Scammers are ramping up their attacks this holiday season, with FBI and Amazon warning of a surge in “account takeover” (ATO) fraud targeting shoppers. According to data from TransUnion, ATO incidents rose 21% from the first half of 2024 to the first half of 2025, and by 141% since the first half of 2021, while the FBI has logged over 5,100 complaints and $262 million in related losses so far in 2025. Attackers often impersonate trusted brands — sending fake delivery notices, account-issue alerts, or phony customer-support messages — to trick people into revealing login credentials or multi-factor authentication codes. In some cases, they even claim victims’ accounts were used for illicit activity to frighten them into compliance. Experts recommend only visiting retailer or bank login pages via bookmarked links or official apps, using strong unique passwords, enabling passkeys/MFA, never sharing one-time codes, and monitoring accounts closely throughout the shopping season.
