A new wave of sophisticated phishing scams is targeting drivers across the United States, moving away from traditional malicious links and toward QR code-based deception. This evolution marks a significant shift in how cybercriminals bypass security filters to steal sensitive personal and financial data.

The New Tactic: From Links to QR Codes

While previous phishing attempts relied on suspicious URLs that many security programs are trained to flag, this latest iteration uses a more deceptive method. Victims receive a text message claiming to be a “final notice” for an unpaid traffic violation.

To make the scam appear legitimate, the messages include:
Fake Official Notices: An image of a court document written in convincing legal jargon.
Urgency Tactics: Claims that the violation has entered a “formal enforcement stage.”
QR Codes: Instead of a clickable link, users are instructed to scan a QR code to settle their debt.

A key detail in these messages is the requested amount: $6.99. By keeping the fine low, scammers lower the victim’s psychological guard, making the transaction seem trivial enough to complete without deep scrutiny.

Why This Evolution Matters

The shift to QR codes is a calculated move to evade detection. Traditional security software is highly effective at scanning text for malicious links; however, it is much more difficult for automated systems to “read” and analyze the destination of an image-based QR code within a text message.

Furthermore, the inclusion of a CAPTCHA requirement after scanning the code serves two purposes:
1. It adds a layer of perceived legitimacy, making the site feel like a secure government portal.
2. It creates a hurdle for automated security bots that attempt to crawl and analyze the fraudulent website.

Once a victim completes the process, they are directed to a fake DMV website designed to harvest names, addresses, phone numbers, and credit card details. This data is then used for identity theft or sold on criminal marketplaces.

Geographic Reach and Official Warnings

The scam is not localized to a single region but is spreading across multiple states. Reports indicate active campaigns in:
California, Connecticut, Illinois, New Jersey, North Carolina, Virginia, and Texas.
– Evidence also suggests targeting in Georgia.

Government agencies have been quick to respond. The Illinois Department of Transportation, as well as DMV agencies in New York, have reiterated a vital truth: State agencies do not use text messages to collect payments or request personal information. Most official notices regarding traffic violations and fines are delivered via physical mail.

How to Protect Yourself

As scammers become more visually convincing, the most effective defense remains skepticism. If you receive an unsolicited text regarding a fine or legal matter:

  1. Do not scan the QR code or click any links.
  2. Do not provide any personal or financial information.
  3. Verify independently. If you are concerned about a legitimate fine, contact your local traffic court or state DMV directly through their official website or phone number.
  4. Report the incident. You can report phishing attempts to the FTC or the FBI’s Internet Crime Complaint Center (IC3).

Summary: Scammers are bypassing digital security by using QR codes and low-cost “fines” to trick drivers into revealing sensitive data. Always verify traffic violations through official mail or direct contact with the DMV rather than responding to text messages.

СТАТТІ ПО ТЕМІБІЛЬШЕ ВІД АВТОРА