Nurfoto via Getty Images
Updated on November 25 with details of a new report confirming seasonal threats as Amazon issues a warning that all 300 million users should heed.
There’s no escaping the annual Black Friday sale, which runs for a long time every year. Equally, it cannot be denied that Amazon is on top in terms of incidents and targets of cyber criminals. With an estimated 310 million active users in 2025, Amazon has always been a major minefield for scammers, hackers, and other highly-targeted cybercrime activity. Now the online retail giant has issued a dire warning that every customer should take the attack by attackers seriously. Here’s what you need to know and do.
Amazon sends attack warnings to users – what you need to know
Following a new report confirming that cybercriminals are targeting big brands including Netflix and PayPal, using browser information and an impersonation process linked to the metrics push criminal platform, Amazon has now sent me a warning email, but all 300 million users should take note and remain alert for impersonation scammers. These cybercriminals are targeting Amazon users to gain “access to sensitive information such as personal or financial information, or Amazon account details,” Amazon said in an email on Nov. 24.
Of course, such attacks are not uncommon, nor are they new, but they continue to evolve, and warnings like this one from Amazon serve as a timely reminder to be especially vigilant this time of year.
Amazon email warns of the following attacks:
- Fake delivery or account issue messages.
- Third-party ads, including ads on social media, offer amazing deals.
- Messages sent through unofficial channels requesting account or payment information.
- Exactly the same, but through unfamiliar links.
- Unsolicited technical support phone calls.
Amazon’s seasonal strike warning is timely and necessary
A new report from FortiGuard Labs published on November 25 has confirmed that Amazon is quite right in sending out hack attack warning emails. Citing domain registrations ahead of the holidays as a clear indicator of attack intent, FortiGuard Labs said it had “identified more than 18,000 holiday-themed domains registered in the past three months, including words like Christmas, Black Friday, and flash sale,” and “at least 750 of these were confirmed to be malicious.”
The report also revealed an increase in the number of registered domains imitating major retail brands, with more than 19,000 observed and 2,900 confirmed to be malicious. “Many copy household names,” such as Amazon, for example, “often with minor variations that are easy to miss when shoppers move quickly,” the researchers said.
According to Anne Cutler, cybersecurity evangelist at Keeper Security, “We are guaranteed to see more sophisticated scams this year, driven primarily by artificial intelligence, whether it’s fake order confirmations, fake retail sites and even AI-generated customer service messages designed to steal login details or payment information.”
Amazon’s advice to stay safe from these attacks
Amazon has given its customers the following advice to stay safe from these ongoing attacks, not just at this time of year but all year long.
- Use only the Amazon mobile app or website for customer service, account changes, delivery tracking, and refunds.
- Set up two-factor authentication when available for your online accounts to help prevent unauthorized account access.
- Use passkey. It’s a safer way to sign in than using a password, and it works with the same face, fingerprint, or PIN you already use to unlock your device.
Remember, Amazon will never ask you to make a payment or provide payment information over the phone, nor will it ever send customers emails to verify their account credentials. Stay safe out there! You can read more advice from Amazon about phishing attacks here.
<a href=