Fake TSA PreCheck / Global Entry renewal phishing — non-government sender impersonates TSA, CBP, or the Trusted Traveler Program claiming membership has expired or been suspended and demands a $78–$100 renewal fee plus passport number and date of birth on a fraudulent portal

Phishing emails impersonating TSA, U.S. Customs and Border Protection (CBP), or the Trusted Traveler Program (TTP) claiming the victim's TSA PreCheck, Global Entry, or NEXUS membership has expired, been suspended, or requires a background check renewal. The email directs victims to a fraudulent portal to pay a $78–$100 "renewal fee" and submit sensitive PII — passport number, date of birth, and payment card details. Key facts: (1) FTC advisory (February 2024): fake TSA PreCheck renewal phishing surged 300% in 12 months, targeting the 18+ million active PreCheck members; (2) The U.S. government NEVER collects travel document fees or renewal payments via links in unsolicited emails — all legitimate TSA PreCheck and Global Entry renewal is done exclusively through the official Trusted Traveler Programs portal at ttp.cbp.dhs.gov or through approved enrollment providers (IDEMIA, Telos); (3) Real TSA/CBP communications come from @dhs.gov, @tsa.gov, or @cbp.gov domains — any other domain is fraudulent; (4) The combination of payment card data + passport number + date of birth enables comprehensive identity theft, not just financial fraud. Warning signs: non-.gov sender domain, renewal fee payment link in email, request for passport number or date of birth, urgency framing ("deactivated," "suspended," "expires in 30 days").