For many consumers, Black Friday has become a weeks-long ritual of digital browsing, price watching and impulse buying. For cybercriminals, it is a calendar fixture equally rich in opportunity. Amazon—by far the largest online retailer in the United States and a habitual target of fraudsters—has now stepped forward with a broad warning about the risks facing shoppers this season.
In a November 24 email sent to select customers, Amazon cautioned that attackers are using impersonation schemes aimed at extracting personal data, financial credentials, and account access. Although the message was directed to certain inboxes, the company stressed that “all customers should remain alert,” a signal that the risk is widespread rather than isolated.
The warning follows newly published research describing a wave of malicious activity keyed to recognizable brands and seasonal themes. With more than 300 million active Amazon users globally, researchers say the scale of the threat is unusually high.
A Criminal Ecosystem Built Around Impersonation
A new report from FortiGuard Labs, released November 25, offers quantitative backing for Amazon’s caution. Analysts say they have tracked a marked increase in holiday-themed domain registrations—more than 18,000 over the past three months, at least 750 of which were verified as malicious.
A parallel trend involves criminals mimicking household names such as Netflix, PayPal and Amazon to push deceptive notifications and spoofed customer service messages through browser push alerts and platforms tied to the Matrix Push criminal infrastructure. FortiGuard says more than 19,000 brand-related domains surfaced in recent weeks, nearly 3,000 confirmed as malicious.
“These are often nearly identical to the legitimate domains,” the researchers note, “frequently employing minor misspellings or punctuation changes that are difficult to spot when shoppers are moving quickly.”
Cybersecurity specialists say the speed and sophistication of these schemes are increasingly aided by artificial intelligence. Anne Cutler, a cybersecurity evangelist at Keeper Security, said scammers now deploy AI-generated order confirmations, retailer websites and chat-style support messages that convincingly imitate legitimate communication. “We’re guaranteed to see ever more advanced scams this year,” she said.
An Expanding Playbook of Holiday Scams
The tactics described by Amazon reflect both longstanding fraud patterns and newer iterations tailored for high-volume retail periods. Fake delivery messages, fabricated account-issue alerts and unsolicited tech-support calls remain common. But third-party advertisements—particularly on social platforms—are emerging as an especially effective vector.
Attackers, investigators say, rely on the psychological tempo of holiday shopping: consumers skimming emails, jumping between sites, and reacting quickly to perceived shipping problems or limited-time deals. “The season rewards impulsivity,” one analyst observed. “Scammers count on that.”
Amazon’s warning emphasized threats arriving through unofficial channels, including links that redirect users to credential-harvesting pages or requests for payment information outside official systems. The company stressed that it does not ask customers to verify account details via email, nor does it request payment information by phone.
While the tactics themselves are familiar, their volume and automation are new. Fraudsters increasingly run these campaigns in large batches across multiple platforms, adapting quickly when a method starts to lose effectiveness.
Amazon’s Advice as the Holiday Rush Intensifies
In its message, Amazon urged customers to rely solely on the company’s official website or mobile app for tracking deliveries, contacting customer service or adjusting account settings. It also encouraged the use of two-factor authentication, which significantly reduces the risk of unauthorized access, and recommended passkeys—a newer sign-in method tied to biometric verification.
Security researchers say Amazon’s guidance reflects a broader industry shift toward reducing dependence on passwords, long recognized as a weak point in consumer protection. But the company’s warning also reinforces a simple premise: during peak shopping periods, vigilance matters.
The confluence of massive retail traffic, rapid holiday decision-making and increasingly sophisticated cyber-tools has made November and December critical months for both retailers and criminals. As one threat analyst put it, “The scams are evolving because the incentives are. The more people shop online, the more valuable every misstep becomes.”
