Beware these account attacks, Amazon warns 300 million users.
NurPhoto via Getty Images
Updated November 26 with a startling new warning from the Federal Bureau of Investigation regarding account takeover attacks using brand impersonation methods; details of a new report confirming the seasonal dangers, alongside the original Amazon alert that all 300 million users need to be aware of, as hackers and scammers continue their attacks.
There’s no escaping the annual Black Friday sales, which seem to last longer every year. Equally, there’s no escaping that Amazon is the top dog in both the event itself and as a target for cybercriminals. With an estimated 310 million active users in 2025, Amazon has always been a prime quarry for scammers, hackers and other highly-targeted cybercrime activity. Now the online retail giant has issued a stark warning that every customer must take seriously as attackers strike. Here’s what you need to know and do.
ForbesLondon Cyberattacks Confirmed — Security Experts Issue Multiple WarningsBy Davey WinderAmazon Sends Users Attack Warning – What You Need To Know
Hot on the heels of a new report that confirmed cybercriminals are targeting big brands, including Netflix and PayPal, using an impersonation process involving browser notifications and the Matrix Push criminal platform, Amazon has now sent me a warning email, but all 300 million users should take note and stay alert for impersonation scammers. These cybercriminals are targeting Amazon users by reaching out to try and get “access to sensitive information like personal or financial information, or Amazon account details,” Amazon said in a November 24 email.
Of course, such attacks are not uncommon, nor are they new, but they do evolve, and warnings such as this from Amazon serve as a timely reminder to be particularly alert at this time of year.
The Amazon email warns of the following attacks:
Fake delivery or account issue messages.Third-party adverts, including those on social media, offering amazing deals.Messages sent through unofficial channels requesting account or payment information.Ditto, but via unfamiliar links.Unsolicited tech support phone calls.ForbesDo Not Download These Windows Security Updates, Experts WarnBy Davey WinderAmazon’s Seasonal Attack Warning Is Timely And Necessary
A new FortiGuard Labs report, published November 25, has confirmed that Amazon is quite correct in sending out the hack attack warning emails. Citing the domain registration as a clear indicator of pre-holiday attack intent, FortiGuard Labs said that it had “identified more than 18,000 holiday-themed domains registered in the past three months, including terms such as Christmas, Black Friday, and Flash Sale,” and that “at least 750 of these were confirmed malicious.”
The report also revealed an upswing in the number of domains being registered that imitate major retail brands, with more than 19,000 observed and 2,900 confirmed as being malicious. “Many mimic household names,” such as Amazon, for example, “often with slight variations that are easy to miss when shoppers are moving quickly,” the researchers said.
“This year we’re guaranteed to see ever more sophisticated scams,” according to Anne Cutler, a cybersecurity evangelist at Keeper Security, “primarily fueled by artificial intelligence, whether that be convincingly forged order confirmations, spoofed retailer sites and even AI-generated customer service messages designed to steal login details or payment information.”
ForbesHackers Bypass Signal, Telegram And WhatsApp Encryption To Read MessagesBy Davey WinderFBI Adds Reveals The Extent Of Brand Impersonation Account Takeover Attacks
The Federal Bureau of Investigation has joined those warning of the dangers of brand impersonation, alongside the likes of Amazon’s latest email alerts, as they impact account takeover attacks. The November 25 public service alert, I-112525-PSA, has warned of the dangers of account takeovers using brand impersonation tactics through social engineering attacks involving all methods of communication, including phone calls, texts, instant messages and emails.
Since January 2025 alone, the FBI’s Internet Crime Complaint Center has, the alert confirmed, received thousands of complaints regarding such account takeover fraud. The total amount of the losses reported, and I trust you are sitting down, came to more than $262 million, according to the FBI.
While the FBI alert relates to the use of financial institution brand impersonation, the methods and ramifications are the same for all major brands, including retail.
“A cyber criminal manipulates the account owner into giving away their login credentials, including multi-factor authentication code or One-Time Passcode,” the FBI warned, by impersonating employees such as customer support and technical support staff. These credentials are then used to log in to the legitimate website account and “initiate a password reset, ultimately gaining full control of the accounts.”
No matter the method of communication used by the attackers, the FBI warned that the tactics used are often the same. “In some instances, the cyber criminal states there are fraudulent transactions,” the alert said, “and may provide a link to a phishing website that the account owner believes will report the fraud or prevent additional fraudulent transactions.” These sites are convincing clones of the genuine brand, convincing enough for the victim to log in using their credentials, and the party is then over.
ForbesInternet Domain Name Registration Attacks Confirmed — What To KnowBy Davey WinderThe Amazon Advice For Keeping Safe From These Attacks
Amazon has offered its customers the following advice to stay safe from these ongoing attacks, not only at this time of year but year-round.
Only use the Amazon mobile app or website for customer service, account changes, delivery tracking, and refunds.Set up two-factor authentication when available for your online accounts to help prevent unauthorised account access.Use a passkey. It’s a safer way to sign in than using passwords, and it works with the same face, fingerprint, or PIN you already use to unlock your device.
Remember, Amazon will never ask you to make payments or to provide payment information over the phone, nor will it ever send emails asking customers to verify their account credentials. Stay safe out there! You can read more advice from Amazon about phishing attacks here.
ForbesNetflix And PayPal Users Warned As Matrix Hackers AttackBy Davey Winder