DIGITAL CONTENT CREATOR

There has been an increase in reports of individuals being duped after using Trusted Traveler programs such as TSA PreCheck, Global Entry, and NEXUS. The travelers claimed they were charged $140 and received nothing in exchange.

The first reports of the frauds surfaced in March 2021, and by July, cybercriminals were using Google Ads to advertise the bogus websites on Google Search and drive more traffic to them.

According to a research conducted by Abnormal Security, the scam campaign is still underway, and as we approach the holiday travel period, the odds of more people falling prey to them increase.

What Is TSA PreCheck?

According to Wikipedia, TSA PreCheck is a Trusted Traveler program that allows selected members of select frequent flyer programs to receive expedited screening for domestic and select international itineraries.

Travelers who register in this program get just one background check and then can take trips across the United States without having to remove personal belongings or go through extensive security checks every time they travel.

An increasing number of travelers are enrolling for this service, especially during the pandemic, when nobody wants to spend a lot of time in line, surrounded by hundreds of people.

As mentioned by BleepingComputer, the TSA PreCheck needs to be renewed every five years, which costs members $70 (down from $85).

How Does the Scam Work?

Cybercriminals send victims emails notifying them that their TSA PreCheck membership is about to expire and prompt them to submit a renewal request by clicking on the link included in the email.

Source

Then, the recipients are redirected to bogus renewal websites that seem authentic and also use convincing domain names such as:

  • airportprescreen[.]com
  • airportprescreening[.]com
  • applyfornexuscard[.]com
  • assist-gov[.]com
  • applyglobaltraveler[.]com
  • easynexusapplication[.]com
  • fastpassapplication[.]com
  • lowrisktraveler[.]com
  • immigrationvisaforms[.]com
  • travelauthorizationusa[.]com

The fact that they all use the ‘.com’ top-level domain adds credibility to the URL and increases the likelihood of successfully tricking a user.

Source

Many of the fake websites observed by Abnormal Security include a disclaimer that states unequivocally that they cannot guarantee success with the renewal enrollment.

We are not the United States government or associated with it. There are no guarantees you will be granted a known traveler number by the government. We try to make sure everything is submitted correctly to eliminate rejections from submission errors.

Source

While this may go unnoticed because few people read service disclaimers, the fact that PayPal is the only form of payment should be enough to tell that this is not a real website.

According to BleepingComputer, hackers ask for twice the regular fee, setting the renewal cost at $139.99 instead of the usual $70 price.

Source

If you want to renew your TSA PreCheck, Clear, or Global Entry membership, don’t use search engines because you might end up clicking on a scam commercial.

Alternatively, go to the Homeland Security’s Trusted Traveler Programs website, which has the authentic URLs for all of the available travel programs.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Google Ads Used for Stealing Credentials and Draining Accounts

Is PayPal Safe?

11+ PayPal Scams: How They Work and How to Protect Your Account

25 Travel Safety Tips (Digital Online Security and Offline Security)

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP