Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Fake TSA PreCheck Sites Scam US Travelers With Fake Renewals

Fake TSA PreCheck Sites Scam US Travelers With Fake Renewals

There has been a surge in reports of people getting scammed after visiting TSA PreCheck, Global Entry, and NEXUS application service sites, being charged $140 only to get nothing in return.

Reports about these scams first appeared in March 2021, and by July, threat actors were abusing Google Ads to promote the fake sites on Google Search and increase their traffic.

A report by Abnormal Security confirms that the scams are still ongoing, and as we’re heading to the Christmas travel season, the chances of more people falling victim to them multiply.

Also Read: How Does Ransomware Work? Examples and Defense Tips

TSA PreCheck is a program that allows people to pass through a quicker and easier screening process at the airport.

People who enroll in the program receive a background check once and can then travel across the US without removing personal items or going through vigorous checks each time they fly.

Especially during the pandemic, when people seek to spend the minimum amount of time in crowded places, there’s an increasing number of travelers who sign up for this program.

The TSA PreCheck needs to be renewed every five years, which costs members $70 (down from $85).

Sending out renewal reminders

Threat actors are sending people emails that inform them of the imminent expiration of their TSA PreCheck membership, and urge them to submit a renewal application by following the embedded URL.

Renewal reminder email
Renewal reminder email
Source: Abnormal Security

These emails take the victim to fake renewal sites that were made to appear legitimate and also use convincing domain names such as:

  • airportprescreen[.]com
  • airportprescreening[.]com
  • applyfornexuscard[.]com
  • assist-gov[.]com
  • applyglobaltraveler[.]com
  • easynexusapplication[.]com
  • fastpassapplication[.]com
  • lowrisktraveler[.]com
  • immigrationvisaforms[.]com
  • travelauthorizationusa[.]com

All of them use the ‘.com’ top-level domain, which adds more weight to the legitimacy of the URL and increases the chances of successfully scamming a visitor.

Also Read: How to Choose the Best Penetration Testing Vendor

One of the scam sites
One of the scam TSA PreCheck sites
Source: Abnormal Security

Interestingly, several of the scam sites seen by Abnormal Security include a disclaimer that more or less makes it clear that they don’t guarantee any success with the renewal registration.

“We are not the United States government or associated with it. There are no guarantees you will be granted a known traveler number by the government. We try to make sure everything is submitted correctly to eliminate rejections from submission errors.”

While this can be easily missed as not many people read service disclaimers, PayPal being the only available payment method, should indicate that this is not a legitimate site.

Even worse, the threat actors charge twice the regular fee, setting the renewal cost at $139.99 compared to the standard $70 price.

Payment portal on the site
Payment portal on the site
Source: Abnormal Securty

For those looking to apply or renew for a TSA PreCheck, Clear, or Global Entry membership, it is strongly advised that you do not search for the URL in search engines as you may click on a scam advertisement.

Instead, visit the Homeland Security’s Trusted Traveler Programs page, which contains the legitimate URLs for all available travel programs.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us