Here are a dozen of this season's top cyber threats, according to cybersecurity experts:

1. Black Friday/Cyber Monday specials. Scammers often advertise big-ticket items to lure unsuspecting consumers to click on links. Bad guys build complete copies of well-known sites, send emails promoting great deals, sell products and take credit card information – but never deliver the goods.

“Sites that seemingly have unbelievable discounts should be a red flag. When something is too good to be true, it likely is,” Ondrej Krehel, founder/CEO of the New York City-based cybersecurity intelligence firm LIFARS, said. “These sites look like legitimate stores, but use these web fronts to collect sensitive information, including credit card numbers.”

2. Free vouchers or gift cards. A common Internet scam involves big discounts on gift cards. These sites usually request enough personal information for criminals to raid victims' bank accounts.

Social media site posts also offer phony vouchers or gift cards, with some being paired with holiday promotions or contests. Some posts may even appear to have been shared by a victim's friend. Often, these posts lead to online surveys designed to steal personal information.

In August 2015, a link began circulating on Facebook that promised users a $100 JCPenney coupon in exchange for liking and sharing a post. Users who clicked through those shared links reached a page titled, “Back to School with a $100 JCPenney Coupon.” However, the URL was “JCPeeney.net,” not JCPenney.com – the department store's official website.

3. Postal delivery failures. In this scam, targeted consumers receive bogus emails with subject lines such as, “USPS Delivery Failure Notification.” These emails then instruct consumers to click on a link to find out when they can expect delivery.

“These will typically take the victim to a fake but legitimate-looking website and ask for sensitive information that will allow the cybercriminals behind it to steal the victim's identity and commit fraud,” Krehel said.

Clicking on the link activates a virus, which can steal personal information such as usernames, passwords and financial account information stored on the victim's computer.

It's similar to a recent telemarketing scam uncovered by the Postal Inspection Service, in which fraudsters masquerading as USPS employees phoned residents requesting birth dates and Social Security numbers, stating the information was needed for package delivery.

4. Ransomware, DDoS and site overload. Last July, the Internet Crime Complaint Center issued an alert regarding an increasing number of complaints from businesses hit by distributed denial of service extortion campaigns via email. In a typical extortion campaign, the targeted business receives an email threatening a DDoS attack on the company's website unless it pays a ransom.

DDoS attacks result in damaging consequences, including lowered customer confidence and lost revenue. The attack might not be large enough to crash a website, but it's just large enough to get noticed. The attack is then followed by an email claiming responsibility and threatening a bigger attack if the ransom isn't paid.

During site overloads, sites receive more traffic than they can handle, overwhelming them and potentially causing crashes. According to Neustar, 88% of consumers distrust websites that crash.

5. Fake coupons and refunds. This involves scammers who create tantalizing fake email coupons that appear to be legitimate.

“Sites with extremely high-savings coupons can harm buyers,” Sjouwerman explained. “This typically involves the use of an undetected keylogger that captures information typed by the victim, including URLs, user names and passwords, and sends it off to the criminal.”

A fake refund scam is also circulating, in which an email appears to come from a hotel or retailer. It claims a “wrong transaction” occurred and asks victims to click for a refund, triggering a malware infection on the victim's device.

6. Phishing on the Dark Side. A new email has begun circulating that tricks people into thinking they could win movie tickets for the highly-anticipated film, “Star Wars: The Force Awakens,” due out on Dec. 18. However, the email is a phishing attack in disguise.

Sjouwerman cautioned that leading up to the film's release, this will be highly successful social engineering attack.

7. Charity tricksters. The holidays are traditionally a time for giving, but they also bring cybercriminals who attempt to pry money away from people who mean well. Making a donation on the wrong site can mean inadvertently funding cybercrime or even terrorism.

Consumers should be skeptical of communications from charities that ask for contributions and make sure they are legitimate. It's also a good idea to contact the charity directly to verify the request.

8. Extra holiday money. People can always use some extra money over the holidays, so cyber fraudsters might concoct work-from-home swindles. The most innocent versions of these scams collect confidential information such as Social Security numbers from victims on required forms, and later use them to commit identity theft. The worst versions of them get victims involved in money laundering.

Internet crooks also target vulnerable individuals with pay-in-advance scams and credit offers. In these cases, spam emails advertise prequalified, super low-interest credit cards and loans if the consumer pays a processing fee – which goes straight into the scammer's pocket.

9. The search trap. Bad guys do their research to find out what consumers want, then they build websites that promise the item to their victims. To get more traffic to the sites, they do extra legwork to ensure they pop up on search engines.

These sites contain malware, and experts recommended consumers fully update their web browsers to alert them of unsafe sites.

Also, those seeking a particular Cyber Monday deal should go directly to the store's website instead of a search engine. This will help them avoid scammers perusing search engines to trick shoppers into visiting their bogus sites.

10. Open Wi-Fi. People often bring their laptops, tablets and smartphones to the mall to browse gifts and search for deals online, but they must understand the bad guys may be right there with them shopping for credit card numbers.

Scammers trick these shoppers by emitting what appears to be a free Wi-Fi signal. If the shopper hops on it, the scammer can gain access to his or her credit card information. Experts advised consumers to never complete a credit card transaction while using a public Wi-Fi connection.

11. Grinch e-card greetings. These malicious email attachments look like an e-greeting card from a friend or co-worker, with dancing reindeer, holiday music and all. However, they contain viruses or malware that could infect the recipient's workstation.

E-card-triggered viruses and malware are not new, but the latest versions are becoming more difficult for typical antivirus and antispam defenses to detect.

12. Not so secure EMV cards. The Federal Trade Commission reported scammers are trying to take advantage of the millions of consumers who haven't received chip cards by emailing them and posing as card issuers. These fraudsters coerce victims to share personal information by updating their accounts or click on links that install malware on their devices.