Tis the season for online shopping and electronic greeting cards. But lurking in cyberspace are countless viruses, spam messages and phishing scams waiting to pounce on people’s holiday cheer.

Tech experts warn that computer users should be extra careful when navigating the web at this time of year.

“People should be a little more alert,” said Andy Walker, a Toronto-based technology writer who pays special attention to computer security.

“People are a lot more active online, doing more transactions, even communicating with people they normally wouldn’t . . . It’s a very good time for the bad guys to take advantage.”

Years ago hackers did just that, sending viruses via e-mail messages marked with seemingly innocuous taglines such as “Merry Christmas,” “Happy HollyDays” and “A gift for you.” Most of us may not be foolish enough to fall for those tricks again, but are we wise enough to catch on to the new harmful techniques?

“As much as people are expecting the Christmas card hoax or the New Year’s hoax, attackers are moving to fly under the radar and not using such obvious or blatant threats,” said Michael Murphy, general manager of Symantec Canada, the maker of Norton Antivirus and Norton Internet Security products.

Malicious code is smaller in size nowadays, making it easier to hide inside other applications, Murphy said.

“Most people wouldn’t even notice it entering their system,” he said.

Common threats include worms, zombies, spyware, adware, Trojan horses and rootkits.

Consumers should also be on the lookout for phishing scams. The first half of 2005 saw a huge spike in the amount of these attempts. Phishing is e-mail or, increasingly, pop-ups that appear to be from bona fide companies but in fact are intended to fool people into sending confidential financial and personal data to a crook.

Symantec says it blocked 1.04 billion phishing attacks this year between January and June, up from 546 million in the second half of 2004.

Experts predict many of these will target online shopping habits – for example, an e-mail that is disguised as a shipping verification notice from a popular online store but is really a way to get personal information.

“You’re expecting communication from people like Amazon to confirm shipping, so it’s easy for phishers to communicate with you and make it appear as if they’re a legitimate institution looking for validation of user IDs and passwords,” said Walker, who recently released a book on the topic, Absolute Beginner’s Guide to Security, Spam, Spyware & Viruses (Que Publishing).

The best protection against threats is to regularly update your computer’s security system. That includes anti-virus, firewall, spam filtering and anti-phishing software.

Walker says computer security – whether it comes from free online programs or paid ones like Norton – doesn’t have to be complicated or require a lot of time or knowledge.

“People don’t want to have to get a degree in IT,” he said. “We just want to e-mail our grandma safely.”

To that end, he says 10 minutes is sometimes all you need to get your computer’s security fences up to current standards.

“Don’t be scared of security. It’s not that hard. It’s just like putting oil or anti-freeze in your car. It’s a precautionary thing you can do and learn real easily.” One of the biggest mistakes people make is thinking they’re fully protected when, in fact, the program they’ve installed only deals with viruses and won’t fend off hackers or phishers.

Another error is to let the subscription to the security program expire. While your computer remains safe from infection by old viruses, it’s defenceless against new ones.

Andy Walker, author of Absolute Beginner’s Guide to Security, Spam, Spyware & Viruses (Que), offers these tips:

-Configure the security settings in Internet Explorer to medium or high to provide better protection.

-Install a good anti-virus program. For example, Grisoft offers a free version of its program AVG, and it’s good.

-Install two anti-spyware programs because one won’t protect you. Microsoft AntiSpyware, Spybot Search & Destroy, and Ad-Aware SE are all good free programs.

-Run Windows Update and download all the available fixes. Then install Service Pack 2, the big security fix for Windows XP.

-Install an anti-phishing toolbar.

-Your bank or other financial institutions will never request verification of user IDs, passwords or other personal information through e-mail. If in doubt, contact the institution.