**CVS Customer Appreciation Scam Campaign Report**
This cybersecurity analysis identifies a multi-channel scam operation impersonating CVS Pharmacy to defraud consumers through fake loyalty rewards offers. The campaign centers around phone number 304-381-0972 and fraudulent domains www.cvsbonus.com and cvsbonus.com, both registered through NAMECHEAP INC on August 23, 2025. Community reports indicate that callers identifying themselves as "Jessica" contact victims claiming they have been "selected to receive a free loyalty gift valued up to $250" as part of a "CVS customer appreciation offer" and direct them to visit the fraudulent cvsbonus.com website.
The scam operation demonstrates sophisticated infrastructure coordination across six connected entities. The primary CVS-themed domains www.cvsbonus.com and cvsbonus.com share the same infrastructure, while a third domain highlandcowplushie.com is also hosted on identical infrastructure, suggesting the operators are running multiple concurrent fraud schemes. Additional suspicious domains t4.nebulasurge.com and wamepu.tempomonitor.su have been reported together with the CVS domains, indicating potential backend infrastructure or tracking systems used across the broader criminal network. Phone number 304-381-0972 has been directly linked to the www.cvsbonus.com domain through victim reports.
Consumer impact data shows at least three documented cases from Michigan (specifically location 49009), with the Better Business Bureau categorizing this as a Sweepstakes/Lottery/Prizes scam type. While formal FTC complaints for the phone number remain at zero, community reporting indicates active victimization attempts. The scammers appear to be targeting consumers nationwide with unsolicited voicemail messages designed to create urgency around a limited-time offer, a classic social engineering tactic to bypass consumer skepticism.
To protect against this and similar scams, consumers should verify any promotional offers by contacting CVS directly through official channels rather than using contact information provided by callers. Legitimate retailers do not randomly select customers for high-value gifts or request personal information through unsolicited calls. If contacted by these scammers, immediately hang up, do not click on any provided links, and report the incident to the FTC at reportfraud.ftc.gov or file a complaint with the FCC. Consumers can verify the safety of suspicious phone numbers or domains by checking community reporting platforms and official fraud databases before engaging.
This campaign represents a moderate threat level with evidence of active operations and infrastructure expansion beyond the primary CVS impersonation scheme. The August 2025 domain registrations indicate this is a recently launched campaign that may be scaling operations. Consumers should remain vigilant for similar pharmacy impersonation attempts, and telecommunications providers should consider flagging phone number 304-381-0972 for suspicious activity. Continued monitoring of the connected infrastructure domains is recommended to identify potential campaign evolution or new fraud vectors.