This scam campaign involves a coordinated network of 10 fraudulent domains registered through NAMECHEAP INC between August 23-28, 2025, impersonating CVS Pharmacy to deceive consumers with fake prize and loyalty reward offers. The primary CVS-themed domains include cvsprize.com, www.cvsperk.com, www.cvsprize.com, www.cvsbonus.com, cvsbonus.com, and www.cvsgift.com, all registered on August 23, 2025. Additional domains in the network include highlandcowplushie.com, casawrap.com, capital25llc.com, and bumbatools.com, registered between August 24-28, 2025.
The campaign operates through shared infrastructure connections linking all domains, with 15 documented same_infrastructure relationships at 0.50 confidence levels. The CVS-impersonation domains are interconnected through multiple shared infrastructure connections, while highlandcowplushie.com serves as a central hub connecting to five of the CVS-themed domains. This infrastructure sharing indicates the domains are controlled by the same threat actors and likely hosted on common servers to reduce operational costs and complexity.
Community reports reveal the scam's operational tactics, with callers identifying themselves as "Jessica" and targeting consumers with voicemails claiming prize expiration deadlines. Victims report receiving calls stating "my prize date was about to expire, and that I needed to go on cvsprize.com to select up to $250 in prizes" and messages about "CVS customer appreciation offers" directing them to www.cvsperk.com. Reports originate from South Carolina (ZIP code 29073), indicating potential regional targeting patterns, though the full geographic scope may be broader given the recent registration dates.
To protect against this and similar scams, consumers should verify any prize or loyalty offers by contacting CVS directly through official channels rather than responding to unsolicited calls or visiting provided websites. Legitimate retailers do not typically call customers about surprise prizes or require immediate action to claim rewards. If contacted by suspected scammers, hang up immediately, do not click on any links in messages, and report the incident to the FTC at reportfraud.ftc.gov or to the FCC for phone-based scams. Consumers can verify the safety of phone numbers and domains by checking them against scam databases and consumer protection websites before engaging.
This campaign represents a high-priority threat due to its recent deployment, coordinated infrastructure, and impersonation of a trusted national retailer. The rapid registration of multiple domains within a five-day window suggests an active and well-resourced operation. Consumers should exercise extreme caution with any CVS-related prize or loyalty communications received through unsolicited channels, and retailers should be alerted to monitor for unauthorized use of their branding in fraudulent schemes.