As the annual Black Friday shopping season kicks into high gear, the heightened risk of cybercrime attempts becomes a significant concern for millions of online shoppers. With consumers actively seeking deals, hackers are actively poised to exploit unsuspecting individuals. Amazon, a leading online retailer with an estimated 310 million active users in 2025, consistently stands out as a primary target for scammers, hackers, and various highly targeted cybercrime activities during this period.

Recognizing this escalated threat, Amazon has proactively issued an urgent warning that all its customers must heed seriously. This cautionary notice comes amidst reports confirming that cybercriminals are specifically targeting major brands, including Netflix and PayPal, through sophisticated impersonation schemes that leverage browser notifications and the criminal platform known as Matrix Push, as reported by Forbes.

Amazon's warning explicitly urges its customers to maintain extreme vigilance against impersonation scams. These cybercriminals are meticulously targeting Amazon users by attempting to gain “access to sensitive information like personal or financial information, or Amazon account details,” according to an email Amazon dispatched to its users on November 24th. While these types of attacks are not novel, their methods continuously evolve. Consequently, timely warnings from platforms like Amazon are crucial reminders for users to remain alert during busy shopping periods when online browsing for deals is at its peak.

Several common attack methods necessitate close attention during the Black Friday surge:

• Fake messages: Be wary of unsolicited messages that claim issues with delivery or problems concerning your Amazon account.
• Deceptive advertising: Exercise caution with third-party advertisements, particularly those found on social media, that promote deals which appear to be excessively good to be true.
• Unofficial requests: Ignore messages sent through unofficial channels or unsolicited tech support phone calls that request sensitive account or payment information.
• Suspicious links: Avoid clicking on unfamiliar links received via email or text messages, as they may lead to malicious sites.

The urgency and accuracy of Amazon's warning have been independently corroborated by a new FortiGuard Labs report, published on November 25th. This report provides clear indicators of pre-holiday attack intent, noting several alarming trends:

• Over 18,000 holiday-themed domains, incorporating terms such as “Christmas,” “Black Friday,” and “Flash Sale,” were registered in the preceding three months, with at least 750 of these definitively confirmed as malicious.
• More than 19,000 domains were registered specifically to imitate major retail brands, including Amazon. Of these, 2,900 have been confirmed as malicious. These deceptive domains frequently employ slight variations that are easy for hurried shoppers to overlook.
• Experts, such as Anne Cutler from Keeper Security, highlight that the proliferation of new scams is increasingly being fueled by artificial intelligence. AI is now being used to create convincingly forged order confirmations, spoofed retailer websites, and even AI-generated customer service messages, all meticulously designed to steal login information.

To ensure protection against these persistent and evolving cyberattacks, Amazon strongly advises all its customers to adopt and consistently practice several key security measures throughout the year:

• Always utilize the official Amazon mobile application or its secure website for all customer service inquiries, making account changes, tracking deliveries, and processing refunds.
• Enable two-factor authentication (2FA) on all available online accounts. This crucial step provides a robust barrier against unauthorized account access, even in scenarios where your password may have been compromised or stolen.
• Consider switching to a passkey for a more secure sign-in experience. Passkeys leverage the same biometric data (face recognition, fingerprint scan, or a personal identification number (PIN)) that you use to unlock your device, offering enhanced protection.
• It is imperative to remember that Amazon will never ask you to make payments or provide payment information over the phone. Furthermore, Amazon will never send emails requesting customers to verify their account credentials.