As you probably know, scammers love to target the customers of popular retail establishments by sending out fake “offers” in those company’s names.
The Lowes and Target scams (and several others) make the rounds at least once a year so most folks nowadays know to simply ignore them, but now another recurring retailer-related scam making the rounds once again.
This scam is targeting customers of the CVS pharmacy chain via a series of fake emails telling potential victims that they’ve qualified to receive a free CVS gift card, free reward points or some other gift of value.
Like most other scams, this one arrives in a variety of forms. In fact, in just the past two days I received emails with each of these headlines in my email inbox:
- BONUS: $50 CVS Gift Card Opportunity
- Your Opinion is Important! Take This Survey to Claim Your $50
- Confirmed: Your Fifty Dollar CVS Reward
- You’re Invited: To Redeem Your $50 CVS Reward
- Congrats! You’ve received an CVS reward
As you can see, some of these emails try to trick you into taking a survey in order to qualify for the freebie while others just claim you qualify for it outright.
The one thing they all have in common is the need to click on a link to visit a web page in order to claim the gift card or reward points.
If you receive one or more these emails DO NOT open them.
If you happen to open one of them by accident DO NOT click on any of the links contained in the email.
Have you already taken the bait and clicked on a link in one of these emails? If so, one or more of the following has likely already happened:
1 – The malicious web page you visited after clicking the link likely attempted to download malware onto your computer or mobile device.
That means you should immediately run a thorough series of malware scans on your Windows machine or install a good antivirus app on your Android device.
2 – If you entered your personal information into a form on the malicious web page that info is now likely in the hands of a hacker.
Therefore I strongly recommend that you change the passwords and enable Two-Factor Authentication on every account that could potentially be affected by the data breach and closely monitor your credit reports for suspicious activity.
Bottom line: If you receive an email that appears to be from CVS you can safely assume that it’s a fake (and that it’s malicious) unless you initiated some action that caused you to be expecting to receive one.