SouthernWorldwide.com – Scammers are employing a sophisticated new tactic to steal payment information from unsuspecting individuals across the United States. This latest scheme involves sending fake text messages that impersonate official court notices, urging recipients to pay non-existent traffic violations via QR codes.
These deceptive messages often appear to be from state courts and claim there’s an outstanding traffic violation. They then present a QR code, promising that scanning it will allow immediate payment of a small balance, typically $6.99, thereby avoiding a court appearance.
The messages are designed to look official and convey a sense of urgency. However, they are entirely fraudulent. Residents in several states, including New York, California, North Carolina, Illinois, Virginia, Texas, Connecticut, and New Jersey, have already been targeted by this widespread campaign, which shows no signs of abating.
This new method is a variation on previous “smishing” scams, like those reported in 2025 that mimicked state toll agencies. Unlike earlier scams that relied on direct links to phishing websites, this current approach uses an embedded QR code within an image that resembles an official court document.
The use of a QR code makes it more challenging for automated security systems to detect the malicious nature of the message. The embedded image often features formal language and official-sounding headings, further enhancing its credibility.
One example, shared by Bleeping Computer, purported to be from the “Criminal Court of the City of New York.” It warned of an unpaid parking or toll violation that had entered the “formal enforcement stage” and demanded immediate payment to avoid an in-person court appearance. It’s crucial to remember that real courts typically communicate through official mail, not unsolicited text messages containing QR codes.
When a victim scans the QR code, they are directed to an intermediary page that includes a CAPTCHA. This step is a deliberate measure by the scammers to filter out security researchers and automated scanners, helping to keep their phishing infrastructure hidden for longer.
After successfully completing the CAPTCHA, users are taken to a website designed to look like their state’s Department of Motor Vehicles (DMV) or another government agency. This fake site then presents an “unpaid balance,” consistently reported as $6.99 in all documented cases. This suspiciously precise amount is intended to create urgency without immediately raising suspicion.
Clicking on the payment option leads to a form requesting personal details such as name, address, phone number, email address, and credit card information. All the data entered is directly sent to the scammers.
This stolen information can be used for various malicious purposes. It can fuel further phishing attempts, lead to identity theft, facilitate financial fraud, or be sold to other malicious actors in the underground economy.
Read more : Pediatricians Advocate for Increased Recess Time for Children
For instance, fake New York DMV sites observed in this campaign have used hostnames like “ny.gov-skd[.]org” or “ny.ofkhv[.]life.” Neither of these domains has any affiliation with actual New York state government infrastructure.
While these scams are designed to be highly convincing, adopting a few simple yet effective habits can significantly protect individuals from falling victim.
The most critical and straightforward protective measure is to avoid scanning QR codes from unknown senders. If a text message arrives from an unrecognized number and requests you to scan something or make a payment, it should be treated as suspicious until proven otherwise.
Government agencies across the U.S. have consistently stated that they do not send text messages requesting personal information or payment details. Legitimate fines or violations are typically communicated through official mail, which includes verifiable contact information.
It is imperative never to enter credit card information on a website accessed through a QR code in a text message. Instead, individuals should navigate directly to their state’s official .gov website by manually typing the address into their browser.
Once on the official site, users can check their actual account status. If a charge or violation is legitimate, it will be reflected when logging in through the authentic government portal.
Installing robust antivirus software provides an essential layer of defense that operates even when users are not actively vigilant. A reputable security application can identify phishing attempts, flag potentially malicious websites before any information is entered, and alert users to threats received via text or email.
Ensuring that antivirus software is active and consistently updated on all devices used for accessing links or scanning QR codes is crucial for maintaining this protection.
For individuals whose personal information may have already been compromised by such scams, utilizing a data removal service can help mitigate the damage. These services scan data broker databases and submit requests to remove personal details like names, addresses, and phone numbers that scammers often exploit.
While these services cannot reverse past incidents, they can reduce future exposure and make it more difficult for malicious actors to target individuals. Checking for top-rated data removal services and obtaining a free scan can help determine if personal information is already available online.
This particular scam collects the exact type of information that enables identity theft: name, address, phone number, email address, and credit card details. Identity theft protection services monitor accounts, credit files, and personal information for any suspicious activity, issuing alerts immediately if any irregularities are detected.
Some services also offer recovery assistance and insurance in the event of identity compromise, which can significantly ease the burden of managing such a complex situation.
If personal payment information has been entered on one of these fraudulent sites, it is essential to contact the bank or credit card issuer immediately. This should be done to dispute the charges and request a new card number to prevent further unauthorized transactions.
Checking credit reports for any unusual activity and considering placing a fraud alert with one of the major credit bureaus are also recommended steps.
If you receive one of these deceptive text messages, reporting it is vital. Forwarding the message to 7726 (SPAM) is a carrier reporting shortcut used by major U.S. networks. Additionally, filing a complaint with the Federal Trade Commission (FTC) at reportfraud.ftc.gov and alerting your state’s attorney general’s office can help authorities track and combat these scams.
The effectiveness of this scam stems from its exploitation of a common human emotion: anxiety, particularly when faced with what appears to be a government notice demanding immediate action. The fake court language, formal tone, and embedded QR code are all carefully crafted to bypass skepticism.
However, the indicators of a scam are present if one looks closely. No legitimate court sends text message ultimatums with QR codes. No state DMV requires users to scan an image from an unknown phone number to pay a small balance like $6.99.
When a situation feels both urgent and slightly suspicious, it is often a strong sign that a scam is in progress. The reliance on the perceived urgency and the low cost can make people less likely to question the legitimacy of the request.
If a court were to text you with a threat of legal action for less than the price of a coffee, and millions might actually pay it, it raises questions about how readily people trust their ability to identify scams in the moment. Sharing your thoughts on this matter can be done by writing to CyberGuy.com.
Copyright 2026 CyberGuy.com. All rights reserved.
