There has been a surge in reports of people getting scammed after visiting TSA PreCheck, Global Entry, and NEXUS application service sites, being charged $140 only to get nothing in return.
Reports about these scams first appeared in March 2021, and by July, threat actors were abusing Google Ads to promote the fake sites on Google Search and increase their traffic.
A report by Abnormal Security confirms that the scams are still ongoing, and as we’re heading to the Christmas travel season, the chances of more people falling victim to them multiply.
TSA PreCheck is a program that allows people to pass through a quicker and easier screening process at the airport.
People who enroll in the program receive a background check once and can then travel across the US without removing personal items or going through vigorous checks each time they fly.
Especially during the pandemic, when people seek to spend the minimum amount of time in crowded places, there’s an increasing number of travelers who sign up for this program.
The TSA PreCheck needs to be renewed every five years, which costs members $70 (down from $85).
Sending out renewal reminders
Threat actors are sending people emails that inform them of the imminent expiration of their TSA PreCheck membership, and urge them to submit a renewal application by following the embedded URL.
Source: Abnormal Security
These emails take the victim to fake renewal sites that were made to appear legitimate and also use convincing domain names such as:
- airportprescreen[.]com
- airportprescreening[.]com
- applyfornexuscard[.]com
- assist-gov[.]com
- applyglobaltraveler[.]com
- easynexusapplication[.]com
- fastpassapplication[.]com
- lowrisktraveler[.]com
- immigrationvisaforms[.]com
- travelauthorizationusa[.]com
All of them use the ‘.com’ top-level domain, which adds more weight to the legitimacy of the URL and increases the chances of successfully scamming a visitor.
Source: Abnormal Security
Interestingly, several of the scam sites seen by Abnormal Security include a disclaimer that more or less makes it clear that they don’t guarantee any success with the renewal registration.
“We are not the United States government or associated with it. There are no guarantees you will be granted a known traveler number by the government. We try to make sure everything is submitted correctly to eliminate rejections from submission errors.”
While this can be easily missed as not many people read service disclaimers, PayPal being the only available payment method, should indicate that this is not a legitimate site.
Even worse, the threat actors charge twice the regular fee, setting the renewal cost at $139.99 compared to the standard $70 price.
Source: Abnormal Securty
For those looking to apply or renew for a TSA PreCheck, Clear, or Global Entry membership, it is strongly advised that you do not search for the URL in search engines as you may click on a scam advertisement.
Instead, visit the Homeland Security’s Trusted Traveler Programs page, which contains the legitimate URLs for all available travel programs.
Source: www.bleepingcomputer.com