Scammers are texting drivers with fake court notices that look official but funnel victims through QR codes to phishing sites. This article explains how the scheme works, why QR codes and CAPTCHAs are being used, what personal data is at risk, and practical steps you can take right now to avoid getting burned.
It starts with a simple text: an urgent notice about an unpaid traffic fine and a QR code to “resolve” it for a small fee. The message is engineered to trigger anxiety and quick action, and the attached image is made to mimic real court paperwork so it feels legitimate at a glance. That pressure is the scam’s power.
Instead of a plain link, scammers embed a fake court page as an image that includes a QR code and formal-sounding headings. One circulated example even claims to be from the “Criminal Court of the City of New York.” Once you scan the code, the scam uses extra steps to weed out automated defenses. It looks polished because it was designed to be trusted.
After the QR code, you often land on an intermediary page with a CAPTCHA. That step is deliberate and clever. Scammers use the CAPTCHA to block automated scanners and security researchers, letting their phishing infrastructure stay hidden longer than a simple link would allow.
Complete the CAPTCHA and you reach a site that impersonates a state’s DMV or court payment portal and shows an “unpaid balance” of $6.99. The low, round number is intentional. It feels trivial enough that many people will pay without stopping to verify the claim, and that small charge keeps fraudsters under the radar while still harvesting payment info.
The payment form asks for name, address, phone number, email and credit card details, and anything you type goes straight to criminals. That data fuels further phishing, identity theft and financial fraud, or it can be sold to other bad actors. Fake hostnames documented in this campaign have included strings like ny.gov-skd[.]org and ny.ofkhv[.]life, which are nothing like real government domains.
There are simple habits that cut the scam off cold. Never scan a QR code sent by an unknown number, and treat unsolicited texts demanding payment as suspicious. If you think you actually owe a fine, look up the agency manually by typing the official government site address into your browser and check your account there. Official agencies will usually communicate via mail or through verified, established channels.
Don’t enter credit card information on a site you reached by scanning a random image in a text. Instead, call the agency using a number you find on their verified website or on official correspondence. Use strong antivirus software on phones and computers so malicious pages get flagged before you hand over anything sensitive.
If you already submitted payment details, contact your bank or card issuer immediately to dispute charges and request a replacement card. Monitor your credit reports for odd activity and consider placing a fraud alert. You can also reduce future exposure by using services that request removal of your personal details from data broker lists.
Report suspicious texts when they arrive. Forward spammy messages to 7726, the carrier spam-reporting shortcut used by major networks, and file a complaint with consumer protection authorities. The scam works because it exploits stress and a believable format, so pause and verify before you act whenever a message tries to make you move fast.
