Since January 2025, the FBI’s Internet Crime Complaint Center has received over 5,100 complaints about account takeover fraud, with reported losses exceeding $262 million—an average of $51,400 per incident. This represents a devastating increase in cybercriminal activity targeting consumers during the peak holiday shopping season.
The figures have prompted both Amazon and federal law enforcement to issue what experts describe as the most aggressive coordinated warning in holiday retail history.
Phishing Attacks Skyrocket as Black Friday Approaches
Cybersecurity firm Darktrace documented a staggering 620% spike in Black Friday phishing attacks throughout November 2025, representing the largest surge ever recorded for a holiday shopping season. Amazon emerged as the primary target, accounting for approximately 80% of all phishing attempts against major consumer brands, including Apple, Netflix, and PayPal.
Analysts projected an additional 20-30% increase in phishing volume during Black Friday week itself.
Thousands of Malicious Domains Registered in Three-Month Sprint
FortiGuard Labs identified over 18,000 holiday-themed domains registered within just three months, with at least 750 confirmed as malicious. These domains incorporated seasonal keywords, such as “Christmas,” “Black Friday,” and “Flash Sale,” to appear legitimate.
Additionally, researchers discovered 19,000 e-commerce-themed domains designed to impersonate major retail brands, with 2,900 confirmed as malicious. Many features have subtle variations that shoppers easily overlook, such as “amazon-dealz.shop” instead of the legitimate “amazon.com,” creating a sophisticated phishing infrastructure.
AI-Generated Emails and Websites Achieve Near-Perfect Realism
Scammers now leverage generative AI tools to create phishing emails, fake websites, and social media advertisements that are nearly indistinguishable from legitimate communications. AI-generated sites often feature realistic product photographs, authentic-looking customer reviews, and interactive chatbots that can establish false credibility.
These tools enable even low-skill attackers to launch convincing campaigns at machine speed. Grammar errors and obvious spelling mistakes—traditionally used to identify scams—have essentially disappeared from modern phishing attacks, rendering traditional security awareness training increasingly ineffective.
Brand Impersonation Through Email and Social Media Surges
Attackers send convincing phishing emails claiming to address Amazon account issues, fraudulent transactions, or delivery problems that require immediate action. These messages include malicious links that redirect to fake Amazon login pages, designed to harvest credentials. Third-party social media advertisements promise unbelievable deals, directing unsuspecting consumers to fraudulent websites.
Research suggests Meta platforms alone may display approximately 15 billion scam advertisements daily.
Fake Delivery Notices Exploit Holiday Shopping Urgency
Scammers send messages claiming delivery delays or address issues requiring immediate verification, creating artificial urgency to pressure victims. These smishing and phishing campaigns impersonate shipping platforms, including USPS, FedEx, UPS, and Amazon, with increasing accuracy.
Victims who click on links are directed to fake tracking pages where payment details and credentials are harvested.
Spoofed Phone Calls Impersonate Amazon Customer Service
Cybercriminals pose as Amazon customer service representatives, claiming to have detected fraudulent transactions or security breaches that require verification. These calls use spoofed caller IDs that appear identical to legitimate Amazon numbers, creating a false sense of legitimacy. Scammers request login credentials, password reset codes, or one-time authentication codes under the pretense of protecting accounts.
Victims often comply willingly, believing they’re defending against actual fraud. The psychological manipulation proves highly effective, particularly when consumers are distracted during the holiday shopping season.
Gift Card Scams Weaponize Holiday Shopping Momentum
Scammers pressure victims to purchase gift cards and provide numbers, claim codes, or PINs as supposed payment for account problems or emergency situations. These requests often follow fabricated emergencies designed to bypass logical thinking.
Gift card transactions are completed instantly with minimal fraud protection, making recovery nearly impossible once criminals obtain the codes. The ease and speed of gift card monetization make this vector particularly attractive to criminal enterprises during peak holiday periods.
Account Takeover Process Defeats Even Strongest Security
The FBI describes how criminals manipulate account owners into disclosing login credentials and multi-factor authentication codes by impersonating support personnel. Alarmingly, 65% of compromised accounts had multi-factor authentication enabled, indicating that even security-conscious users can remain vulnerable when tricked.
Once attackers gain access, they rapidly wire funds to cryptocurrency-linked accounts, making recovery extremely difficult.
Stolen Credentials Flood Underground Markets at Scale
FortiGuard researchers discovered 1.57 million stolen login credentials linked to major e-commerce sites circulating on dark web marketplaces within just the past quarter. These “stealer logs” contain browser-stored passwords, cookies, session tokens, and autofill data, enabling large-scale credential stuffing and account takeover attacks.
Cybercriminals purchase these datasets for pennies per account, then automate attacks using industrialized tools and rotating proxy networks.
Amazon’s Crystal Clear Security Warnings Fall on Deaf Ears
Amazon has emphatically stated that the company will never request payment information via phone, email, or text messages under any circumstances. The company will never request credential verification through unsolicited communications or ask for gift card payments.
All legitimate account changes and refunds must be handled exclusively through official Amazon apps and websites. Despite these repeated warnings, Amazon dismantled over 55,000 phishing websites and 12,000 phone numbers in 2024 alone; yet, criminals continue to exploit the same vectors.
Passkeys and Two-Factor Authentication Provide Strong Defense
Amazon now supports passkeys, allowing sign-in via fingerprint, face scan, or lock screen PIN—a technology that is significantly more resistant to phishing attacks than passwords. Two-factor authentication adds an extra layer of security by requiring possession of a second device for login verification.
When combined, these technologies provide robust multi-layered protection even if attackers obtain credentials. However, users must never share generated authentication codes with anyone claiming to be Amazon, as this defeats the entire protective mechanism.
Multiple Channels Enable Rapid Fraud Reporting
Amazon offers self-service fraud reporting at amazon.com/reportascam while accepting suspicious email forwarding at stop-spoofing@amazon.com and reportascam@amazon.com. Consumers should simultaneously report fraud to the FBI’s Internet Crime Complaint Center at ic3.gov and the Federal Trade Commission at reportfraud.ftc.gov.
Multiple reporting channels enable authorities to respond faster and identify patterns more effectively.
Artificial Intelligence Transforms Cybercrime Economics Permanently
AI-powered attack infrastructure enables criminals to operate at a previously unimaginable scale and speed, while dramatically reducing costs. Generative AI tools create customized phishing content instantly, while machine learning algorithms adapt attacks in real-time against defensive measures.
This represents a permanent shift in cybercrime economics where even low-skill attackers can launch sophisticated campaigns. As one security expert warns, AI enables “agentic” fraud where blocked URLs and security alerts trigger automatic tactical recalculation at machine speed, continuously refreshing domains and approaches.
Consumer Vigilance Remains the Final Defense Line
As holiday shopping continues through Christmas and into the new year, consumers must remain vigilant for increasingly sophisticated scam tactics. Understanding warning signs, implementing security best practices, and immediately reporting suspicious activity remain essential.
The combination of high transaction volumes, time pressure, and AI-enhanced attacks creates ideal conditions for fraud exploitation.
Sources:
“FBI Reports $262M in Account Takeover Fraud as Researchers Cite Surge in Holiday Attacks.” The Hacker News, November 2025.
“Phishing Attacks Surge by 620% in the Lead-Up to Black Friday.” Darktrace, December 2025.
“Amazon Issues Attack Warning — 300 Million Customers Are At Risk.” Forbes, November 26, 2025.
“Holiday Shoppers Targeted as Amazon and FBI Warn of Surge in Account Takeover Attacks.” Malwarebytes, November 26, 2025.
“Hackers Create 18,000 Christmas, Black Friday, and Flash Sale Domains to Empty Your Wallet This Holiday.” CyberPress, November 27, 2025.
“How AI Is Supercharging Holiday Phishing Attacks.” Jericho Security, November 19, 2025.