Nearly 2000 examples of 'typosquatting' affecting the websites of major high-street brands have been detected.
Websense Security Labs has uncovered increased evidence of typosquatting, where cyber criminals create mirrors of popular shopping sites in order to steal customer data.
Online shoppers fall victim to the scam by mistyping web addresses and ending up with an infected computer.
Websense discovered typosquatted domains where the page looks like a retailer's site but customers were led to harmful sites.
It said cyber criminals had registered variants of legitimate sites with false suffixes such as '.org' or '.net'.
In October, Websense noticed that cyber criminals were registering huge numbers of fake website domains in preparation for the Christmas shopping spree.
“Cyber criminals are smart at enticing Christmas shoppers to unwanted sites," Websense Security Labs Elad Sharf said.
"While this looks like a consumer problem, typosquatting also puts companies' confidential data at risk as many employees shop from work computers at lunchtime.