Lowe’s Outdoor Bundle scam
Scams

Lowe’s Outdoor Bundle Scam Tricks Users with Fake Free Gift Emails

By Sean Doyle · · 9 min read

The Lowe’s Outdoor Bundle scam is an active and evolving phishing operation that impersonates the Lowe’s home improvement brand to steal personal and financial information. Victims receive professional-looking emails claiming they have been chosen to receive a “free EGO Power+ Ultimate Autumn Outdoor Bundle” or another high-value reward. The links in these messages redirect to fake survey sites that harvest data, install tracking scripts, and lure users into subscription traps or ad-fraud networks.

lowes email scam

This ongoing scam has been documented across multiple regions and mirrors patterns seen in other brand impersonation attacks, such as the Walmart iPad Pro scam and Target Rewards survey hoaxes. The operation uses short-lived, newly registered domains and Cloudflare masking to hide its infrastructure, with each domain active for only a few months before being replaced.

How the Lowe’s Outdoor Bundle Scam Works

The lowes outdoor bundle scam relies on social engineering and urgency to push victims into interacting without thinking. Scammers send thousands of phishing messages per day through mailing lists and spam bots. These messages feature real Lowe’s logos and formatting, but every external link points to unrelated domains.

The structure of this scam typically follows a consistent pattern:

  1. Initial contact: The victim receives an email titled “Your Free EGO Power+ Outdoor Bundle Awaits” or “Lowe’s Customer Appreciation Giveaway.” The sender name reads as “Lowe’s” but the address is a fake domain such as offers@lowes-promos.com or support@lowes-surveys.store.
  2. Click bait: The message body contains professional-looking imagery and a large button labeled “Claim Gift” or “Start Survey.”
  3. Redirection chain: Clicking the button routes the victim through several tracking links hosted on suspicious servers. Each redirect appends encoded parameters designed to identify traffic sources and affiliates.
  4. Fake survey: The final destination displays a survey page styled like a legitimate Lowe’s customer feedback form. It includes four to six simple questions and a progress bar that creates the illusion of completion.
  5. Data theft: After the “survey,” victims are asked for their full name, address, and payment information under the guise of paying a small shipping fee to claim the free reward.
  6. Persistent exploitation: Many of these pages ask users to allow browser notifications. Approving this enables the scammer to send pop-up alerts that promote more fake offers long after the original page is closed.

Examples of Scam Emails

Recent phishing messages identified in the lowes outdoor bundle scam include the following samples:


From: "Lowe’s" <marketing@lowes-promos.net>
Subject: Your Free EGO Power + Ultimate Autumn Outdoor Bundle Awaits
Message: Name, your free gift won't wait! Click below and confirm your delivery details.


From: "Lowe’s Customer Service" <info@lowes-survey-center.store>
Subject: You’ve Been Selected! Claim Your Gorilla Carts Bundle
Message: Congratulations! You were selected to receive a free gift for your loyalty. Complete a short survey to claim your reward.

Links embedded in these messages redirect to fake survey and tracking URLs such as:


http://billing.jlink.net/sdfqsdfqsdfh.html
https://luxurycasesinpink.store/?source_id=20595&encoded_value=223GDT1&domain=webmessa.com

WHOIS Domain Analysis

We investigated one of the primary domains used in this phishing campaign, luxurycasesinpink.store, using our free WHOIS Lookup tool. The results confirm that the domain was recently registered with privacy masking and Cloudflare hosting, consistent with known scam infrastructure.


WHOIS Data for luxurycasesinpink.store
Registrar: Namecheap
Created: 2025-01-31 09:30:18
Updated: 2025-03-03 12:12:09
Expires: 2026-01-31 23:59:59
Registrar IANA ID: 1068
Status: clientTransferProhibited
Name Servers: BRIT.NS.CLOUDFLARE.COM, PATRYK.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Registrar Abuse Contact: abuse@namecheap.com

This information proves the domain was created only months ago for the purpose of running short-term phishing operations. The use of Cloudflare’s content delivery and masking services hides the real server location and identity of the operator. Namecheap is one of the most commonly exploited registrars in these scams, as it allows rapid domain creation with minimal verification. The lack of public ownership data due to GDPR masking is another red flag seen in thousands of fraudulent websites.

Technical Breakdown of the Phishing Pages

Each lowes outdoor bundle scam page contains dynamic JavaScript that collects tracking data before redirecting users to a new endpoint. Scripts detect browser type, geolocation, and device information, which is then sent back to the attacker’s analytics panel. These phishing kits are often sold as subscription-based tools on Telegram channels and dark web forums. Operators purchase ready-made templates, customize them with brand logos, and deploy them across cheap hosting services.

Once a victim submits data, the information is forwarded to a remote API or stored in an attacker-controlled panel. The scripts then issue a fake confirmation message stating, “Thank you! Your free gift will arrive soon.” No shipment ever occurs, and within days victims begin receiving new scam emails and text messages from unrelated sources.

How Victims Are Targeted

Attackers use several methods to distribute these emails:

  • Purchased email lists containing addresses from previous leaks or public marketing databases
  • Compromised websites with installed mailer scripts
  • Redirect traffic purchased from ad networks and traffic brokers
  • Botnets that automatically send phishing emails through rotating IPs

Once an email list becomes overused, scammers abandon it and register a new domain, repeating the process under a slightly modified brand name. This is why the lowes outdoor bundle scam has dozens of different URLs, each using similar text and graphics but hosted on entirely different domains.

Goals of the Attackers

The lowes outdoor bundle scam is designed to achieve several monetization outcomes:

  • Steal identity data such as full names, addresses, phone numbers, and emails for resale to marketing and fraud databases.
  • Collect payment details by requesting a small “shipping fee” or “verification charge.”
  • Generate affiliate commissions by redirecting victims through paid survey and app download pages.
  • Build remarketing lists by capturing cookies and browser fingerprints for future scams.
  • Abuse notifications to continuously promote cryptocurrency scams, fake lotteries, and tech support hoaxes.

Signs You Are Looking at a Scam

Identifying a lowes outdoor bundle scam email is relatively simple once you know the indicators:

  • The sender address is not associated with lowes.com.
  • The message uses a countdown timer or urgency language.
  • It asks for payment details to ship a “free prize.”
  • The site URL contains random letters, numbers, or unrelated domains.
  • The page requests permission to show notifications before continuing.

If you accidentally clicked or entered data on one of these pages, act immediately:

  • Do not complete payments or submit additional information.
  • Close the browser tab and clear browsing data.
  • Revoke notification permissions from the domain by visiting your browser settings.
  • Scan your system using Malwarebytes to remove any potential adware or trojans.
  • Contact your bank if card information was entered. Request a new card and monitor recent transactions.
  • Change all passwords associated with your email and enable two-factor authentication.

How To Remove Scam Notifications

If you clicked “Allow” on a pop-up notification prompt from one of these fake pages, you can disable it manually:

Google Chrome

chrome://settings/content/notifications

Find the suspicious site, click the three dots, and select Remove or Block.

Microsoft Edge

edge://settings/content/notifications

Remove the malicious site under the “Allow” list.

Mozilla Firefox

about:preferences#privacy

Select Settings next to Notifications and delete the entry for the fake domain.

Safari on iPhone or iPad

Go to Settings → Safari → Advanced → Website Data, remove suspicious sites, and review notification settings under Settings → Notifications.

Browser Cleanup Tips

  • Clear browsing history, cache, and cookies.
  • Remove unfamiliar extensions that appeared recently.
  • Reset browser settings if pop-ups or redirects persist.
  • Run a deep scan using Malwarebytes to ensure the device is clean.

Reporting the Lowe’s Outdoor Bundle Scam

  • Report phishing attempts directly to Lowe’s via their official website or customer support line.
  • File a report with the FTC at reportfraud.ftc.gov.
  • Forward phishing emails to your mail provider’s abuse department (e.g., abuse@gmail.com or reportphishing@icloud.com).
  • Mark the message as phishing in your inbox to improve automated spam filters.

Prevent Future Phishing Attacks

  • Never click links from unsolicited emails offering gifts or rewards.
  • Always check the sender’s domain for authenticity.
  • Do not pay for shipping or verification of free items.
  • Allow notifications only from trusted, frequently used sites.
  • Keep your browser, plugins, and operating system updated.
  • Use reputable anti-malware tools like Malwarebytes.

Frequently Asked Questions

Is Lowe’s actually giving away outdoor bundles?

No. Real Lowe’s promotions are announced on lowes.com or verified social media accounts. Emails from unrelated domains promising free EGO Power+ bundles are fake.

Why am I still getting scam notifications after closing the site?

You likely approved browser notifications for one of the scam domains. Follow the steps above to remove them manually.

I entered my information on a scam site. What happens now?

Your data may be used for identity theft or future phishing campaigns. Contact your bank, change passwords, and scan your device immediately.

Can I recover my money from a fake shipping charge?

Yes, in many cases. Contact your financial institution and dispute the transaction as unauthorized. Provide screenshots of the fraudulent page if possible.

Known Domains Linked to the Lowe’s Outdoor Bundle Scam


billing.jlink.net
luxurycasesinpink.store
survey-gift-center.online
gopremiumlowesprize.shop
dailyrewardpanel.top
thankyou-limitedoffers.xyz

These domains change weekly as scammers register new ones. Avoid any links sent through unsolicited messages that mention Lowe’s giveaways or surveys.

Final Thoughts

The Lowe’s Outdoor Bundle scam is a sophisticated and fast-moving phishing campaign that exploits trust in major retail brands. By using fake giveaway emails and realistic survey pages, scammers harvest valuable information while exposing users to malware and financial fraud. Always verify promotions directly on the retailer’s official website, and never enter payment or personal data on third-party sites. For ongoing coverage of phishing trends and protective tools, visit our Scam Alerts and Cybersecurity sections.

WordPress Bot Protection

Bot Blocker for WordPress

Monitor bot traffic, review live activity, and control AI crawlers, scrapers, scanners, spam bots, and fake trusted bots from one clean WordPress dashboard.

Buy Now Start Free Trial

Sean Doyle

Sean is a tech author and security researcher with more than 20 years of experience in cybersecurity, privacy, malware analysis, analytics, and online marketing. He focuses on clear reporting, deep technical investigation, and practical guidance that helps readers stay safe in a fast-moving digital landscape. His work continues to appear in respected publications, including articles written for Private Internet Access. Through Botcrawl and his ongoing cybersecurity coverage, Sean provides trusted insights on data breaches, malware threats, and online safety for individuals and businesses worldwide.

View all posts →

Related Posts

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.