If you're hunting for a good Cyber Monday deal, it's pretty much a given that hackers are also on the prowl, hoping you'll fall for tricks that will let them steal your credit card information.
Cyber Monday is poised to be the biggest online shopping day this year — much to the delight of hackers.
As many as 122 million Americans are expected to shop online today, according to a survey from the National Retail Federation. That's one million more people than last year.
Two Places to Be Suspicious
Pam Dingle, principal technical architect at Ping Identity, said online shoppers shouldn't be deterred from snatching up all of those Cyber Monday deals. However, she said there are two big red flags shoppers need to look for before making a purchase.
"The two places to be suspicious are in the search browser and in your email," Dingle told NBC News. "In both of those places, the real danger is an attacker can convince you they are taking you to a real site when they’re taking you to one that they control."
Just like some fake news websites have duped people on Facebook with addresses and designs that are similar to legitimate outlets, Dingle said it's important to make sure you know where you're actually shopping.
You can do this by checking the URL or by hovering your mouse over a link in your email before you click it, she said.
"Before you click, look for typos. Sometimes going to the site is bad enough," because it could infect your computer, she said.
When in doubt? "Open the browser and go there separately," she said. "The deal is still going to be there."
Check Your Credit Card Statement
Alex Rice, co-founder and chief technology officer at HackerOne, a bug bounty platform, told NBC News bulletproof security is nearly impossible, so it's best to "assume that every site where you enter your credit card has been compromised."
"You should use a unique password and check your credit card statement," he said.
One way to check your security is to try hacking yourself, Dingle said.
She recommends going through the password recovery process for your email address to see just how strong your security questions really are.
Once you're in, she advises people to think like a hacker by doing a search for "credit card" or "passport" to ensure any old emails containing personal information are deleted from your trash.