Beware these account attacks, Amazon warns 300 million users.
NurPhoto via Getty Images
Updated November 25 with details of a new report confirming the seasonal dangers as Amazon issues a warning that all 300 million users should note.
There’s no escaping the annual Black Friday sales, which seem to last longer every year. Equally, there’s no escaping that Amazon is the top dog in both the event itself and as a target for cybercriminals. With an estimated 310 million active users in 2025, Amazon has always been a prime quarry for scammers, hackers and other highly-targeted cybercrime activity. Now the online retail giant has issued a stark warning that every customer must take seriously as attackers strike. Here’s what you need to know and do.
Amazon Sends Users Attack Warning – What You Need To Know
Hot on the heels of a new report that confirmed cybercriminals are targeting big brands, including Netflix and PayPal, using an impersonation process involving browser notifications and the Matrix Push criminal platform, Amazon has now sent me a warning email, but all 300 million users should take note and stay alert for impersonation scammers. These cybercriminals are targeting Amazon users by reaching out to try and get “access to sensitive information like personal or financial information, or Amazon account details,” Amazon said in a November 24 email.
Of course, such attacks are not uncommon, nor are they new, but they do evolve, and warnings such as this from Amazon serve as a timely reminder to be particularly alert at this time of year.
The Amazon email warns of the following attacks:
- Fake delivery or account issue messages.
- Third-party adverts, including those on social media, offering amazing deals.
- Messages sent through unofficial channels requesting account or payment information.
- Ditto, but via unfamiliar links.
- Unsolicited tech support phone calls.
Amazon’s Seasonal Attack Warning Is Timely And Necessary
A new FortiGuard Labs report, published November 25, has confirmed that Amazon is quite correct in sending out the hack attack warning emails. Citing the domain registration as a clear indicator of pre-holiday attack intent, FortiGuard Labs said that it had “identified more than 18,000 holiday-themed domains registered in the past three months, including terms such as Christmas, Black Friday, and Flash Sale,” and that “at least 750 of these were confirmed malicious.”
The report also revealed an upswing in the number of domains being registered that imitate major retail brands, with more than 19,000 observed and 2,900 confirmed as being malicious. “Many mimic household names,” such as Amazon, for example, “often with slight variations that are easy to miss when shoppers are moving quickly,” the researchers said.
“This year we’re guaranteed to see ever more sophisticated scams,” according to Anne Cutler, a cybersecurity evangelist at Keeper Security, “primarily fueled by artificial intelligence, whether that be convincingly forged order confirmations, spoofed retailer sites and even AI-generated customer service messages designed to steal login details or payment information.”
The Amazon Advice For Keeping Safe From These Attacks
Amazon has offered its customers the following advice to stay safe from these ongoing attacks, not only at this time of year but year-round.
- Only use the Amazon mobile app or website for customer service, account changes, delivery tracking, and refunds.
- Set up two-factor authentication when available for your online accounts to help prevent unauthorised account access.
- Use a passkey. It’s a safer way to sign in than using passwords, and it works with the same face, fingerprint, or PIN you already use to unlock your device.
Remember, Amazon will never ask you to make payments or to provide payment information over the phone, nor will it ever send emails asking customers to verify their account credentials. Stay safe out there! You can read more advice from Amazon about phishing attacks here.
