We have a growing problem in 2026 with Account Takeover Fraud. Account Takeover (ATO) fraud is when a bad actor logs into someone else’s online account, and changes all of the login/security information. This locks out the true owner of the account, and gives the the criminal power to do anything s/he wants with it.
In the past week, I’ve seen this happen with a different Amazon account, each day. I know how small of a business I am, so when I scale these incident numbers upward, I worry about a widespread problem. In this post, I’m going to focus on Amazon ATO fraud, but please apply this information to other online accounts you value. Criminals are going after email accounts, social media logins and more.
Attack Vectors
Warnings of this scourge started before the 2025 holiday season. The FBI made an urgent PSA, and other news media echoed and amplified the message, and this latest wave of attacks now has UK news media and Forbes reporting on ATO fraud. These articles and PSAs describe the various ways that ATO scammers could come at you:
- Phishing texts and emails. Fake Amazon messages abound, claiming that there’s a recall on something you’ve bought, or a refund due, or a security issue that you need to address
- SEO poisoning. This is when a scammer pays for placement in Google/Yahoo/Bing Search results, so that their phishing website shows up at the top when you search for “Amazon”
- Phone calls. Cybercrooks still cold-call people at random, claiming they want to secure your account, while actually trying to invade it
- Push notification spam. Are you seeing repetitive pop-ups in the lower-right corner of your computer screen? You may have accidentally allowed a website to send you push notifications, and some of them may lie and pressure you into clicking on a fake Amazon alert
This means that you should not trust any unexpected Amazon communication. And you should also be careful with messages that you are waiting to receive.
How to Stay Safe
The crooks’ goal is to log into your Amazon account. They need your password to do this, and they will try to trick you into giving it to them, or helping them reset it. Besides cultivating a general mistrust of the internet, I recommend:
- Use a bookmark for Amazon. Whether it’s at the top of your browser or on the desktop, create a bookmark that goes to www.amazon.com . This helps you avoid using a search engine to find your way — search results are gameable and unreliable!
- Do not click Amazon links in emails or texts. Especially if they seem scary or worrisome, scammers use a sense of urgency to get you to act before caution kicks in. Sidestep the message and go directly to the Amazon website or app, and find/verify that information that just arrived. If it’s legitimate, you’ll find elsewhere it in your Orders or Account settings.
- If your computer or phone is plagued by push notification pop-ups, search in your browser for your Notifications settings and turn those off.
- Don’t share codes. If a number is sent to your cellphone or email, that’s only for you to use. Amazon will not ask you for that number. If someone wants you to read them a 6-digit code that was sent, you must not trust them! They may claim the code is for “verification purposes”, but they are lying to you and will use that code to reset your password and steal your account!
- Enable 2FA on your account. Consider also adding a Passkey, if you are comfortable with that sort of thing. These extra security features make an account breach less likely.
- Contact Amazon through trustworthy channels. If you need to deal with Amazon support, start at their website, and find Help options at the bottom. Do not Google for a phone number, as that is a recipe for disaster. If you absolutely must call Amazon, I have some hard-to-find numbers for you to sock away (I have verified these myself):
- 1-888-280-4331
- 1-800-388-5512
- 1-206-922-0880
- 1-866-216-1075
Final Notes
I hope that you do not become the next victim of Amazon Account Takeover Fraud. But if you do, you’ll know because you won’t be able to log into Amazon anymore. When you try to log in, the website will claim: “Looks like you’re new to Amazon.” That’s your sign to call Amazon ASAP. Calling them will be your only option, because chat and other site-based support won’t be available to you.
Amazon ATO incidents are urgent to deal with. When a cybercrook gets into someone’s account, they start buying gift cards and sending items to foreign addresses, using your stored payment methods. This gives you extra unpleasant work to do (calling your bank, disputing charges, cancelling and reissuing payment cards). It could also interfere with home-based Alexa devices (doorbell, speakers, smart-screens) and saved digital purchases in the Amazon Video and Music libraries.
To wrap up, I’ll digress into a personal story: A few years back, I was struggling to get an Amazon refund. I had purchased my item through one of their 3rd-party sellers, and they became rather disagreeable with me. So I gave up on them and contacted Amazon through their website’s chat function. I leaned on them to uphold their A-Z Guarantee for my order, while also giving them the info they would need to deliver maximum justice to their errant seller. They registered my criticisms and told me that it would take some business days to finalize everything.
While waiting for those days, I received an Amazon call at 8PM. I answered it, already dubious, and someone began asking me about my Amazon return. I grimly told them: “I’m listening.”
The caller then rattled off some details. The name of the item I was trying to return. The exact dollars-and-cents amount of the return. The date of purchase. I was intrigued, but still wary.
The purported agent then said that they could fulfill the refund right now. My response: “Great. Do it.” To which they replied that I needed to go to my computer and type in a particular URL… which I knew to be a remote-control software website.
I told them that I knew they were a scammer, and that I hoped they would rethink their life choices. After hanging up, though, I boggled at their specificity. They knew details about my particular return. My account was perfectly secure, so where would they get those details…?
I feel certain my data leaked via the 3rd-party seller. It could be they vindictively shared my info, after consequences of my reporting came home to roost. Then again, who can say for certain? Maybe it had nothing to do with revenge. The 3rd-party seller might’ve fallen victim to Amazon ATO, and a scammer was going through their records, calling each customer on their list.