Amazon has issued an urgent attack warning to its 300 million customers worldwide as cybercriminals ramp up impersonation scams ahead of the busy Black Friday and holiday shopping season.
The alert arrives alongside a new FBI public service warning and a fresh cybersecurity report confirming a sharp rise in brand-targeted attacks designed to steal login credentials, financial details, and personal information.
Amazon Confirms Spike in Impersonation Attempts
In an email sent to users on November 24, Amazon warned that scammers are attempting to gain “access to sensitive information like personal or financial information, or Amazon account details.”
These attacks are not new, but Amazon says cybercriminals are becoming more advanced—using fake verification messages, cloned websites, and deceptive customer-service communication to trick shoppers into revealing their credentials.
Common Scam Methods Amazon Customers Should Watch For
Amazon highlighted several high-risk attack vectors now spreading rapidly:
- Fake delivery or account-issue messages sent through email or text.
- Deceptive ads on social media promoting “too-good-to-be-true” deals.
- Messages through unofficial channels requesting account changes or payment verification.
- Suspicious links that lead to fraudulent login pages.
- Unsolicited tech-support calls pretending to be from Amazon.
Users are urged to avoid interacting with any message that does not come from official Amazon sources.
Cybercriminals Are Preparing for Black Friday — And the Data Proves It
A new report from FortiGuard Labs, published November 25, confirms the scale of the threat. Researchers found:
- More than 18,000 holiday-themed domains registered in the last three months.
- At least 750 confirmed malicious domains disguised as holiday sales sites.
- Over 19,000 domains mimicking major retail brands, including Amazon, with 2,900 confirmed malicious.
These fake websites often use minor spelling changes or URL variations—easy to miss when shoppers are rushing during holiday sales.
Cybersecurity experts warn that AI-generated phishing, fake order confirmations, and realistic customer-service messages are making scams harder to detect.
FBI Warns of Rising Account Takeover Crimes
The Federal Bureau of Investigation has also issued a fresh nationwide alert on November 25, warning of sophisticated account takeover attacks using brand impersonation.
Since January 2025, the FBI says thousands of victims have reported combined losses of more than $262 million due to scammers posing as support staff from trusted companies.
Criminals are convincing victims to provide login credentials, one-time passcodes, or MFA codes—giving attackers full control of user accounts.
Amazon Shares Critical Safety Tips for All Users
Amazon urged customers to follow these protections year-round:
- Only use the official Amazon app or website for account changes, support, and tracking.
- Enable two-factor authentication (2FA) on all accounts to block unauthorized access.
- Switch to passkeys, which use your device’s fingerprint, face ID, or PIN for more secure sign-ins.
- Remember: Amazon will never ask for payments or personal information over the phone, nor will it send emails asking users to verify their login credentials.
Amazon also encourages shoppers to double-check URLs, avoid clicking unfamiliar links, and report suspicious messages immediately.