Traffic Violation Scam Texts Now Use QR Codes to Bypass Security Filters and Steal Pa

[harlan4096]

A phishing campaign is targeting residents across multiple US states with fake traffic violation notices delivered by text message, using embedded QR codes to direct victims to sites that steal personal and financial information. The campaign has been reported in New York, California, North Carolina, Illinois, Virginia, Texas, Connecticut, and New Jersey.

The texts include an image of a fabricated court notice rather than a plain link, a change from the toll and parking violation scam texts that circulated widely in 2025. The image format and embedded QR code are used to make the phishing infrastructure harder for automated security tools and researchers to detect and analyze.

How the Traffic Violation QR Code Scam Operates

The fake notices impersonate state courts, with one example claiming to be from the "Criminal Court of the City of New York." The message states that an unpaid parking or toll violation has entered formal enforcement and instructs the recipient to scan a QR code to settle the balance.

Scanning the QR code leads to an intermediary page requiring a CAPTCHA to proceed. Completing the CAPTCHA redirects to a second site impersonating a state DMV or related agency. In all examples reviewed by BleepingComputer, the stated outstanding balance is $6.99.

Phishing sites impersonating the New York DMV have used hostnames including "ny.gov-skd[.]org" and "ny.ofkhv[.]life."

Proceeding past the balance screen presents a form requesting name, address, phone number, email address, and credit card details. That data is collected by the attacker and can be used for financial fraud, identity theft, follow-on phishing, or sale to other threat actors.

Continue Reading...