On November 26, 2025, Amazon.com, Inc. sent an urgent security alert to over 300 million users worldwide, warning of a wave of highly sophisticated scams set to explode during the Black Friday 2025global shopping frenzy. The message, delivered directly to in-app notifications and email inboxes, wasn’t just a reminder—it was a battle cry. Scammers, armed with tools like the Matrix Push fraud platform and browser-based deception tactics, are now impersonating Amazon with chilling accuracy. And they’re not just after your credit card. They’re after your identity, your password, and your peace of mind.
How the Scams Work: More Than Just Fake Emails
Forget the old-school phishing emails with misspelled URLs and broken English. This year’s threats are slicker, smarter, and harder to spot. According to Amazon’s Trust & Safety division, attackers are now hijacking browser notifications to make it look like you’re getting an official alert from Amazon—about a delayed package, a price drop, or a refund. Click the notification, and you’re led to a fake login page that looks identical to Amazon’s. Enter your credentials? Done. Your account is compromised.
Then there’s the text message scam. Shoppers are receiving SMS messages claiming to be from Amazon’s delivery partner, asking them to confirm their address and payment details to “unlock” a holiday delivery. One YouTube security analyst, known as John Cybersecurity Advisor, described it bluntly in a November 21, 2025 video: “There’s not going to be anything other than your bank account being drained.” He broke it down into three vectors: credential harvesting, fake shipping texts, and QR code scams in physical stores—where scammers paste fake labels on gift cards promising $500 Amazon vouchers for $25. Too good to be true? Exactly.
Amazon’s Defense: App-First, Passkey-Only
Amazon isn’t just sounding the alarm—they’re giving users a playbook. In their November 26 advisory, the company explicitly told customers: Only use the Amazon app or official website for account changes. No phone calls. No text links. No unsolicited emails. They’re pushing passkeys—biometric logins that replace passwords entirely—and two-factor authentication as non-negotiable defenses.
“These steps help reduce risk when attackers know customers are expecting updates, refunds, or deliveries,” read the official alert. It’s a subtle but powerful insight: scammers are exploiting anticipation. During Black Friday, people are distracted, excited, and rushing. That’s the window they need.
Amazon’s security team also highlighted how spoofed ads and lookalike domains—sites like “amaz0n-deals[.]com” or “amazon-offers[.]net”—are being pushed through ad networks and social media. These sites can divert traffic, skew sales metrics, and damage Amazon’s quarterly performance. In 2024, similar scams cost the company over $2.3 million in unauthorized refunds and support costs. This year, they’re determined to make it harder.
Why This Isn’t Just Amazon’s Problem
What’s happening to Amazon shoppers is happening everywhere. Netflix, PayPal, and even banks saw similar attacks in late 2024. The Matrix Push platform, originally developed for legitimate marketing, has been weaponized. It allows fraudsters to send push notifications directly to users’ browsers—even if they’ve never visited the scam site—by exploiting weak browser permissions and compromised ad tech.
“It’s not about hacking Amazon,” said a cybersecurity analyst familiar with the trend, speaking anonymously. “It’s about hacking human behavior. People aren’t suspicious of notifications. They’re suspicious of spam.”
The ripple effect is real. Consumer Affairs reported a 47% spike in fraud complaints related to e-commerce during last year’s holiday season. And with Amazon’s global reach—operating in over 200 countries—the scale of potential damage is staggering.
What Comes Next: A New Normal for Holiday Shopping
Amazon’s warning isn’t an anomaly—it’s a pattern. Similar alerts were issued before Black Friday 2024, 2023, and even as far back as 2018, when the FTC first noted a clear correlation between holiday shopping spikes and phishing surges. This year, the tactics have evolved. So must our defenses.
Experts predict that by 2026, AI-generated voice calls impersonating Amazon customer service will become common. Already, deepfake audio samples are circulating on dark web forums. The next layer of this war won’t be visual—it’ll be auditory.
For now, Amazon’s advice remains clear: don’t click. Don’t reply. Don’t assume. And if something feels off? Call Amazon directly through the official app. Not the number in the text. Not the link in the email. The one you find on the real Amazon site.
Because in the age of digital deception, the safest purchase you can make this Black Friday isn’t a TV or a drone. It’s vigilance.
Frequently Asked Questions
How can I tell if a text message from Amazon is real?
Real Amazon messages never ask for passwords, payment details, or personal information via text. They also won’t include links to click. If you get a text about a delivery issue, open the Amazon app directly—don’t reply or click anything. Check your order history there instead. Scammers often use spoofed sender IDs to mimic Amazon’s official number, so appearance alone isn’t proof.
What are passkeys, and why should I use them?
Passkeys replace passwords with biometric authentication—like Face ID or a fingerprint—on your phone or computer. They’re tied to your device and can’t be phished because they don’t involve typing a password or clicking a link. Amazon began rolling out passkeys in 2024, and by 2025, they’ve reduced account takeovers by 68% among users who adopted them. Enable them in your account settings under Security.
Is the Matrix Push platform dangerous even if I’ve never heard of it?
Yes. Matrix Push is a legitimate marketing tool that lets websites send browser notifications. Scammers exploit this by tricking users into allowing notifications on fake sites. Once granted, they can send alerts even when you’re not browsing—making it look like Amazon is contacting you. You can block this by going to your browser settings and revoking notification permissions for any site you don’t trust.
Why does Amazon care about these scams if they’re not stealing from Amazon directly?
Because when scammers steal your payment info and make unauthorized purchases, Amazon often has to issue refunds to protect customer trust. In 2024, they wrote off over $2.3 million in fraudulent transactions. Plus, fake sites and ads divert traffic, making it harder to track real sales growth. During Black Friday, every percentage point of lost traffic can impact quarterly earnings reports.
What should I do if I already clicked a suspicious link?
Immediately change your Amazon password using the official app or website. Enable two-factor authentication if you haven’t already. Check your order history for unfamiliar purchases and contact Amazon’s fraud team directly through the Help section. Also, scan your devices for malware—some scams install keyloggers. And report the scam to Amazon’s Trust & Safety team via their official reporting portal.
Are QR code scams really that common during Black Friday?
Extremely. In 2024, the FTC recorded over 12,000 reports of QR code fraud at retail stores, with Amazon and Walmart gift card scams making up 73% of cases. Scammers place fake stickers over legitimate QR codes on gift card displays. Scan it, and you’re taken to a fake site asking for your card details. Always check the physical card first—if the QR code looks misaligned or taped over, don’t scan it.
Write a comment