NEW YORK — Online fraud spikes during the holiday shopping season, as people searching for the perfect gifts take to cyberspace and head to traditional stores armed with their smartphones.

“The Pandora’s box of cyberattacks is about to open,” said Pete Tyrrell, chief operating officer for Digital Guardian, a Waltham, Massachusetts-based data protection firm. “The cybercriminals are getting more and more creative — and at the end of the day, it’s your personal information at risk.”

Here are some tips for protecting yourself and your information from online Grinches.

 

Beware of gifts of free Wi-Fi

It’s awful tempting to sign on to a store’s free Wi-Fi while you’re out shopping, especially since store walls are notorious for blocking or weakening smartphone data connections. But fraudsters also may be lurking on the networks, ready to use that connection to steal credit card or other personal information.

“People may want to log on to their Best Buy or Amazon accounts to check prices, but open Wi-Fi is probably the least secure place to do that,” says Michael Kaiser, executive director of the National Cyber Security Alliance.

And never use open Wi-Fi connections to check bank account information. The last thing you want a hacker to have is a direct connection to your bank account.

If you’re tech-savvy enough to use VPN software — short for “virtual private network,” a technique for shutting would-be eavesdroppers out of your connection — on your phone, then free Wi-Fi is safe so long as you have the VPN on. For most people, though, it’s simply best to stick to your cellular connection.

Shoppers also need to be on the lookout for less high-tech thieves when shopping online in crowded public places like coffee shops, says Nitin Bhandari, senior vice president for products at Opera Software Solutions. That means keepings your screens out of the views of others — even smartphones, which are bigger and easier to read from a distance than they used to be.

 

Swim away from potential phish

Phishing spikes during the holiday season. Emails that offer great deals on holiday gifts or donation pitches from charities could actually be attempts to steal your credit card or login information. Another popular trick: fake emails supposedly sent by online retailers or shippers such as FedEx or UPS, saying that a payment for an order didn’t go through, or that an order didn’t ship.

Don’t click on links in these emails. It could contain malware or take you to a fake website that looks very much like that of a legitimate company. Instead of getting help, you’ll most likely have your personal information stolen.

Panic over the possibility of not getting a gift in time can make people click before they think, Kaiser says. So, it’s best to slow down. If you think an email is genuine, just go directly to the company in question’s main website.