Scam Campaign Report: Lowe's Brand Impersonation and Debt Collection Fraud Cluster
This report details a cluster of eight connected entities tied to a consumer fraud campaign involving brand impersonation, unsolicited financial communications, and high-volume debt collection complaints. At the center of the domain activity is lowes.com, the legitimate domain for the Lowe's home improvement retail brand, registered in 1995 through CSC Corporate Domains, Inc. This domain has been reported together with three other domains — dslreports.com, attachments.techguy.org, and pingtest.net — across multiple consumer complaints, all with a maximum confidence score of 1.00. The consistent co-reporting of these four domains suggests that consumers encountering one frequently encountered the others in the same fraudulent interaction or communication chain.
The domain attachments.techguy.org, registered in February 2000 through GoDaddy Online Services Cayman Islands Ltd., is particularly notable as a potential delivery mechanism. Its name implies it may be used to host or distribute file attachments, which is a common vector for phishing payloads and malicious links. Pingtest.net, registered in May 2001 through CSC Corporate Domains, Inc., and dslreports.com appear to serve as supporting infrastructure or referral points within the same campaign ecosystem. All four domains are reported together at full confidence across fourteen documented cross-entity relationships, indicating a tightly interconnected cluster rather than coincidental co-occurrence.
Three companies have been linked to the lowes.com domain through co-reporting relationships: Locate Services LLC, Changed Inc., and ACCOUNT SERVICES INC., each at a confidence level of 0.85. Locate Services LLC and ACCOUNT SERVICES INC. operate in the debt collection industry, with 4 and 8 CFPB complaints respectively. Changed Inc. is associated with the checking or savings account industry and carries 2 CFPB complaints. The most significant entity in the cluster by complaint volume is Credit Corp Solutions Inc., a debt collection company with 2,836 CFPB complaints on record. While Credit Corp Solutions Inc. does not have a direct relationship mapped to the other entities in this cluster, its inclusion signals a broader pattern of aggressive or potentially deceptive debt collection practices connected to the same consumer reporting environment.
Community reports reinforce the consumer harm picture. Two reported incidents describe consumers receiving unsolicited physical mail from what appeared to be Lowe's, delivered via UPS in a heavy-stock envelope and addressed using the recipient's full legal name. The mailings contained a one-cent refund card that the consumers say they never requested. This tactic — sending small, unsolicited financial instruments — is associated with schemes designed to establish a commercial relationship or verify mailing address accuracy for future fraud. A third report describes an unauthorized recurring charge of $49.99 per month that continued despite multiple cancellation attempts through both email and website channels, suggesting a subscription trap or unauthorized account enrollment.
Consumers who receive unsolicited mail, email, or phone calls referencing Lowe's, debt collection services, or account notifications should take the following precautions. Do not click any links in emails or text messages, do not call back numbers provided in unsolicited mail, and do not provide personal or financial information to any party that contacts you without prior initiation. If contacted by phone, hang up immediately. To verify whether a communication is legitimate, contact Lowe's or any company directly using contact information found on their official website, typed manually into your browser. To check whether a domain or phone number has been reported as fraudulent, use tools such as the FTC's fraud database at reportfraud.ftc.gov or the FCC's consumer complaint center. Unauthorized recurring charges should be reported to your bank immediately to initiate a dispute and block future withdrawals.
Overall, this cluster represents a moderate-to-high consumer threat level. The combination of Lowe's brand impersonation via physical mail, a possible malicious attachment domain, high-volume CFPB complaints against associated debt collectors, and documented unauthorized billing activity indicates a multi-vector fraud operation targeting individual consumers by name. Recommended next steps include reporting all associated domains and company names to the FTC at reportfraud.ftc.gov, filing complaints with the CFPB at consumerfinance.gov/complaint for any financial harm, and alerting the FCC if the campaign involves unsolicited phone or text contact. Consumers who received the one-cent Lowe's refund card should not activate or use it and should report the mailing directly to Lowe's customer fraud team.