Amazon is alerting its massive user base of more than 300 million active customers about a spate of Black Friday impersonation scams as it tries to dissuade people from falling for fake alerts, malicious links and lookalike websites that scammers use to lure them into giving up account details and payment information. The company’s notice, which was shared with several news outlets, highlights how scammers are using increased online holiday shopping traffic and a sense of urgency to mislead people into clicking on links that prompt them to share sensitive information.
How the scam reels in shoppers during holiday sales
The entry is generally what looks like a tricky browser notification. Shoppers could unwittingly give a hacked site permission to send alerts, then receive “account issue” or “delivery problem” pop-ups with Amazon logos. One tap and they are routed to an authentic-looking phishing page pretending to be a sign-in or payment page for Amazon.
Attackers also blast smishing texts and spoofed emails stating that an order is on hold, a Prime membership requires checking or a package cannot be delivered. Links point to pages that harvest credentials or outsourced checkout portals capturing credit card numbers and addresses. In higher-touch schemes, the scammers call posing as Amazon support and try to get you to provide them with one-time passcodes in order to defeat two-step verification.
Once they have credentials, criminals also act fast: resetting passwords, buying digital gift cards or reselling compromised accounts. Though these pages and messages frequently feature recycled legitimate branding and order language, even seasoned shoppers can be taken in during a momentary lapse of attention.
Scale and tactics backed by fresh data from researchers
For months, security specialists have been watching a spike of retail-themed lures owing to the holiday season. FortiGuard Labs has noticed over 700 new malicious domains registered in time for holiday sales, including those containing keywords such as “Black Friday,” “Christmas,” and “Flash Sale” to entice users into clicking. Reporters for Asbury Park Press and Forbes noted that Amazon’s warning pinpointed the abuse of browser notifications and cloned login pages directed at Amazon users specifically.
More general fraud trends are in the same direction. The Federal Trade Commission has said that imposter scams rank as the category of fraud reported most frequently, with consumers losing billions of dollars to them. The FBI’s Internet Crime Complaint Center also sees seasonal waves associated with shopping events in which fraudsters meld phishing, phony storefronts and social media ads that promise deals that are “too good to be true” and then disappear after the payment.
Whom it’s targeting and why it works on busy shoppers
From long-term Prime members to holiday shoppers new to the service. Black Friday search surges lead people to unknown sites, where hasty clicks on coupon pop-ups or shipping trackers can result in granting push notification permissions. Attackers prey on mobile-first behavior: small screens obfuscate complete URLs, app-esque web dialogs feel commonplace, and system-styled notifications muddy the waters between browser and device warnings.
Psychology does the rest. Urgent talk of lost deliveries or suspended accounts plays to fear of missing out on gifts or deals. Status cues — Amazon logos, order numbers scraped from old leaks, even correct personal information — blur judgment with a false sense of legitimacy that hurdles people past caution.
What Amazon says and what to do now to stay secure
Amazon’s advice is simple: Do not believe unsolicited requests for payment or to install software, and never share personal information with someone you don’t know. The company says it will never ask customers to pay beyond its official checkout, purchase gift cards for assistance or share one-time codes by phone or email.
Best-practice steps, which materially reduce your risk, include:
- Type amazon.com into the browser instead of using shared links.
- Verify the status of an order in your account’s Your Orders page, not by replying to a correspondence.
- Enable two-step verification in your account’s Advanced Security Settings.
- Disable push notifications for any site you can’t identify.
- If you suspect a breach, change your Amazon password right away, revoke old login sessions that look suspicious, and monitor recent orders and gift card balances; you may need to alert your bank about unauthorized charges.
You can also report suspicious messages to Amazon, and forward phishing emails to its abuse address. If you received a text message, report it to your carrier’s spam number. The FTC and the FBI’s IC3 accept reports of fraud that can be useful in investigations.
Red flags in the wild: signs of phishing and fraud to spot
Common tells include:
- Domains that replace characters with others to create a lookalike — for example, using “rn” instead of an “m”.
- Shortened links that hide where you are going.
- Pressure tactics like warnings your account is about to be closed unless you send money or buy gift cards.
- Attachments purporting to be invoices or shipping labels.
- Advertisements posted on social media from unknown third-party vendors offering steep discounts on popular items, with little or no available customer service.
When in doubt, stop and validate independently. Inspect your order history, contrast any tracking number carrier-side — as in, on the official website of whoever’s handling your package — and search for an exact string from a suspicious message (since scammers repeat lines that others have sounded alarms about). A minute of verification is sometimes all that separates you from a costly breach.
Amazon’s warning comes as Black Friday deals get under way, and is a reminder that urgency is a tactic of the attacker. Slow down, verify, and keep purchases inside the officially sanctioned Amazon ecosystem to block some of the most common ways scammers have found of reaching into your wallet.
