As the 2025 holiday shopping season hits full stride, Amazon is warning all 300+ million of its customers to stay on high alert. With Black Friday sales stretching longer each year, cybercriminals are exploiting the shopping surge, and new data shows their tactics are more aggressive and convincing than ever.
Why Amazon Is Sounding the Alarm
In a November 24 email sent to users, Amazon warned that scammers are increasingly impersonating the company to steal sensitive personal and financial information. These attacks aren’t new, but they’re evolving fast, especially with artificial intelligence making fake messages, spoofed websites, and fraudulent alerts look more realistic.
According to Amazon, attackers are reaching out using:
- Fake delivery or “account issue” notifications
- Social media ads for unreal “too-good-to-be-true” deals
- Messages from unofficial channels asking for login or payment info
- Suspicious or unfamiliar links
- Unsolicited tech support phone calls
Amazon stresses that customers should treat any unexpected message requesting credentials or payment information with extreme caution.
New Report Confirms Rising Holiday-Themed Scams
A fresh FortiGuard Labs report backs up Amazon’s warning. The findings reveal:
- 18,000+ holiday-themed domains registered in the last three months
- 750 confirmed malicious
- 19,000+ domains impersonating major brands, including Amazon
- 2,900 malicious brand lookalike domains
Cybercriminals are crafting domains with slight variations, easy to miss during the rush of holiday shopping. Experts warn that AI is accelerating the sophistication of these scams, making fake order confirmations, spoofed retailer websites, and forged customer service interactions more convincing than ever.
The FBI Confirms Massive Financial Damage
In a new public service announcement on November 25, the FBI warned that brand impersonation attacks are fueling a surge in account takeovers. Since January 2025, thousands of victims have reported losses totaling more than $262 million.
These scams often involve:
- Phone, text, email, or instant message contact from someone pretending to be customer support
- Claims of “fraudulent activity”
- A link to a realistic but fake website
- Victims entering their login, MFA code, or one-time passcode
- The attacker using those credentials to reset the password and take over the account entirely
Although the FBI’s alert focuses on financial institutions, the tactics apply to all major brands, including Amazon.
How Amazon Says You Can Protect Yourself
Amazon is urging customers to take the following steps to protect their accounts year-round:
1. Use Only Official Amazon Channels
Rely exclusively on the Amazon app or amazon.com for customer service, order tracking, refunds, and account updates.
2. Enable Two-Factor Authentication (2FA)
2FA adds a crucial layer of protection against unauthorized access.
3. Use Passkeys
Passkeys let you sign in using biometrics (face, fingerprint) or your device PIN, a safer alternative to passwords.
4. Remember What Amazon Will Never Do
Amazon will never:
- Ask for payment over the phone
- Request payment information via email
- Ask you to verify account credentials through links or messages
If you receive messages asking for any of those, assume it’s fraudulent.
Stay Vigilant This Holiday Season
With AI-powered scams accelerating and brand impersonation attacks spiking, Amazon’s warning is timely and necessary. Whether you’re shopping for holiday deals or simply checking order updates, a moment of caution could save you from a costly scam.
Stay safe and always confirm before you click.
