{“lastseen”:”2025-11-27T14:05:13″,”description”:”The FBI has issued a public service announcement warning about a surge in account takeover (ATO) fraud, and the timing lines up with a major alert Amazon has just sent to its 300 million customers about brand impersonation scams.\\n\\n## How ATO fraud works\\n\\nAccount takeover fraud is just what it says: Scammers figure out a way to hijack your account and use it for their own gain. It affects everything from email and social media to retailer, travel, and banking accounts. Criminals use plenty of tactics, including malware on your computer or phone, or \\”credential stuffing,\\” where they try compromised passwords across lots of sites.\\n\\nThe FBI\u2019s new alert focuses on attackers who impersonate customer support or tech support from your bank. Amazon\u2019s warning describes almost identical techniques, but aimed at Amazon shoppers instead of banking customers.\\n\\nAttackers send texts, emails and make phone calls designed to fool you into giving away your username and password, and even your multi-factor authentication (MFA) codes. Once they’re in the account, scammers quickly reset passwords or other access controls, locking you out of your own account.\\n\\n### **Fake websites, fake alerts, and fake customer support**\\n\\nThe FBI highlights another technique used for similar purposes: website-based phishing. The scammer will direct you to a fake site that looks just like your bank’s login page. The moment you enter your details, the criminals steal them and use them on the real banking site.\\n\\nAmazon says the same thing is happening to its customers. In a warning email sent November 24, it listed the attacks it is seeing most often:\\n\\n * Fake delivery notices or account-issue messages\\n * Third-party ads offering unbelievable deals\\n * Messages via unofficial channels requesting login or payment information\\n * Links to look-alike websites\\n * Unsolicited \u201cAmazon support\u201d phone calls\\n\\n\\n\\nOne of the FBI\u2019s examples mirrors this almost exactly: Attackers claim there has been fraudulent activity on your account and urge you to click a link to \u201cfix\u201d it, but it sends you straight to a phishing site.\\n\\n### How do the scammers get you to these sites?\\n\\nSearch engine optimization (SEO) poisoning is one common technique, the FBI says. Scammers buy ads with search engines that direct users to their malicious sites. Many mimic household names with tiny variations that are easy to miss when you\u2019re in a hurry.\\n\\nAmazon’s warning is backed up by research from FortiGuard Labs, which found that 19,000+ new domains set up to imitate major retail brands. 2,900 of those were proven to be malicious. \\n\\nThis wave of impersonation attacks isn\u2019t limited to search ads and look-alike domains. Researchers have also uncovered a system called Matrix Push C2 that abuses browser push notifications to deliver fake alerts designed to look like they\u2019re from trusted brands such as Netflix, PayPal, and Cloudflare. Once clicked, those alerts lead victims to phishing pages or malware, giving attackers yet another path to steal login details or take over accounts.\\n\\n## A growing epidemic\\n\\nThis type of fraud is on the rise. According to TransUnion, digital account takeover climbed 21% from H1 2024 to H1 2025, and 141% since H1 2021. It’s big business; the FBI has received over 5,100 complaints since January, and says that losses have hit $262 million.\\n\\nThis is a popular time for scammers to ramp up ATO fraud. Amazon\u2019s alert comes at one of the busiest online shopping periods of the year\u2014Black Friday and the run-up to the holidays. \\n\\nAnd while MFA is important, it doesn\u2019t always save you. Proofpoint found that 65% of compromised accounts had MFA enabled. But if you give up your secrets to a scammer, they have the keys to the kingdom.\\n\\nPasswordless options such as passkeys promise better security because then there’s no MFA code to give up (you just use biometric access or click on a browser prompt to log in). However, those are still relatively uncommon compared to passwords, and when they do exist, people don’t often use them.\\n\\n## How to protect yourself\\n\\nCybercriminals prey on the vulnerable and the distracted. Brand impersonation works because attackers lean hard on urgency. They claim your account has been breached, or a large transaction has gone through, or a delivery can\u2019t be completed.\\n\\nScammers are experts at using fear to get past your emotional defenses. In one inventive twist highlighted by the FBI, scammers told victims their details were used for firearms purchases, then transferred them to a fake \\”law enforcement\\” accomplice. Once fear kicks in, people act fast.\\n\\nWhether the scammer is posing as Amazon, your bank, or a courier service, the same rules apply:\\n\\n * **Bookmark your bank and retailer login pages.** Don\u2019t search for them, as results can be spoofed.\\n * **Use official apps.** Download your bank or Amazon app directly from an official link, not through a search engine.\\n * **Be stingy with personal info.** Pet names, schools, and birthdays can help criminals with \u201csecurity questions.\u201d\\n * **Be skeptical of caller ID.** It can be spoofed. Hang up, then call back using a verified number.\\n * **Use passkeys if offered.** They cut out SMS codes entirely and help prevent phishing.\\n * **Never share one-time codes.** No legitimate company will ask.\\n\\n\\n\\nAmazon also reminds users:\\n\\n * It will **never** ask for payment information over the phone.\\n * It will **never** send emails asking customers to verify login details.\\n * All account changes, tracking, and refunds should go through the Amazon app or website only.\\n\\n\\n\\nIf you do think you’ve been hit by an ATO scam, contact your bank immediately to try and recall or reverse any fraudulent transactions. It might still not be too late, but every second counts. Also, file a complaint with the FBI’s IC3 online crime unit.\\n\\n* * *\\n\\n**We don ‘t just report on scams\u2014we help detect them**\\n\\nCybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we\u2019ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!”,”published”:”2025-11-27T13:18:34″,”modified”:”2025-11-27T13:18:34″,”type”:”malwarebytes”,”title”:”Holiday shoppers targeted as Amazon and FBI warn of surge in account takeover attacks”,”source”:””,”references”:””,”id”:”MALWAREBYTES:EDE18992B3ADD6D02F224ECDDA8720E7″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/11\/holiday-shoppers-targeted-as-amazon-and-fbi-warn-of-surge-in-account-takeover-attacks”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-11-27T14:05:13″,”description”:”The FBI has issued a public service announcement warning about a surge in account takeover (ATO) fraud, and the timing lines up with a major…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-27847","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n