The clock ticks toward 5 a.m., you shove your laptop aside, head for bed and bask in the glow of a job well done. Nothing beats online shopping for convenience.
That's why Internet retail sales are expected to hit $26.2 billion this holiday season, a 20 percent increase from 2004, according to a survey from eMarketer.
But just like mall shoppers guard against purse snatchers and pick-pockets, online bargain hunters must ward off identity thieves. Since Jan. 1 of this year, there have been 50 million identities accessed or compromised inappropriately through multiple break-ins to data bases, according to technical security experts.
"Most of these criminals are located in eastern Europe and Russia, so they're very hard to prosecute," said Christopher Faulkner, founder and president of CI Host, a Web hosting and data center management company based in Dallas.
When shopping online, consumers should keep in mind the following tips, provided by Faulkner -- whose customers include McDonald's, Sierra Software, Del Monte Foods and the Salvation Army -- and Paul Cook of Intelius, an online research service that provides safety and background information:
Direct navigation -- "Type the URL (Web address) directly into the address box rather than clicking on a link or an e-mail," advised Cook. "Someone can create a link that says 'Amazon,' but actually directs you to a site that looks like Amazon but is not."
Signs of a secure site -- When surfing, Faulkner said, notice that before the domain name (for example, www.amazon.com), you'll see http://. "When you go into a secure area of that Web site, the http changes to https, the 's' meaning secure," said Faulkner. "That goes hand in hand with what's called a Secure Certificate given out by Verisign -- indicated by a key or a lock in the lower portion of your browser. The key, or lock, will light up in an orange or yellow glow, which means your browser has corresponded, or talked, to the merchant's Web server and it has identified that Web server as legitimate."
Bogus Web sites -- "They're set up to be completely bogus to suck credit cards in," Faulkner said. "Every year, there is a hot item and a Web site will be built that just sells that one item and they will spam e-mail half the world: 'Give us your credit card number and we'll sell you the goods.'
"Those Web sites are doing nothing but taking the credit card numbers and expiration dates and selling them. They are called Carder Web sites, where people who peddle credit cards go to buy, trade and sell. Selling cards in 5,000- or 10,000-number bundles -- at a dollar or two a piece -- is a lucrative business."
Phishing -- "Phishers send out fraudulent e-mails that look like they came from PayPal or eBay (trusted companies), that contain a link instructing you to change your password or other personal information," Cook said. "You get directed to a site that is not affiliated with eBay at all."
Pharming -- "Pharming," according to Cook, "is a sophisticated attack in which a user can be fooled into entering sensitive data such as a password or credit card number into a malicious Web site that impersonates a legitimate Web site. It is different than phishing in that the attacker does not have to rely on having the user click a link in an e-mail. Even if the user correctly enters a URL into a browser's address bar, the attacker can redirect the user to a malicious Web site.
Beware unfamiliar merchants -- "I go to the contact desk or 'How to reach us' page and see if I can find the phone number or mailing address -- a real mailing address," Faulkner advised. "I don't mean a P.O. box, either. Call the number, and see if someone answers the phone. It's kind of a litmus test to make sure that I'm not dealing with someone who sells recertified or refurbished goods as new and then hides behind the Internet, which a lot of people do when you're trying to return it. A red flag should go up."
Make sure it's new -- "Read the full item descriptions," Faulkner said, "looking for the words 'vintage,' 'recertified,' 'restocked,' 'refurbished' or 'OEM,' which means someone else has owned the item prior to you. 'OEM' means the item will be delivered without original box or manual. This doesn't happen with the latest items, but only if it has been out for a while. Sometimes the warranty is void on these items, or the sale is final, meaning if you buy it, they won't take it back at all."
Minimize number of credit cards -- "Use one or two cards maximum for all your Internet purchases," Faulkner said. "Have them set up so you can review statements on the Web. Check those statements as you are shopping on the Web to make sure you don't see anything out of the ordinary appearing."
In case of a ripoff (either you never received the item and were charged for it, or you received a refurbished piece of junk)
* "Call your credit card company to initiate a charge back," said Faulkner. "They will credit your account and then investigate. Ninety-nine percent of the time, no matter what the merchant's response, money will be rewarded to the card holder. The card holder, as customer, is protected.
* "Contact the Better Business Bureau online (bbbonline.org) to register a complaint," added Faulkner. "If they can't mediate the complaint, they will put an entry into that merchant's permanent file so the next person who comes along can see that complaint. Hopefully that will deter another person from getting ripped off."
* Cyber Griping: "Contact ripoffreport.com, a community information sharing Web site," said Faulkner.