Amazon is alerting its more than 300 million active customers to a widespread impersonation scam ramping up during the holiday shopping season. According to new reporting from the Asbury Park Press, the scheme employs fake notifications, malicious links, and fraudulent websites to deceive shoppers into divulging sensitive information, such as financial details or Amazon account credentials.
As the outlet explains, Amazon described the fraud in a Nov. 24 email obtained by Forbes, warning that cybercriminals are “targeting Amazon users by reaching out to try and get access to sensitive information like personal or financial information, or Amazon account details.” The scam relies heavily on browser notifications pushed through compromised or malicious websites — a tactic that has become increasingly common as shoppers flood the internet in search of Black Friday and holiday deals.
The scale of the problem is significant. The Asbury Park Press cites data from FortiGuard Labs, showing that more than 700 malicious holiday-themed domains have been registered in the last three months, many using keywords such as “Christmas,” “Black Friday,” and “Flash Sale” to lure unsuspecting shoppers. These sites are being used to launch a variety of scam attempts, including:
-
Fake delivery or “account issue” messages
-
Too-good-to-be-true third-party deals advertised on social media
-
Requests for payment or account information through unofficial channels
With Black Friday deals in full swing, Amazon says staying vigilant is the best defense.
