A Gartner study conducted in March showed that despite a higher awareness of phishing scams, a large number of consumers continue to be fooled into visiting Web sites that download such hacker tools, Pescatore added.

And it's not only consumers who need to be wary about the increasing proliferation of such tools. Companies whose employees use corporate systems to buy online should also be concerned, said Charles King, a product manager at Blue Coat Systems Inc. , a Sunnyvale, Calif.-based security vendor.

According to King, the encrypted connections between employees and the shopping sites they go to can often be used as a conduit for spyware, bot programs, viruses and worms. Such encrypted sessions are often allowed to pass through untouched to employees' PCs, raising all sorts of security issues, he said.

"Encrypted communications are agnostic. It doesn't tell you if the traffic is good or bad," said Pete Lindstrom, an analyst at Spire Security LLC in Malvern, Pa. So companies need to have controls in place -- such as proxies to terminate Secure Sockets Layer traffic -- to ensure that employees' shopping behavior doesn't pose a security risk, he said.

The results from the Truste survey appear to reinforce the findings of other recent surveys.