Amazon alerted its more than 300 million customers to a surge in Black Friday impersonation campaigns that include fake delivery notices, spoofed account alerts and malicious browser notifications. The company and security experts urged shoppers to verify URLs, enable MFA or passkeys, and use only official apps and sites.

Amazon issued a broad advisory on November 30, 2025, warning customers of a rise in impersonation campaigns timed for Black Friday. The advisory described threat patterns including fraudulent delivery emails and texts, malicious browser notifications that prompt credential entry, and spoofed merchant alerts engineered to harvest login and payment data. Security firms cited by the advisory said hundreds of holiday-themed domains and spoofed merchant notifications have been registered in recent weeks, increasing the surface area for credential harvesting and payment fraud. Amazon recommended users enable multi-factor authentication or passkeys, check domain names and app sources carefully, and rely on official application stores and company webpages for order tracking. The notice also urged immediate reporting of suspected account activity so that password resets and fraud investigations can proceed quickly. Analysts noted that retail-heavy seasonal spikes magnify losses when credential stuffing and account-takeover attacks succeed, making user vigilance and layered authentication critical across the shopping period.