Amazon has issued a Black Friday security alert warning shoppers to be on guard for impersonation scams and phishing attempts aimed at stealing account logins and financial details, as cybersecurity researchers report a sharp spike in fake holiday shopping domains that mimic major retailers.
In an email sent to customers this week, the online retail giant said criminals are ramping up efforts to trick users into sharing personal or financial information or Amazon account details by posing as Amazon support, delivery services or bargain advertisers. The warning comes as the Black Friday season stretches across multiple weeks, giving scammers more time to exploit shoppers hunting for deals.
Amazon said common schemes include fake messages claiming there is a delivery problem or an account issue, social media ads touting discounts that look too good to be true, and outreach through unofficial channels asking for passwords or payment information. The company stressed that it does not send emails asking customers to verify account credentials or provide sensitive data through third-party links.
Security firms say the timing is not accidental. A recent holiday threat report found more than 18,000 holiday-themed domains registered in the past three months tied to terms such as Black Friday, Christmas and flash sale. Hundreds of those sites were confirmed to be malicious. The report also flagged a surge in domains designed to imitate household retail brands, including Amazon, often using subtle spelling changes that are easy to miss when shoppers move quickly.
Other researchers have reported a similar rise in brand impersonation domains referencing Amazon and other large marketplaces, reinforcing the warning that seasonal shopping traffic is a prime target for fraudsters.
Experts say many of the scams rely on urgency and distraction. Shoppers may get a text or email urging them to fix a delivery problem, reset a password or confirm a payment, then be sent to a look-alike page that harvests credentials. Others are lured by deep-discount ads on social platforms that redirect to fake storefronts designed to capture card data. Researchers note that the growing use of artificial intelligence is making forged order confirmations, spoofed retailer sites and even fake customer-service messages more convincing.
Amazon urged customers to stick to its official app or website for shopping, customer service, delivery tracking and refunds. It also recommended turning on two-factor authentication where possible and using passkeys, which allow sign-ins via device biometrics instead of passwords. The company reminded customers that it will never ask for payment information over the phone, including gift cards or wire transfers, and will not request login details through unsolicited messages.
Cybersecurity specialists add a simple rule for Black Friday browsing: slow down long enough to check the full URL and avoid clicking unfamiliar links. In a season built on speed and scarcity, they say, taking an extra few seconds is often the best defense.