Contents:
There has been an increase in reports of individuals being duped after using Trusted Traveler programs such as TSA PreCheck, Global Entry, and NEXUS. The travelers claimed they were charged $140 and received nothing in exchange.
The first reports of the frauds surfaced in March 2021, and by July, cybercriminals were using Google Ads to advertise the bogus websites on Google Search and drive more traffic to them.
According to a research conducted by Abnormal Security, the scam campaign is still underway, and as we approach the holiday travel period, the odds of more people falling prey to them increase.
What Is TSA PreCheck?
According to Wikipedia, TSA PreCheck is a Trusted Traveler program that allows selected members of select frequent flyer programs to receive expedited screening for domestic and select international itineraries.
Travelers who register in this program get just one background check and then can take trips across the United States without having to remove personal belongings or go through extensive security checks every time they travel.
An increasing number of travelers are enrolling for this service, especially during the pandemic, when nobody wants to spend a lot of time in line, surrounded by hundreds of people.
As mentioned by BleepingComputer, the TSA PreCheck needs to be renewed every five years, which costs members $70 (down from $85).
How Does the Scam Work?
Cybercriminals send victims emails notifying them that their TSA PreCheck membership is about to expire and prompt them to submit a renewal request by clicking on the link included in the email.
Then, the recipients are redirected to bogus renewal websites that seem authentic and also use convincing domain names such as:
- airportprescreen[.]com
- airportprescreening[.]com
- applyfornexuscard[.]com
- assist-gov[.]com
- applyglobaltraveler[.]com
- easynexusapplication[.]com
- fastpassapplication[.]com
- lowrisktraveler[.]com
- immigrationvisaforms[.]com
- travelauthorizationusa[.]com
The fact that they all use the ‘.com’ top-level domain adds credibility to the URL and increases the likelihood of successfully tricking a user.
Many of the fake websites observed by Abnormal Security include a disclaimer that states unequivocally that they cannot guarantee success with the renewal enrollment.
We are not the United States government or associated with it. There are no guarantees you will be granted a known traveler number by the government. We try to make sure everything is submitted correctly to eliminate rejections from submission errors.
While this may go unnoticed because few people read service disclaimers, the fact that PayPal is the only form of payment should be enough to tell that this is not a real website.
According to BleepingComputer, hackers ask for twice the regular fee, setting the renewal cost at $139.99 instead of the usual $70 price.
If you want to renew your TSA PreCheck, Clear, or Global Entry membership, don’t use search engines because you might end up clicking on a scam commercial.
Alternatively, go to the Homeland Security’s Trusted Traveler Programs website, which has the authentic URLs for all of the available travel programs.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.
