Cybercriminals have rolled out a new variant of traffic-violation scams, replacing suspicious links with QR codes to trick victims into handing over sensitive data.According to BleepingComputer, scammers are sending fake “Notice of Default” messages that appear to come from US state courts.These messages pressure recipients to act quickly by prompting them to scan a QR code to resolve an alleged violation.
This campaign builds on earlier toll and parking ticket scams, but with a more deceptive delivery method.Instead of clickable links, victims now receive an image of an official-looking notice containing a QR code, making the message appear more legitimate at first glance.Featured Partners Advertisement TechRepublic is able to offer our services for free because some vendors may pay us for web traffic or other sales opportunities.
Our mission is to help technology buyers make better purchasing decisions, so we provide you with information for all vendors — even those that don’t pay us.1 Semperis Visit Website Company Size Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Small (50-249 Employees), Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Small, Medium, Large, Enterprise Features Advanced Attacks Detection, Advanced Automation, Anywhere Recovery, and more 2 ManageEngine Log360 Visit Website Company Size Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Micro (0-49 Employees), Small (50-249 Employees), Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Micro, Small, Medium, Large, Enterprise Features Activity Monitoring, Blacklisting, Dashboard, and more 3 Astra Pentest Visit Website Company Size Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Dashboard, Vulnerability Scanning How the scam works The fraudulent messages typically claim there is an unpaid traffic violation that must be settled immediately.In one example shared with BleepingComputer, the message impersonates the Criminal Court of the City of New York and warns of legal consequences if payment is not made.
“This notice constitutes a final and urgent warning regarding an outstanding traffic violation involving your registered vehicle within the State of New York,” the fake notice reads, according to BleepingComputer.Once scanned, the QR code directs victims through multiple steps designed to avoid detection.Users are first taken to a CAPTCHA page to prove they are human, before being redirected to a phishing website that mimics official agencies like a DMV.
The final page requests personal and financial details under the guise of settling a small fee, typically $6.99.Security researchers say QR codes add a layer of deception that traditional phishing links lack.Scammers are adapting to user awareness as people have learned to distrust suspicious links, so attackers are embedding malicious URLs inside QR codes instead.
The use of images, official language, and small payment amounts is deliberate.It creates urgency while lowering suspicion, increasing the chances that victims will comply without verifying the request.Data theft beyond the payment While the fee itself is small, the real target is far more valuable: your data.
Victims who proceed are asked to provide personal details such as their name, address, phone number, and email, followed by credit card information.According to BleepingComputer, this data can then be used for identity theft, financial fraud, and follow-up phishing attacks.In some cases, fake domains closely resemble legitimate government sites but use misleading endings like “.org” or “.life” instead of “.gov.” Must-read security coverage UK Police Convicts Pair in £5.5 Billion Bitcoin Launder Case Blackpoint Cyber vs.
Arctic Wolf: Which MDR Solution is Right for You? How GitHub Is Securing the Software Supply Chain 8 Best Enterprise Password Managers How to stay safe Experts recommend treating QR codes in unsolicited messages with the same caution as suspicious links.Do not scan QR codes from unknown senders Be wary of urgent payment demands tied to legal threats Verify any violations directly through official government websites Check domain names carefully; legitimate agencies typically use “.gov” Contact your bank immediately if you suspect your data has been compromised State agencies have repeatedly emphasized, as reported by BleepingComputer, that they do not request payments or sensitive information via text messages.Also read: Meta’s new AI scam detection tools for Facebook, Messenger, and WhatsApp show how major platforms are trying to spot fraud before users get pulled in.
Subscribe to the Cybersecurity Insider Newsletter Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.Delivered every Monday, Tuesday and Thursday Subscribe to the Cybersecurity Insider Newsletter Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.Delivered every Monday, Tuesday and Thursday
Read More
