Executive Summary
- Amazon reports a surge in impersonation scams and phishing attempts ahead of Black Friday.
- Over 18,000 holiday-themed domains have been registered recently, with many confirmed as malicious.
- Scammers are utilizing AI to create convincing fake delivery alerts and discount advertisements.
- Amazon advises customers to use official apps and enable two-factor authentication to secure accounts.
Amazon has issued a critical security alert warning millions of customers to remain vigilant against a surge in impersonation scams and phishing attempts ahead of Black Friday. The online retail giant highlighted a sharp increase in fraudulent activity designed to steal account credentials and financial information as cybersecurity researchers report a spike in fake holiday shopping domains mimicking major retailers.
According to an advisory sent to customers, criminals are intensifying efforts to deceive users by posing as Amazon support agents, delivery services, or advertisers offering deep discounts. The company noted that these schemes often involve fake notifications regarding delivery problems or account issues, intended to create a sense of urgency. Additionally, social media advertisements promoting unrealistic deals are being used to redirect shoppers to malicious storefronts capable of harvesting credit card data.
A recent holiday threat report cited by security firms identified over 18,000 holiday-themed domains registered within the last three months, utilizing terms such as “Black Friday” and “flash sale.” Researchers confirmed that hundreds of these sites are malicious, often employing subtle spelling changes in URLs to impersonate household retail brands. Experts caution that the increasing use of artificial intelligence has made forged order confirmations and spoofed customer service messages significantly more convincing.
Amazon explicitly stated that it does not request payment information, such as gift cards or wire transfers, over the phone, nor does it ask for login details via unsolicited messages. The company urged customers to utilize its official mobile application or website for all transactions, tracking, and customer service interactions. Furthermore, Amazon recommended enabling two-factor authentication and utilizing passkeys, which leverage device biometrics for secure sign-ins.
Consumer Cyber Safety Outlook
The proliferation of sophisticated phishing campaigns during the holiday shopping season underscores the evolving nature of consumer cyber threats. With fraudsters leveraging AI to create highly realistic decoys, the burden of security increasingly shifts to user vigilance and the adoption of “zero trust” browsing habits. As the volume of e-commerce transactions peaks, cybersecurity experts emphasize that taking extra time to verify URL integrity and avoiding unsolicited links remain the most effective defenses against financial fraud in the digital marketplace.
