US regulators order banks to report cyberattacks within 36 hours
Hackers deploy Linux malware, web skimmer on e-commerce servers
Six million Sky routers exposed to takeover attacks for 17 months
Microsoft: Windows Installer breaks apps after updates, repairs
Enhance your career with courses that focus on Microsoft Azure
The Week in Ransomware – November 19th 2021 – Targeting Conti
Some Tesla owners unable to unlock cars due to server errors
Emotet botnet comeback orchestrated by Conti ransomware gang
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
There has been a surge in reports of people getting scammed after visiting TSA PreCheck, Global Entry, and NEXUS application service sites, being charged $140 only to get nothing in return.
Reports about these scams first appeared in March 2021, and by July, threat actors were abusing Google Ads to promote the fake sites on Google Search and increase their traffic.
A report by Abnormal Security confirms that the scams are still ongoing, and as we’re heading to the Christmas travel season, the chances of more people falling victim to them multiply.
TSA PreCheck is a program that allows people to pass through a quicker and easier screening process at the airport.
People who enroll in the program receive a background check once and can then travel across the US without removing personal items or going through vigorous checks each time they fly.
Especially during the pandemic, when people seek to spend the minimum amount of time in crowded places, there’s an increasing number of travelers who sign up for this program.
The TSA PreCheck needs to be renewed every five years, which costs members $70 (down from $85).
Threat actors are sending people emails that inform them of the imminent expiration of their TSA PreCheck membership, and urge them to submit a renewal application by following the embedded URL.
These emails take the victim to fake renewal sites that were made to appear legitimate and also use convincing domain names such as:
All of them use the ‘.com’ top-level domain, which adds more weight to the legitimacy of the URL and increases the chances of successfully scamming a visitor.
Interestingly, several of the scam sites seen by Abnormal Security include a disclaimer that more or less makes it clear that they don’t guarantee any success with the renewal registration.
“We are not the United States government or associated with it. There are no guarantees you will be granted a known traveler number by the government. We try to make sure everything is submitted correctly to eliminate rejections from submission errors.”
While this can be easily missed as not many people read service disclaimers, PayPal being the only available payment method, should indicate that this is not a legitimate site.
Even worse, the threat actors charge twice the regular fee, setting the renewal cost at $139.99 compared to the standard $70 price.
For those looking to apply or renew for a TSA PreCheck, Clear, or Global Entry membership, it is strongly advised that you do not search for the URL in search engines as you may click on a scam advertisement.
Instead, visit the Homeland Security’s Trusted Traveler Programs page, which contains the legitimate URLs for all available travel programs.
Microsoft: Iran-linked hackers target US defense tech companies
US regulators order banks to report cyberattacks within 36 hours
US, UK warn of Iranian hackers exploiting Microsoft Exchange, Fortinet
Most SS7 exploit service providers on dark web are scammers
TikTok phishing threatens to delete influencers’ accounts
Not a member yet? Register Now
Winamp prepares a relaunch, new beta version almost ready
Hackers deploy Linux malware, web skimmer on e-commerce servers
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Facebook deletes 1 billion faceprints in Face Recognition shutdown

FBI: Ransomware targets companies during mergers and acquisitionsMicrosoft Defender for Windows is…

EwDoor botnet targets AT&T network edge devices at US firms

FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangsEwDoor botnet targets…

Fujitsu pins Japanese govt data breach on stolen ProjectWEB accounts

Emotet now drops Cobalt Strike, fast forwards ransomware attacksSonicWall ‘strongly urges’ customers…

Attackers can get root by crashing Ubuntu’s AccountsService

Attackers can get root by crashing Ubuntu’s AccountsServiceAttackers can get root by…