Black Friday 2025 brings a dangerous problem alongside record spending plans. Cybercriminals now utilize artificial intelligence to launch scams that even the most cautious shoppers can fall victim to. Amazon, one of the world’s largest retailers, has sent an unprecedented warning to approximately 300 million customers globally—a historic move that signals the seriousness of the threat.
Last year, Americans lost more than $432 million to online shopping fraud, and security firm Guardio predicts 2025 will set new records for losses. Victims don’t just lose money; many stop shopping online altogether and lose trust in major brands they once relied on. The holiday season exacerbates the problem significantly because shoppers rush through their inboxes, ignore warning signs, and fail to double-check suspicious messages while juggling work and family responsibilities.
Shopping stress, tight deadlines, and heavy discounts combine to create perfect conditions for criminals. Researchers and analysts warn that this year will test whether retailers and consumers can respond quickly enough to prevent mounting financial and psychological damage.
How Criminals Weaponize Technology Against Amazon Shoppers
Amazon attracts scammers more than any other retailer because customers trust the company and assume messages from Amazon are always real. Cybersecurity firm Darktrace reports that Amazon impersonation now accounts for the majority of phishing attacks targeting major e-commerce platforms. Before Black Friday, criminals launched a dramatic 620% surge in phishing attacks compared to normal times.
They send convincing fake Amazon order confirmations, shipping updates, and security alerts designed to look identical to real messages. AI tools enable scammers to replicate Amazon’s exact format, add fake urgency, and personalize messages with specific details that match each customer’s purchase history—creating, in the words of experts, a “perfect storm” for customer mistakes. The problem escalated even more rapidly throughout late 2025.
Security researchers detected a shocking 232% jump in fake Amazon websites since September, with criminals creating sites that mimic Amazon’s branding, layouts, and checkout pages so closely that many customers believe they’re on the legitimate platform. FortiGuard, another major security firm, identified 750 malicious domains created between September and November alone, with many of them linked directly from phishing emails. When customers click these deceptive links, criminals harvest their login information and credit card details.
Criminals then sell this data on criminal marketplaces or use it to conduct more fraud against the same victims. The Federal Bureau of Investigation documented $262 million in losses from account takeovers of Amazon customers since January 2025. Investigators also note that attackers customize attacks by region, referencing local holidays, delivery norms, and even weather events to make messages feel more familiar and believable to victims.
Amazon Responds While Regulators and Customers Demand More
On November 24, 2025, Amazon sent a security email to all customers explaining five warning signs of fraud and urging them to use two-factor authentication or new passkey technology instead of traditional passwords. This warning reached roughly nine in ten American adults, making it an unprecedented move in retail history.
However, customers and regulators questioned the timing—the message arrived after criminals had already launched their massive 620% surge in attacks. The Federal Trade Commission is now examining Amazon’s response timeline. Congressional staff have requested security briefings on Amazon’s fraud prevention capabilities, and state attorneys general have asked whether companies should provide free credit monitoring and identity theft protection when scams occur on this scale.
Behind each incident sit real stories: cancelled gift orders, refunds diverted to unfamiliar accounts, and credit card details discovered for sale on criminal websites. Many affected shoppers say fraudulent messages looked indistinguishable from genuine notifications. Experts estimate that AI-powered phishing now boosts success rates by 30-40%, which explains why 2025 fraud losses are likely to exceed last year’s $432 million.
Amazon plans to develop additional training materials, encourage financial institutions to closely monitor high-risk transactions, and expand two-factor authentication options. Yet cybersecurity experts remain skeptical that any single company can outpace AI-enhanced criminal networks operating globally. Other retailers, such as eBay, Walmart, Best Buy, and Target, face similar threats but haven’t issued broad warnings like Amazon.
The 2025 holiday season has become a critical test: can retailers, regulators, and consumers coordinate defenses well enough to keep pace with AI scams?
Sources
Cybersecurity Industry Analysis, December 2025
Federal Trade Commission Perspective, 2025
Darktrace Threat Intelligence, November 2025
Retail Industry Analysis, 2025
FTC Monitoring, November–December 2025
Congressional Briefing Requests, December 2025