According to Forbes, Darktrace’s new report reveals phishing attacks targeting Black Friday shoppers surged 620% during November. Amazon accounted for a staggering 80% of all brand impersonation phishing attacks involving major global brands, far outpacing Apple, Netflix, and PayPal. The online retail giant had already sent security advisory emails to users on November 24 warning about brand impersonators. With 310 million Amazon customers potentially at risk, attackers are specifically targeting sensitive information including personal data, financial details, and Amazon account credentials during the extended Black Friday sales period.
Why Amazon is the perfect target
Here’s the thing – this shouldn’t surprise anyone who understands how cybercriminals think. Amazon has hundreds of millions of active users, many of whom are expecting legitimate shipping updates and deal notifications right now. Nathaniel Jones, Darktrace’s VP of Security and AI Strategy, nailed it when he said the holiday inbox is a “major hunting ground for scammers.” Basically, when people are conditioned to receive dozens of Amazon emails anyway, fake ones don’t have to work very hard to look believable. It’s the perfect storm of massive user base combined with seasonal shopping behavior that makes this so effective.
How these attacks work
These aren’t your grandma’s phishing emails from Nigerian princes. Modern brand impersonation attacks are sophisticated operations that mirror Amazon’s actual communication style. They’ll send fake shipping notifications, urgent account verification requests, or too-good-to-be-true Black Friday deals. The goal? Get you to click through to a convincing fake Amazon login page where they harvest your credentials. Or sometimes they’ll try to trick you into providing payment information directly over the phone. And with AI tools making it easier to create convincing fake emails and websites, the barrier to entry for scammers keeps getting lower.
What you should do now
Amazon’s advice is actually pretty solid here. First, only use the official Amazon website or mobile app – don’t trust links in emails. Second, set up two-factor authentication immediately if you haven’t already. It’s annoying until it saves your account. Third, remember that Amazon will never ask you to make payments or provide payment information over the phone, nor will they send emails asking you to verify account credentials. Oh, and that security page Amazon maintains is worth bookmarking for reference. The bottom line? Be extra skeptical of any Amazon-related communication during this shopping season – your skepticism might just save your account.
