Amazon forced to issue attack warning as 300 million users at risk

With Black Friday just days away, Amazon has been forced to warn millions of users to secure their accounts over fears more than 300 million people could be at risk of vicious scams.

As the sale season ramps up, people all over the world will be trying to bag the best savings on Christmas presents, but with an influx of messages and emails from retailers, Amazon is urging its customers to stay vigilant.

Scammers and hackers will often use busy shopping periods as a means to try and trick people into giving away personal information by posing as popular retailers.

Given that Amazon is the most used online marketplace in the world, and is widely considered to be a very safe place to buy from, it's inevitable that fraudsters will attempt to imitate communications.

Amazon has now issued a stark attack warning to their users, insisting they must be aware of the risks.

Scammers always target people around sales seasons (Aleksander Kalka/NurPhoto via Getty Images)

In the email, sent out to users on 24 November, they warned that cybercriminals would be targeting Amazon customers to gain 'access to sensitive information like personal or financial information, or Amazon account details'.

While these kind of attacks are certainly not new, they are becoming increasingly more frequent and are always expected to ramp up around sales periods.

Amazon's attack warning email

The email warns Amazon customers against the following list of possible attacks:

• Messages sent through unofficial channels requesting payment or account information
• Emails that look official but are sent from unofficial addresses
• Fake delivery or account issue messages
• Third party adverts, including on social media, offering amazing deals
• Unsolicited tech support phone calls

It seems Amazon was right to put out the warning to its users, following a concerning report by FortiGuard Labs, which said it had 'identified more than 18,000 holiday-themed domains registered in the past three months, including terms such as Christmas, Black Friday, and Flash Sale,' adding that 'at least 750 of these were confirmed malicious.'

Amazon bosses have sent our warnings to its customers (Beata Zawrzel/NurPhoto via Getty Images)

They also found more than 19,000 domains registered that imitated major retail brands, with 2,900 confirmed as malicious.

"Many mimic household names,” like Amazon, “often with slight variations that are easy to miss when shoppers are moving quickly," the report reads.

Amazon's advice to avoid attacks

Fortunately Amazon has offered advice to avoid scams all year round, advising its users to:

• Set up two-factor authentication when available for your online accounts to help prevent unauthorised account access
• Only use the Amazon mobile app or website for customer service, account changes, delivery tracking, and refunds
• Use a passkey as it’s a safer way to sign in than using passwords, and it works with the same face, fingerprint, or PIN you already use to unlock your device

Amazon has posted all of it's information about identifying a scam here.