Amazon has sent an urgent security alert to its entire user base of over 300 million active customers on November 24, 2025, warning about a wave of impersonation scams targeting shoppers during the Black Friday shopping season.
The email highlights cybercriminals attempting to steal login credentials, financial details, and personal information by posing as the retail giant.
The warning comes at a critical time as Black Friday sales officially begin November 28. With online shopping activity reaching peak levels, scammers are exploiting the chaos to launch sophisticated phishing attacks through fake delivery notifications, account issue alerts, and bogus refund offers sent via email, text messages, and social media platforms.
This isn’t a data breach announcement but a proactive security measure. Amazon’s alert coincides with a FortiGuard Labs report published November 25, which confirmed that over 18,000 holiday-themed domains were registered in the past three months, with at least 750 confirmed malicious.
The report also identified more than 19,000 domains impersonating major retail brands, including 2,900 confirmed malicious sites designed to trick shoppers.
Key Takeaways
- Amazon warned 300 million users about rising impersonation scams ahead of Black Friday
- 750+ malicious holiday-themed domains registered in recent months, per FortiGuard Labs
- Common scam tactics include fake delivery alerts, account issue messages, and third-party social media deals
- Amazon confirms it never asks for passwords or payment info via email or phone
- Users urged to enable two-factor authentication and use Amazon’s official app only
What Scammers Are Targeting
Cybercriminals are deploying multiple attack methods to compromise Amazon accounts during the holiday rush. The most common tactics include fake delivery failure messages claiming packages couldn’t be delivered and requiring immediate action. These emails often contain links to phishing websites designed to harvest login credentials.
Account security alert scams represent another major threat. Fraudsters send emails claiming suspicious activity on accounts and requesting verification through unofficial links. Third-party advertisements on social media platforms are also being weaponized, offering deals that seem impossibly good while directing victims to malicious sites.
Anne Cutler, cybersecurity evangelist at Keeper Security, explained that artificial intelligence is making these scams more convincing than ever. From forged order confirmations to AI-generated customer service messages, attackers are creating highly realistic communications designed to steal payment information.
The Rising Holiday Threat
The timing of Amazon’s warning reflects documented patterns of cybercrime activity. A 2024 FBI Internet Crime Complaint Center report found victims reported $16 billion in losses, representing a 33% increase from the previous year.
Research from Seon revealed fraudulent transactions around Black Friday are five times higher than October baseline levels, with Cyber Monday seeing four times higher fraud rates.
FortiGuard Labs researchers noted that many malicious domains use slight variations of legitimate brand names that are easy to miss when shoppers are moving quickly. The proliferation of fake sites targeting Amazon specifically demonstrates how cybercriminals focus efforts on the world’s largest online retailer during peak shopping periods.
| Type of Attack | Method Used | Warning Sign |
|---|---|---|
| Fake Delivery | Email/text claiming failed delivery | Requests login via unfamiliar link |
| Account Issues | Alert about suspicious activity | Asks for password verification |
| Tech Support | Unsolicited phone calls | Requests remote computer access |
| Social Media Deals | Too-good-to-be-true offers | Links to unofficial websites |
Amazon’s 5 Safety Rules
Amazon provided specific guidance for customers to protect themselves during the shopping season and year-round. The company emphasized that all legitimate interactions should occur only through the official Amazon mobile app or website for customer service, account changes, delivery tracking, and refunds.
Setting up two-factor authentication on all online accounts is essential to prevent unauthorized access. Amazon also recommends using passkeys, which work with face recognition, fingerprint, or PIN to unlock devices without traditional passwords.
The retail giant made clear it never asks customers to make payments or provide payment information over the phone, including gift cards or wire transfers. Amazon also never sends emails requesting account credential verification. Any communication asking for these details should be treated as a scam attempt.
Customers should be cautious of any message creating a sense of urgency or pressure to act immediately. This psychological tactic is a hallmark of scam operations designed to bypass rational decision-making.
Public Reaction and Social Media Response
Discussion on X (formerly Twitter) spiked 300% on November 25 compared to the previous week, with hashtags like #AmazonScam and #BlackFridaySafety gaining traction. User sentiment split between appreciation for the proactive warning and frustration with broader cybersecurity concerns.
One viral thread garnered over 200 likes warning that “scammers love the chaos.” Cybersecurity professionals amplified Amazon’s message as a positive example of corporate transparency. However, some users expressed skepticism about Amazon’s security track record, questioning why warnings come after years of data leak incidents.
