Key Highlights
- Alexa, the online retail giant with 300 million users, has issued a stark warning regarding seasonal cyberattacks.
- The warning comes hot on the heels of reports confirming an increase in phishing attacks targeting major brands like Netflix and PayPal.
- Amazon advises its customers to use official channels for customer service and set up two-factor authentication to protect their accounts.
Amazon Warns 300 Million Users of Seasonal Cyberattacks
In a timely reminder as the holiday shopping season looms, Amazon has issued an urgent warning to its vast user base. With 310 million active users in 2025, the online retail giant is no stranger to cybercrime. This year, however, the company is particularly alert due to a surge in phishing and impersonation scams.
The warning follows a recent report by FortiGuard Labs, which identified over 18,000 holiday-themed domains registered in the past three months. These domains mimic major retail brands like Amazon itself, with slight variations that can be easy to miss during the rush of online shopping. “This year we’re guaranteed to see ever more sophisticated scams,” Anne Cutler, a cybersecurity evangelist at Keeper Security, told Forbes. “Primarily fueled by artificial intelligence, whether that be convincingly forged order confirmations or spoofed retailer sites.”
What You Need to Know
Amazon advises its customers to take the following steps to protect themselves from these seasonal attacks:
- Only use official Amazon mobile app or website for customer service, account changes, delivery tracking, and refunds.
- Set up two-factor authentication when available for your online accounts. This is a safer way to sign in than using passwords, often with the same face, fingerprint, or PIN you already use to unlock your device.
“Amazon will never ask you to make payments or provide payment information over the phone,” the company emphasized. “Nor will it ever send emails asking customers to verify their account credentials.”
Industry Context and Analysis
The timing of Amazon’s warning is crucial as the holiday shopping season ramps up. Cybercriminals often exploit this period by mimicking legitimate retailers to trick unsuspecting shoppers into revealing sensitive information or making unauthorized purchases. According to Cutler, these attacks are not only common but also evolving, with AI playing a significant role in crafting more convincing phishing attempts.
Experts advise consumers to be extra vigilant during the holiday rush, especially when dealing with unfamiliar links or phone calls claiming to be from retailers. “The key is to stick to official channels and verify any requests for personal information,” said Cutler. “Consumers should always double-check the URL of a website before entering any details and never provide payment information over the phone unless they initiated the contact.”
A recent report by FortiGuard Labs confirmed Amazon’s concerns, identifying 19,000 domains registered with holiday-themed terms like Christmas, Black Friday, and Flash Sale. Of these, 2,900 were confirmed as malicious. “Many mimic household names,” Cutler explained, “often with slight variations that are easy to miss when shoppers are moving quickly.”
As the holiday shopping season approaches, Amazon’s warning serves as a timely reminder for both retailers and consumers to stay alert and protect their personal information from cybercriminals.
