Amazon warned hundreds of millions of users of a surge in Black Friday–themed impersonation and phishing scams that mimic delivery alerts, browser notifications and retailer sites. Security firms tracking holiday traffic say thousands of fraudulent domains and look‑alike pages are being spun up to harvest credentials and payment data.

Amazon issued a wide advisory ahead of Black Friday after security researchers and the company observed a significant uptick in holiday-timed impersonation attacks. Threat actors are deploying fake delivery notifications, malicious browser push prompts and cloned storefronts that mirror Amazon’s branding to trick consumers into divulging logins, credit card numbers and one-time passwords. Analysts report thousands of new domains and SEO‑poisoned landing pages timed to promotional traffic; many pages capture forms or push visitors to install malicious browser extensions. Amazon’s message stressed users should ignore unsolicited messages about parcel problems, confirm URLs and use official app/ bookmarked links for logins. Security firms recommend enabling phishing-resistant MFA (hardware or app-based tokens), avoiding password reuse, and reporting suspicious pages to domain registrars and Amazon. The advisory also urged email and messaging providers to block known malicious senders and for consumers to validate payment prompts through official account dashboards rather than clicks from ads or DMs.