Мошенники используют QR-коды в SMS для кражи платежных данных под видом штрафов ГИБДД

Your phone buzzes. A text message pops up saying you have an outstanding traffic violation, and if you scan the attached QR code immediately, you can pay a $6.99 balance and avoid a court appearance.It looks official. It sounds urgent. And it is completely fake.Scammers are now targeting drivers across the U.S. with text messages that impersonate state courts, demanding payment for traffic violations that never happened. This campaign has already hit residents in New York, California, North Carolina, Illinois, Virginia, Texas, Connecticut and New Jersey, and it shows no signs of slowing down.Sign up for my FREE CyberGuy ReportPlus, you'll get instant access to my Ultimate Scam Survival Guide free when you join.FAKE SSA EMAIL ALERT: SPOT THIS SCAM FASTYou might remember the wave of smishing scams in 2025 that we reported on, which pretended to be from state toll agencies. Those texts pushed people toward phishing websites through direct links. This new variation takes a different approach, and a more convincing one.Instead of a plain text link, these messages include an image that looks like an official court notice. It carries formal language, official-sounding headings and a QR code embedded directly in the document. The shift from a clickable link to a scannable code makes it harder for automated security tools to flag the message as dangerous.One example Bleeping Computer shared claimed to be from the "Criminal Court of the City of New York." The notice warned that an unpaid parking or toll violation had entered the "formal enforcement stage" and demanded immediate payment, or else an in-person court appearance. Real courts communicate through official mail, not unsolicited text messages with QR codes.SAMSUNG MESSAGES ENDING? WHAT ANDROID OWNERS MUST KNOWScanning the QR code takes you to an intermediary page with a CAPTCHA. That step is intentional. Scammers use it to filter out security researchers and automated scanners so their phishing infrastructure stays under the radar longer.Once you complete the CAPTCHA, you land on a site designed to look like your state's DMV or another government agency. It presents an "unpaid balance," always $6.99 in every case documented so far. That suspiciously round number creates urgency without raising an immediate alarm.Clicking to pay takes you to a form that asks for your name, address, phone number, email address and credit card information. Everything you enter goes directly to the scammers. That data can fuel follow-on phishing attempts, identity theft, financial fraud or be sold outright to other bad actors.For reference, fake New York DMV sites in this campaign have used hostnames like "ny.gov-skd[.]org" or "ny.ofkhv[.]life," neither of which has anything to do with actual New York State government infrastructure.These scams are sophisticated enough to fool a lot of people, but a few smart habits can keep you well ahead of them.The most important thing you can do is also the simplest: do not scan QR codes from unknown senders. If a text arrives from a number you don't recognize and it asks you to scan something or make a payment, treat it as suspicious until proven otherwise. State agencies across the U.S. have made their position clear. They do not send text messages requesting personal information or payment details. If you genuinely owe a fine, you will receive official correspondence through the mail with verifiable contact information.Never enter credit card information on a site you reached through a QR code in a text message. Go directly to your state's official .gov website instead, type the address manually into your browser and look up your actual account status there. If a charge is legitimate, it will show up when you log in through the real site.GOOGLE SEARCH LED TO A COSTLY SCAM CALLStrong antivirus software adds a critical layer of protection that works even when you don't. A good security app can detect phishing attempts, flag malicious sites before you enter any information and alert you to threats that arrive through text or email. Make sure your antivirus is active and updated on every device you use to open links or scan QR codes. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.If your personal information has already been exposed through a scam like this one, a data removal service can help limit the damage. These services scan data broker databases and request the removal of your name, address, phone number and other personal details that scammers rely on to target you. It won't undo what happened, but it can reduce your exposure going forward and make it harder for bad actors to reach you again. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.This scam collects exactly the kind of information that makes identity theft possible: your name, address, phone number, email address and credit card details. An identity theft protection service monitors your accounts, credit file and personal information for suspicious activity and alerts you the moment something looks off. Some services also provide recovery assistance and insurance if your identity does get compromised, which can make an overwhelming situation a lot more manageable. See my tips and best picks on Best Identity Theft Protection at CyberGuy.com.If you already entered your payment information on one of these sites, contact your bank or credit card issuer immediately to dispute charges and request a new card number. Check your credit reports for any unusual activity and consider placing a fraud alert with one of the major credit bureaus.If you receive one of these texts, report it. Forward the message to 7726 (SPAM), which is the carrier reporting shortcut used across major U.S. networks. You can also file a complaint with the FTC at reportfraud.ftc.gov and alert your state's attorney general's office.This scam works because it exploits something real: the anxiety most people feel when a government notice shows up demanding action. The fake court language, the formal tone and the embedded QR code all contribute to an experience designed to short-circuit your skepticism. But the tells are there if you look. No legitimate court sends text message ultimatums with QR codes. No state DMV asks you to scan an image from a stranger's phone number to pay a $6.99 balance. When something feels urgent and slightly off, that combination is usually the scam talking.If a court could send you a text message threatening legal action for less than the cost of a coffee, and millions of people might actually pay it, what does that tell us about how little most of us actually trust ourselves to spot a scam in the moment? Let us know by writing to us at CyberGuy.com. Sign up for my FREE CyberGuy ReportCopyright 2026 CyberGuy.com. All rights reserved.