Updated Nov. 26: The Federal Bureau of Investigation has issued a new warning about a surge in account-takeover attacks linked to brand impersonation scams. This comes alongside Amazon’s own alert urging all 300 million users to stay vigilant as cybercriminals ramp up operations during the holiday shopping season.
Amazon Warns Users of Active Impersonation Attacks
With more than 310 million active customers, Amazon remains a top target for hackers — especially during Black Friday and holiday sales. The company has now sent urgent warnings to users about scammers attempting to steal sensitive information, including:
- Personal data
- Financial details
- Amazon login credentials
According to Amazon’s Nov. 24 alert, attackers are reaching out through emails, texts, social media, and fake ads by impersonating Amazon support or delivery updates.
Common Amazon Scam Tactics Identified
Amazon highlighted several high-risk red flags:
- Fake delivery or account-issue messages
- Social media ads offering unrealistic discounts
- Requests for payment or account info via unofficial channels
- Suspicious links claiming to fix an account problem
- Unsolicited tech-support calls pretending to be Amazon
These scams evolve each year, becoming more convincing thanks to AI-generated messages and cloned websites.
Holiday Season Scam Spike Confirmed
A new FortiGuard Labs report (Nov. 25) reveals a massive rise in malicious activity:
- 18,000+ holiday-themed domains registered in 3 months
- 750 confirmed malicious
- 19,000+ domains mimicking major retailers
- 2,900 confirmed malicious lookalikes
Many of these spoofed domains closely resemble Amazon, Netflix, PayPal, and other household brands — making them easy to miss during busy shopping periods.
Cybersecurity expert Anne Cutler warns that criminals are now using AI to craft:
- Fake order confirmations
- Spoofed retailer websites
- AI-powered chat and support scams
FBI Confirms Massive Surge in Brand-Impersonation Fraud
In a Nov. 25 public alert, the FBI warned that brand impersonation is fueling a wave of account takeover attacks across banking and retail platforms.
Since January 2025, the FBI’s Internet Crime Complaint Center has recorded:
- Thousands of complaints
- Over $262 million in losses
How criminals take over accounts
According to the FBI:
- Attackers impersonate customer support staff.
- They claim there is a fraudulent transaction.
- Victims are sent to a fake login page.
- Criminals steal login credentials and 2FA or OTP codes.
- The attacker resets the password and takes over the account completely.
The agency says these clone websites are so convincing that victims often enter credentials without hesitation.
Amazon’s Official Safety Recommendations
Amazon urges customers to follow these steps to stay protected:
✔ Always access Amazon via the official website or app
Use official channels for customer service, refunds, tracking, and account updates.
✔ Enable two-factor authentication (2FA)
Adds an extra layer of security against unauthorized access.
✔ Use a passkey
A more secure login method using fingerprint, face ID, or device PIN.
✔ Remember what Amazon will never do
Amazon will not:
- Ask for payment information through phone calls
- Request verification of login credentials via email
- Send links for account fixes through third-party channels
Stay Alert This Holiday Season
With shopping at its peak and scammers more sophisticated than ever, Amazon customers are urged to remain cautious. Check URLs carefully, ignore unsolicited messages, and never share account credentials with anyone.
Stay safe — and stay skeptical.
