Show Crane Hassold a typical cyber criminal, and he’ll show you someone who is inherently lazy. “As long as the return on investment is good enough, they’re going to put in as little effort as they possibly can,” he says.

That’s why a particularly enterprising phishing scam targeting U.S. travelers ahead of the holiday season has jumped out at him. It works like this: You receive an email from what looks like the Transportation Security Administration, encouraging you to renew your TSA PreCheck membership. You’re grateful for the reminder. The holidays are coming, and you’re worried about long lines at the airport. Besides, you can’t remember the last time you renewed your PreCheck membership. A link in the email leads to an official-looking domain, where you take a few minutes to fill out a form with your personal information and then you make a payment. Unfortunately, the site is run by a scammer in Bulgaria, who now has both your money and your personal information.

What’s really interesting about this is clearly the amount of time that was spent to actually create not only the email, but also the full website itself,” says Hassold, Director of Threat Intelligence at Abnormal Security, a cloud email security platform. “Usually when we see phishing attacks, it’s pretty clear that the scammers…

Read more…