Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Fake TSA PreCheck sites scam US travelers with fake renewals
#1
https://www.bleepingcomputer.com/news/se...-renewals/      Fake TSA PreCheck sites scam US travelers with fake renewals
By Bill Toulas

    November 19, 2021 11:32 AM          There has been a surge in reports of people getting scammed after visiting TSA PreCheck, Global Entry, and NEXUS application service sites, being charged $140 only to get nothing in return.

Reports about these scams first appeared in March 2021, and by July, threat actors were abusing Google Ads to promote the fake sites on Google Search and increase their traffic.

A report by Abnormal Security confirms that the scams are still ongoing, and as we're heading to the Christmas travel season, the chances of more people falling victim to them multiply.

TSA PreCheck is a program that allows people to pass through a quicker and easier screening process at the airport.

People who enroll in the program receive a background check once and can then travel across the US without removing personal items or going through vigorous checks each time they fly.

Especially during the pandemic, when people seek to spend the minimum amount of time in crowded places, there's an increasing number of travelers who sign up for this program.

The TSA PreCheck needs to be renewed every five years, which costs members $70 (down from $85).
Sending out renewal reminders

Threat actors are sending people emails that inform them of the imminent expiration of their TSA PreCheck membership, and urge them to submit a renewal application by following the embedded URL.
Renewal reminder email
Source: Abnormal Security

These emails take the victim to fake renewal sites that were made to appear legitimate and also use convincing domain names such as:

    airportprescreen[.]com
    airportprescreening[.]com
    applyfornexuscard[.]com
    assist-gov[.]com
    applyglobaltraveler[.]com
    easynexusapplication[.]com
    fastpassapplication[.]com
    lowrisktraveler[.]com
    immigrationvisaforms[.]com
    travelauthorizationusa[.]com

All of them use the '.com' top-level domain, which adds more weight to the legitimacy of the URL and increases the chances of successfully scamming a visitor.
One of the scam sites
One of the scam TSA PreCheck sites
Source: Abnormal Security

Interestingly, several of the scam sites seen by Abnormal Security include a disclaimer that more or less makes it clear that they don't guarantee any success with the renewal registration.

    “We are not the United States government or associated with it. There are no guarantees you will be granted a known traveler number by the government. We try to make sure everything is submitted correctly to eliminate rejections from submission errors.”

While this can be easily missed as not many people read service disclaimers, PayPal being the only available payment method, should indicate that this is not a legitimate site.

Even worse, the threat actors charge twice the regular fee, setting the renewal cost at $139.99 compared to the standard $70 price.
Payment portal on the site
Source: Abnormal Securty

For those looking to apply or renew for a TSA PreCheck, Clear, or Global Entry membership, it is strongly advised that you do not search for the URL in search engines as you may click on a scam advertisement.

Instead, visit the Homeland Security's Trusted Traveler Programs page, which contains the legitimate URLs for all available travel programs.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Fake Google Translate app installs malware dhruv2193 1 628 09-05-2022 , 12:47 PM
Last Post: Mike
  Scammers put fake QR codes on parking meters to intercept parkers’ payments mrtrout 0 517 01-13-2022 , 03:27 AM
Last Post: mrtrout
  FBI's Email System Hacked to Send Out Fake Cyber Security Alert to Thousands mrtrout 0 540 11-16-2021 , 05:20 AM
Last Post: mrtrout
  New Attack Uses Fake Icon To Deliver Trojan Bjyda 0 937 03-13-2021 , 09:47 PM
Last Post: Bjyda
  U.S. DOJ warns of fake unemployment benefit websites stealing data Bjyda 0 972 03-07-2021 , 10:59 PM
Last Post: Bjyda

Forum Jump:


Users browsing this thread: 1 Guest(s)