QR code traffic violation scams surge across United States

Cybercriminals have evolved their traffic violation phishing campaigns to incorporate QR codes, sending fraudulent text messages impersonating state court systems that direct recipients to malicious websites. The scams, which use urgent language about unpaid fines or license suspensions, have been reported across multiple states with messages tailored to local jurisdiction names and court formats. Security researchers at BleepingComputer identified the campaign shift as a response to improved detection of traditional malicious links, with QR codes bypassing some automated security filters and exploiting user familiarity with legitimate contactless payment systems. Victims who scan the codes are directed to credential-harvesting sites designed to steal personal information, payment details, or in some cases deploy mobile malware. The Federal Trade Commission and state attorneys general have issued warnings about the tactic, noting that legitimate traffic enforcement agencies do not initiate contact via unsolicited text messages or demand immediate payment through QR codes. Cybersecurity experts recommend recipients verify any alleged violations directly through official government websites rather than engaging with unsolicited communications.