $3,000, they look at the bid history. They contact the second highest bidder posing as the item auctioneer and explain to the victim that the high bidder couldn’t complete the auction. The criminal offers the item to the second highest bidder and then gently eases them away from Ebay to complete the bogus transaction. Many times criminals will ask the victim to use a wire service, which adds a high level of anonymity for the criminal. When the transaction is complete, the victim never gets the item and the criminal is long gone with the cash. Because the transaction took place outside of the safeguards offered by Ebay, there is little or no recourse for the victim.

Everyone loves Santa, but does he love you back?

Spam is nothing new but there are always new and creative techniques being used to harvest e-mail addresses. They know what real marketers have known for years. People don’t employ common sense when it comes to emotionally driven purchases and related activities. In particular, when it comes to children, people are most likely to do something stemming from emotion rather than cold hard logic.

Sophos has identified a new trick being used by spammers to get a hold of legitimate e-mail addresses and user information in the run-up to the holiday season: they are offering to send your child a letter directly from Santa. The unsolicited e-mail campaign, which includes subject lines like "Letter From Santa for Your Child" and "Santa Letter from the North Pole," offers a personalized letter addressed to your child. The e-mail also requests you to get in touch if you received the e-mail in error.

PayPal or pay the criminal.

Paypal is another one of the most popular financial services on the Internet and they too suffer from the same phishing expeditions as its parent company, Ebay.

Have you ever wondered what your significant other was up to when making online purchases? Ever believe that no matter how much you educate those in your home about security that they still end up taking the bait? This version of a PayPal scam preys on your diligence as a well-informed user.

Here is how it works. The victim receives a well-crafted e-mail from what appears to be the PayPal consumer protection department. The e-mail claims that someone has used the victim’s PayPal account to purchase some very expensive electronics and the fine folks at PayPal believe it was a fraudulent transaction.

The warning then urges the victim to click a link to the PayPal dispute center, which conveniently has your case number in the URL making it very easy for you to get right to the dispute console. Of course, when the victim clicks the link and signs in, his or her PayPal credentials are stolen and the account is emptied. What makes this one especially nasty is that the phishers send a second email 24 hours later if the victim does not take the bait on the first pass. This second e-mail is also very well done and seemingly carries enough credibility to sway those who may have been on the fence about the first PayPal e-mail.

Lots of secret admirers around the holidays.

E-cards are nothing new but they have become a favorite vehicle for scammers. This next scam is for those who run security shops mainly because these e-cards are opened while the victim is sitting at their work PC.

It goes something like this.

The victim gets an e-card notice claiming that a friend has sent them a holiday greeting. The link within this notice goes to a malicious website where the criminals stuff your stocking full of malware. The unsuspecting victim will receive what appears to be an e-card, but meanwhile, the host is being owned. Because there are so many payloads that can be delivered through this vector, you may find yourself chasing down anything from botnet infections to zero days all over your network.

Had enough coal in your stocking?

There are things you can do to help prevent a loss of personal data or your hard-earned cash this holiday season. The first thing to remember is that while it is the season of giving, it is very important to keep your wits about you whenever you make purchases or open e-mails. You may be celebrating the holiday but there are those out there who are certainly not sharing in its spirit.

If you come across a phishing scam, don’t respond to the e-mail. Instead, notify your security team or submit it yourself to the gang over at the Phishing Incident Reporting and Termination Squad (PIRT) at pirt(AT)castlecops(DOT)com or visit them directly at www.castlecops.com/pirt. Your submission gets seen by several security companies and will ultimately help protect others from those who want to do nothing more than to leave coal in your stocking.

This article was first published on InternetNews.com. To read the full article, click here.