On November 24, 2025, Amazon.com, Inc. sent an urgent security alert to 310 million active users worldwide — a number larger than the population of most countries — warning that cybercriminals were launching an all-out assault on shoppers ahead of Black Friday 2025United States. The email, confirmed by Forbes and Newsweek, didn’t just say "be careful." It laid out exactly how fraudsters are hacking into accounts, stealing credit cards, and tricking even savvy shoppers into handing over login details. And it came just days before the biggest shopping day of the year.
How the Scams Work — And Why They’re So Effective
The tactics are chillingly familiar, but more polished than ever. According to The Economic Times and TechLoy, criminals are now using three main traps: fake delivery notifications that look like Amazon’s own system, social media ads offering 90% off iPhones or PS5s (they’re not real), and phone calls from someone claiming to be "Amazon Tech Support" asking for your password or payment info. But the twist? They’re not just using email anymore.
Browser notifications — the little pop-ups you get from websites you’ve visited — are now being weaponized. Attackers are hijacking these to mimic Amazon’s official alerts, complete with logos and fonts that fool even cautious users. One victim in Ohio told TechLoy she clicked a notification that said, "Your package is delayed — update delivery details," only to be led to a site that asked for her Amazon password. She lost $427 before realizing it was fake.
And here’s the kicker: these scams are getting smarter because they’re using the same tools that Netflix and PayPal once had to fight. The Matrix Push fraud platform, originally designed for streaming service phishing, is now being repurposed to target Amazon shoppers. Social media ad networks, especially on Instagram and TikTok, are amplifying these fake ads by millions, targeting users based on browsing history and past purchases. It’s not random spam — it’s personalized deception.
Amazon’s Response: More Than Just a Warning
This isn’t Amazon’s first rodeo. The company issued the exact same alert in 2024, after fraudsters pulled off $1.2 billion in unauthorized transactions during the holiday season. But this year, there’s new pressure. In October 2025, the Federal Trade Commission settled a case against major retailers — including Amazon — requiring them to deploy real-time scam alerts during peak fraud periods, under FTC Docket No. P205500. Amazon’s November 24 email was its first major compliance step.
The company didn’t just say "don’t click links." It gave clear, actionable steps: use only the official Amazon app or website for account changes; switch to passkeys (biometric logins via fingerprint or face ID); enable two-factor authentication; and never, ever give out payment details over the phone or via email. "If Amazon needs your password, we’ll ask you to log in — not send it to us," the alert read.
What’s interesting is how much this matters to Amazon’s bottom line. Fraud doesn’t just cost customers — it costs Amazon too. Unauthorized purchases lead to chargebacks. Fake ads steal traffic from legitimate sellers. And every scam call that comes in clogs customer service lines, delaying real help for people whose packages are genuinely lost. In 2023, Amazon made two-factor authentication mandatory for third-party sellers after $1.6 billion in global e-commerce fraud was reported by the Association of Certified Fraud Examiners.
Why This Matters to You — Even If You Don’t Shop on Amazon
Amazon’s 310 million active users represent nearly 4% of the world’s population. That’s not just a market — it’s a target. And when Amazon’s systems are compromised, it doesn’t just affect shoppers. It weakens trust in online retail as a whole. If you’ve ever gotten a suspicious text about an order you didn’t make, you’ve already felt the ripple.
Analysts from the Anti-Phishing Working Group predict a 37% year-over-year increase in Amazon-related phishing attempts during November 2025. That’s not a guess — it’s based on patterns from Q3 2025, where Amazon-related scams rose 29% compared to Q2. The trend is accelerating. And with Black Friday 2025United States kicking off on November 28 across 180 countries, the window to act is closing fast.
What Happens Next? The Clock Is Ticking
Amazon’s advisory says it all: "Stay alert so the checkout keeps moving." That’s not just marketing. It’s a plea. Every time someone falls for a scam, it slows down the entire system — for everyone.
What’s next? Expect more retailers to follow Amazon’s lead. The FTC’s October mandate won’t stop with Amazon. Walmart, Target, and Best Buy are likely to roll out similar alerts before Cyber Monday. Meanwhile, cybersecurity firms are already building AI tools to detect Matrix Push patterns in real time. But the first line of defense? Still you.
Here’s the hard truth: no system is perfect. But your habits can be. If you’re using a password you’ve reused since 2018? Change it. If you’ve never enabled two-factor authentication? Do it today. If you’ve ever clicked a link in a "delivery update" email? You’re not alone — but you’re also not immune.
Frequently Asked Questions
How can I tell if an Amazon email is real?
Real Amazon emails will never ask for your password, credit card number, or PIN. They’ll always direct you to log in via the official Amazon app or website — never through a link. Check the sender address: it must end in @amazon.com. If it’s @amaz0n-support[.]com or anything else, it’s fake. Also, hover over any links — the URL preview at the bottom of your browser will show the real destination.
What’s a passkey, and why should I use it?
A passkey replaces passwords with biometric authentication — like your fingerprint or face scan — tied to your device. It’s nearly impossible to phish because the key never leaves your phone or computer. Amazon began rolling out passkeys in early 2025, and by November, over 40% of U.S. users had switched. It’s faster, safer, and blocks 99% of account takeover attempts.
I got a call from someone saying they’re from Amazon Tech Support. What do I do?
Hang up immediately. Amazon does not make unsolicited calls asking for payment info, passwords, or remote access to your device. If you’re worried, call Amazon directly using the number on their official website — not one provided by the caller. Scammers often spoof official numbers, so always verify through a trusted source.
Are these scams only happening in the U.S.?
No. Amazon operates in 180 countries, and the scams are global. The UK, Germany, India, and Japan reported the highest increases in phishing attempts in Q3 2025. Fraudsters target regions with high Amazon adoption and lower cybersecurity awareness. Always assume the threat is international — especially during holiday sales.
What if I already fell for a scam?
Act fast. Change your Amazon password immediately, enable two-factor authentication if you haven’t, and contact your bank to dispute any unauthorized charges. Report the scam to Amazon via their official fraud reporting page — not by replying to the email. Also, file a report with the FTC at ReportFraud.ftc.gov. Time matters: the sooner you act, the higher the chance of recovering funds or blocking further access.
Why does Amazon care so much about my security?
Because fraud hurts their business. Every fake order, stolen account, or chargeback eats into profits. In 2024, Amazon lost over $1.2 billion to holiday scams — money they had to refund or write off. Plus, fake ads and lookalike websites divert traffic from legitimate sellers, distorting sales data during their most important quarter. Protecting you protects their bottom line — and keeps the platform trustworthy for everyone.