'Tis the season for making merry. Or in some cases making mischief, especially on the Web.

Whether you're shopping online or just checking your personal e-mail, don't get financially fooled this holiday season.

"In this economy, when we're all trying to get the most bang for our buck, we're letting down our guard," said Parry Aftab, a privacy attorney and the new family Internet safety adviser for McAfee Inc., a computer security firm.

The hectic holidays, when people are hurrying and hunting for bargains, are especially ripe for online ripoffs, experts say.

How do the scamsters do it? Let us count the ways. There are the phony FedEx and UPS e-mails, describing a package delivery waiting for you. The fake bank e-mail, warning that your account is overdrawn. The heartfelt appeal – seemingly from a favorite charity – asking you to donate as little as $5 by clicking online. Not to mention all the pseudo-shopping sites masquerading as the real thing.

It's what's known as "phishing," posing as a legitimate Web site in order to entice you into entering your credit card, Social Security or bank account numbers. Or they'll lure you into clicking on an e-mailed link, which then unleashes all sorts of nasty spyware and malicious gremlins into your computer.

"It always increases around the holidays, when more people are shopping online," said David Jevans, the Bay Area-based chairman of the Anti-Phishing Working Group, a consortium of business and law enforcement entities that tracks Internet fraud and scams globally.

Phishing attacks cost U.S. consumers $3.2 billion last year, according to a survey by technology research firm Gartner Inc., which said 3.6 million adults were bilked out of money online, compared with 2.3 million in 2006. The average loss: $886.

Jevans and others say the scammers are increasingly getting more sophisticated.

Even holiday-themed greetings and e-cards can be imbedded with peril.

"People think, let's send a friend a cute holiday screen-saver … but while you're listening to Santa singing 'Jingle Bells,' it's downloading spyware," said Aftab.

Spyware is the malicious coding that can infect your computer, leading to unwanted popups, password and data theft, or silently using your computer to send spam.

Aftab said parents should be especially careful as many kids are home from school and busily downloading lots of Santa screen savers, holiday puzzles and games or reindeer ringtones.

How to avoid online dangers?

• First, be sure your computer is loaded with the most up-to-date firewall, anti-virus and anti-spyware software and spam blockers. When your computer system sends a message asking you to download the latest free security update, don't ignore it.

You can also pick up free software, such as Ad Aware, which protects against spyware, or McAfee's Site Advisor, which issues safety ratings on thousands of Web sites.

• Pay close attention to the Web address of incoming e-mails. A fake message from PayPal, for instance, may change a letter or add a suffix. It could read "PayPlal," with an extra letter included. Or "Amazon-account.com" with an extra word tossed in.

• Be wary of friendly-sounding subject lines like "Happy 2008!" or "Christmas Blessings" from odd-looking Web addresses. Don't open any attachments unless you're sure who it's from.

• If you bank online, log into your account often to check for fraudulent charges.

And be alert when shopping online, too. Tomorrow is officially "Cyber Monday," the day when Internet shopping kicks into high gear.

Among the millions of avid online shoppers is Sacramentan Joanne McNabb.

As a consumer, McNabb hasn't set foot in a shopping mall for the past five holiday seasons, preferring to do all her gift-buying for 25 friends and family members on the Web. She peruses her favorite print catalogs, picks out her choices, goes to the Web for a little comparison shopping, then hits the "Submit" button when she finds the best site for her purchases.

But, as head of the state's Office of Privacy Protection, she's also well-versed in how to avoid getting ensnared in seasonal scams.

Her advice:

• As with any brick-and-mortar store, know whom you're doing business with. Check the Web address to be sure it's recognizable. Don't click on a link to a store's site; type it yourself to be sure you're on the real Macy's Web site, not a phony one.

• Be sure there's a "Privacy Policy" at the bottom of the retailer's home page, explaining whom it shares your information with. If the privacy policy is not there, take your business elsewhere.

• Don't use a debit card online. If someone gets access to your card, your bank account could be drained quickly. And, McNabb says, the time frame to report a debit card loss is shorter and the liability limits less generous than with a credit card.

"If you're using a credit card, you're in a very good position. When you get your bill, you can protest any fraudulent transactions," she said.

To keep track of her purchases, McNabb creates an online folder where she stashes her transaction confirmations, receipts and any correspondence with a Web-based retailer. That way, if there's any questions about an order, she has everything in one convenient location.

But even if you're nowhere near a computer this holiday season, be a careful consumer. When shopping, leave all your credit cards and checkbooks at home, except the one you'll be using. Limit how much cash you carry (although paying with cash is the ideal way to stay within budget). Don't leave any packages in your vehicle, unless they're locked in the trunk. Keep all your receipts with you, not only for exchanges/returns, but also to check purchases against your bank or credit card statement.

And last, be mindful but don't let it hamper the real reason for the season: being with family and friends.

Call The Bee's Claudia Buck, (916) 321-1968