Common scam pattern
A message claims you were selected for a reward, uses urgency, and sends you to a look-alike page. The page may ask for personal details, shipping fees, card information, gift-card purchases, or permission to install software.
What legitimate feedback should not require
A customer survey should not require you to buy gift cards, deposit a check, pay a prize-delivery fee, disclose online-banking credentials, provide a one-time security code, or install remote-access software.
How to verify a message
Do not use the embedded link. Open cvs.com independently, review the company’s security alerts, compare the message with your receipt, and contact customer service using information from CVS’s official site.
If you already responded
Stop communicating, change exposed passwords, contact your bank or card issuer when payment details were shared, monitor accounts, preserve screenshots, and report the message through appropriate official channels.
Frequently asked questions
Not necessarily, but unsolicited reward messages deserve careful verification. Use the receipt and CVS-owned channels as your source of truth.
A sweepstakes may request contact details under official rules, but verify the domain and privacy notice first. Never provide unnecessary sensitive information.
Yes. Logos, colors, sender names, and screenshots can be copied. Verify the domain and contact channel.