Amazon Warns of Holiday Cybercrime Surge as FBI Flags $262M in Account-Takeover Losses
By: Andrew Carlson
As the 2025 holiday shopping season accelerates into full stride, Amazon has issued a stark warning to its more than 300 million global customers: cybercriminals are prowling the digital landscape with heightened aggression, deploying increasingly sophisticated impersonation tactics designed to infiltrate customer accounts, harvest sensitive personal data, and siphon off funds with astonishing speed. The warning, which The New York Post reported on Wednesday has already begun reaching inboxes across the U.S. and U.K., comes amid fresh FBI data showing that nearly $300 million has already vanished into the hands of online fraudsters this year through an alarming rise in account-takeover schemes.
The New York Post has been chronicling a surge in cyber-enabled crime throughout the year, and Amazon’s unusually direct caution to customers captures the scale and urgency of the threat. According to reporting from Forbes, which cited Amazon’s holiday security bulletin, criminals are deploying a range of social-engineering ploys—including phony delivery notifications, counterfeit customer-service outreach, fabricated reports of account issues, and unsolicited “tech support” calls—to trick unsuspecting users into voluntarily surrendering their Amazon login credentials or payment information.
What makes this particular warning notable, The New York Post report observed, is its timing. Cybercrime traditionally spikes during the holiday season, when the hustle of online shopping creates a fertile environment for malicious actors. But the FBI’s newest statistics suggest that 2025 has already smashed prior records, long before Christmas buying begins in earnest. Since January alone, the bureau has received more than 5,100 formal complaints linked specifically to account-takeover fraud, representing at least $262 million in confirmed losses. The agency declined to name specific companies most affected, but Amazon’s proactive messaging indicates it is a central target.
The New York Post report called attention to the fact that account-takeover fraud is not merely one more variety of cybercrime—it is uniquely destructive because it hijacks the trust customers have already established with a company. Once criminals breach a customer’s Amazon account, they can redirect shipments, place unauthorized orders, siphon stored gift card balances, or manipulate account details in ways that create cascading financial chaos. Many victims only discover the breach after fraudulent transactions have been completed or after Amazon flags irregular activity.
Amazon’s warning, which the company confirmed had been distributed to American customers earlier in the month and to U.K. customers just this week, is both sweeping and granular in its advice. The New York Post report highlighted the company’s emphasis on urging users to avoid responding to unsolicited communications, particularly emails, texts, or calls purporting to be from Amazon’s customer-service division. Fraudsters have been refining their ability to mimic Amazon’s visual identity, deploying logos, email formatting, and even spoofed phone numbers designed to deceive even the most careful shopper.
In its advisory, Amazon also urged customers to remain skeptical of social-media advertisements promoting Amazon-branded deals. As the Post report noted, fraudsters have begun exploiting the advertising ecosystems of Facebook, Instagram, and TikTok to lure shoppers to counterfeit Amazon pages that mimic the company’s interface. These imitation pages often request account logins or payment information and can install harmful malware. Amazon emphasized that legitimate account-related correspondence will never originate from social-media advertisements or third-party pages.
As cybercriminals sharpen their tactics, Amazon is reinforcing its call for customers to secure their accounts with two-factor authentication—a recommendation The New York Post echoed in its coverage. Two-factor protections create an additional barrier between criminals and account access by requiring verification codes from a trusted device or authenticator app. Amazon also encouraged customers to adopt the newer “passkey” login system, which replaces traditional typed passwords with biometric or device-based verification tools far more resistant to theft.
In reinforcing its message, the company pointed to disturbing patterns identified earlier this year. In a July fraud-prevention campaign, Amazon warned that scammers often manufacture a false sense of urgency—telling victims that fraudulent activity has been detected, that their account is at immediate risk of closure, or that a package delivery problem must be “resolved immediately.” The New York Post reported that Amazon’s internal research found nearly two-thirds of scams exploited fictitious “order issues” or “account problems,” a trend that remains firmly entrenched heading into the 2025 holiday season.
The FBI’s parallel advisory reinforces the scale of the threat. Beyond the raw financial losses approaching the $300 million threshold, the bureau emphasized the emotional and logistical toll on victims. As The New York Post report detailed, the FBI reiterated that consumers should regularly monitor their bank accounts and credit statements for anomalies, use unique and complex passwords across all major platforms, and avoid clicking on suspicious advertisements or unsolicited links.
Amazon’s own efforts to combat the expanding universe of impersonation schemes have grown increasingly aggressive. Last year alone, Amazon disclosed that it dismantled more than 55,000 phishing sites and neutralized 12,000 fraudulent phone numbers linked to scammers impersonating Amazon employees. These numbers reveal an ecosystem of fraud that is vast, well-organized, and persistently innovating. Even so, as Amazon concedes, the vigilance of the corporation is only half the equation. Customers must match that vigilance with caution and digital self-defense.
What is striking, as The New York Post report emphasized, is that scam operations have evolved from isolated amateur schemes into sprawling, professionalized networks using corporate-grade technologies. Fraudsters no longer rely on clumsy, typo-laden emails or laughably incorrect addresses. Instead, they deploy artificial-intelligence tools to craft polished communications, use number-spoofing technology to mask their origins, and lean on human behavioral analysis to maximize emotional pressure.
Amazon’s security teams, often comprised of former federal investigators and cybersecurity experts, are confronting adversaries who mimic Silicon Valley innovation rather than petty crime. That reality is altering the nature of consumer protection, requiring constant technological adaptation and public awareness campaigns—especially during periods like November and December, when online shopping volume makes customers more distracted, more rushed, and more vulnerable.
The stakes are not just financial. As the Post noted in an earlier investigation into the rise of impersonation fraud, criminals who gain access to Amazon accounts frequently gain access to connected email accounts, stored addresses, phone numbers, and in some cases saved payment data. These breaches can snowball into identity theft, loan fraud, or even coordinated attacks across multiple e-commerce platforms.
The company’s emphasis on using only the official mobile app or website to communicate with customer service reflects a fundamental shift in how cybercrime must be countered. Amazon recognizes that a secure digital perimeter depends not only on encryption and backend controls but on shaping user behavior. The safest environment becomes meaningless if customers are tricked into voluntarily providing access to attackers.
Yet despite these sweeping warnings, Amazon is navigating an information battlefield. The New York Post has been particularly direct in highlighting the dual challenge Amazon faces—not only defeating the criminals but convincing the public that cyberthreats require constant vigilance. Customers may feel fatigued by security warnings or falsely assume that only careless users fall victim. But the Post’s reporting demonstrates repeatedly that the victims are often educated, cautious, and tech-savvy individuals ensnared by highly tailored deception campaigns.
As millions of holiday shoppers prepare to place orders for gifts, electronics, and household supplies, Amazon’s message is unambiguous: the threat is real, the criminals are relentless, and the responsibility for digital security is shared. The FBI’s numbers speak volumes about the urgency, and the sweeping, global nature of Amazon’s customer alerts and that this is not a niche threat limited to vulnerable groups.
In the end, the warning serves as both a seasonal advisory and a broader commentary on the state of digital life. As The New York Post report indicated, the modern consumer inhabits a world in which convenience rivals vulnerability, and in which the world’s busiest online marketplace becomes, in the eyes of cybercriminals, the richest hunting ground on earth. Amazon knows this. The FBI knows this. And now, as the holiday season approaches, millions of ordinary shoppers—reminded persuasively by both institutions—must remain vigilant in an era where a single click can open the door to an invisible, costly invasion.