Doing one of the best jobs impersonating a website ever seen, this new scam attempts to take those renewing or initially signing up through a believable process that most would fall for.
Most of the time, impersonation scams take you to a “website” that’s more than a single web page designed to look like the logon page of the impersonated brand. But a new scam centered around registering for or renewing with TSA PreCheck takes the impersonation website to an entirely new level.
According to security researchers at Abnormal Security, this new scam starts out as wonky as most phishing scams with an email that doesn’t quite feel like it’s really from the TSA:
Source: Abnormal Security
But where it gets interesting is when potential victims click the link and are taken to a pretty believable TSA registration site:
Source: Abnormal Security
According to Abnormal Security, the scammer went through the trouble of not just collecting the salient personal details they can misuse later, but went as far as to ask nearly all the same questions found in the actual application. And unlike most scams, they are attempting to take your credit card where payment is solicited for up front. This scam takes “payment” when it normally would – at the end of the process.
This scam is one of the reasons KnowBe4 exists – to educate users through effective Security Awareness Training so they won’t be fooled by these kinds of scams. The sender email address and email copy are dead giveaways – something well-trained users will spot a mile away, avoiding the scam all together.