Amazon has issued an urgent security alert warning its estimated 310 million active users worldwide to remain vigilant against a coordinated wave of account impersonation and takeover attacks intensifying ahead of Black Friday shopping season. The warning comes as cybersecurity research reveals an unprecedented surge in holiday-themed malicious infrastructure, with over 18,000 fraudulent domains registered in the past three months alone designed to exploit holiday shopping urgency and trick unsuspecting shoppers into surrendering account credentials and payment information.
FortiGuard Labs research published November 25 confirms the severity of the pre-holiday attack landscape. Security researchers identified more than 18,000 holiday-themed domains registered in the past three months, including variations containing terms such as Christmas, Black Friday, and Flash Sale. Of these registrations, at least 750 domains were confirmed as definitively malicious—designed specifically to deceive shopping-focused users searching for deals.
The threat extends beyond holiday-specific infrastructure. Researchers identified more than 19,000 domains registered that imitate major retail brands including Amazon, with 2,900 of these confirmed as malicious. These spoofed domains employ subtle variations and misspellings that remain invisible to users browsing quickly while searching for bargains—precisely the conditions attackers exploit during peak shopping periods."
The Federal Bureau of Investigation joined the alert chorus, issuing Public Service Alert I-112525-PSA on November 25 documenting the extent of brand impersonation account takeover fraud. The FBI reported that since January 2025 alone, the Internet Crime Complaint Center received thousands of complaints regarding account takeover fraud utilizing brand impersonation tactics through social engineering attacks across all communication channels—including phone calls, text messages, instant messages, and emails.
The financial impact proves staggering: reported losses from these impersonation-based account takeovers exceeded $262 million since January 2025, demonstrating the scale and effectiveness of these criminal operations.
Amazon's November 24 alert detailed specific attack vectors customers should recognize and avoid:
Fake Delivery Messages: Cybercriminals send messages claiming delivery issues or account problems, directing victims to click malicious links leading to credential-harvesting phishing sites that convincingly clone legitimate Amazon interfaces.
Third-Party Social Media Advertisements: Scammers create social media ads promoting unrealistic deals, directing clicks to spoofed retail sites collecting payment and account information.
Unofficial Channel Requests: Messages through unofficial channels or unsolicited technical support phone calls requesting sensitive account or payment information.
Suspicious Links: Unfamiliar links sent via email or text that appear legitimate but direct victims to credential-capture pages.
Cybersecurity experts warn that 2025 represents a qualitatively different threat environment than previous years. Anne Cutler, cybersecurity evangelist at Keeper Security, noted: "This year we're guaranteed to see ever more sophisticated scams, primarily fueled by artificial intelligence, whether that be convincingly forged order confirmations, spoofed retailer sites and even AI-generated customer service messages designed to steal login details or payment information."
The integration of generative AI into scam operations enables production of convincing order confirmation emails, deepfake customer service interactions, and contextually appropriate phishing messages that exploit seasonal urgency without suspicious grammatical or stylistic indicators that typically expose fraudulent communications.
According to FBI warnings, account takeover attackers follow a systematic process:
1. Engineering: Cybercriminals impersonate legitimate customer or technical support staff through chosen communication channel
2. Credential Extraction: Scammers manipulate victims into surrendering login credentials, multi-factor authentication codes, or one-time passcodes
3. Unauthorized Access: Attackers use stolen credentials to access legitimate accounts
4. Account Seizure: Attackers initiate unauthorized password resets, achieving complete account control
Once account takeover succeeds, attackers can modify payment methods, redirect shipments, access saved personal information, and potentially conduct downstream fraud using the victim's identity and account.
Amazon advises customers to implement the following protective measures year-round:
Use Official Channels Only: Access customer service, account modifications, delivery tracking, and refunds exclusively through the official Amazon mobile app or website—never through links in emails or texts.
Enable Two-Factor Authentication: Activate multi-factor authentication on all accounts to prevent unauthorized access even if passwords become compromised.
Deploy Passkeys: Replace traditional passwords with passkeys using biometric authentication (face recognition, fingerprint, or PIN), providing substantially stronger authentication than passwords alone.
Never Verify Credentials: Remember that Amazon will never request payment information, payment authorization, or account credential verification through unsolicited emails, text messages, or phone calls.
The convergence of sophisticated AI-powered scams, unprecedented malicious infrastructure scale, and holiday shopping urgency creates an exceptionally dangerous threat environment for e-commerce users during 2025's shopping season.