As we approach the 2021 holiday season, scammers are busy developing bigger and better ways to trick people into disclosing their personal information.

Cybersecurity expert Crane Hassold, who serves as Director of Threat Intelligence at Abnormal Security, warns of a new phishing email that poses as a TSA renewal notice. After prompting the user to complete what appears to be a genuine renewal process, it asks for a $140 fee through PayPal.  While many phishing campaigns have tells that are relatively easy to spot, this one is remarkably professional-looking, according to Hassold:

“The email itself looked pretty legitimate. All those spelling and grammatical errors that you would normally look for in a phishing email, they weren’t really there.”

Part of the reason for this false sense of authenticity is that there isn’t just one page associated with the scam: there is a full website that includes legitimate information. Hassold also said:

“The number of red flags that actually stood out here were actually pretty minimal. Which probably makes it a lot more difficult to detect and in my opinion probably has a pretty high success rate.”

According to Hassold, the holiday season usually marks an uptick in cyber scams, as people tend to be more preoccupied, completing more transactions and traveling more.

Staying safe online during the holiday season

So how can you keep yourself safe from scams like this one? Hassold offers a couple ways to verify an email’s authenticity: first, check to see if the domain appears legitimate. For instance, if a website purports to represent a government agency but ends in .com rather than .gov, that should tell you that something is not right. Also, if a site offers only a single payment option (as the TSA scam did), that should raise suspicion as well.