Our cybersecurity team has identified a sophisticated fraudulent campaign impersonating CVS Pharmacy through a network of 6 connected entities, including phone number 3043810972 and 5 malicious domains. The primary domains cvsbonus.com and www.cvsbonus.com were both registered through NAMECHEAP INC on August 23, 2025, while a related domain highlandcowplushie.com was registered the following day on August 24, 2025. These three domains share the same infrastructure with moderate confidence levels of 0.50, indicating coordinated operation by the same threat actors.
The campaign operates through cold calling, with victims receiving voicemails from someone identifying as "Jessica" claiming to represent CVS customer service. The scripted message informs targets they have been "selected to receive a free loyalty gift valued up to $250" through a fake customer appreciation program. Community reports from Michigan (ZIP code 49009) describe identical voicemail messages directing victims to visit www.cvsbonus.com or cvsbonus.com to claim their supposed prize. Additional infrastructure includes the domains t4.nebulasurge.com and wamepu.tempomonitor.su, which have been reported together with the primary CVS impersonation sites, suggesting a broader malicious network.
Analysis of cross-entity relationships reveals 14 documented connections between these entities, with the phone number 3043810972 being directly linked to www.cvsbonus.com through consumer reports. Despite the organized nature of this operation, there are currently 0 official FTC complaints on record for the phone number, likely indicating the campaign is in early stages or victims have not yet reported through official channels. The Better Business Bureau has classified this as a sweepstakes/lottery/prize scam specifically targeting CVS customers.
To protect yourself from this and similar scams, verify any promotional offers by contacting CVS directly through their official customer service number found on your receipt or their legitimate website. Never click on links in unsolicited messages or provide personal information to unexpected callers claiming to represent major retailers. If you receive contact from these entities, hang up immediately and do not visit the fraudulent websites. Report suspicious calls and websites to the FTC at reportfraud.ftc.gov or file complaints about unwanted calls with the FCC. Before engaging with any unfamiliar phone number or website, consumers can verify safety by checking with official scam databases and consumer protection resources.
This campaign represents a moderate-level threat with organized infrastructure and targeted messaging designed to exploit consumer trust in the CVS brand. Immediate recommended actions include blocking the identified phone number 3043810972, avoiding all listed domains, and reporting any contact from these entities to federal authorities. Organizations should alert customers about this specific impersonation attempt and reinforce that legitimate promotional offers will only come through official channels.