Scammers are deploying a new variant of toll violation and unpaid parking ticket scams, sending fake "Notice of Default" traffic violation text messages that impersonate state courts across the U.S. This campaign pressures recipients to scan a QR code, which redirects to a phishing site demanding a $6.99 payment while stealing personal and financial information. This is a variation of the widely sent toll violation and unpaid parking ticket scams that users received previously, which claimed to be from state toll agencies. ### Campaign Details This new campaign started a few weeks ago. Reports have surfaced from residents of New York, California, North Carolina, Illinois, Virginia, Texas, Connecticut, and New Jersey. Unlike previous campaigns that included a text message with direct links to phishing sites, this new variation includes an image of an alleged court notice with an embedded QR code. "This notice constitutes a final and urgent warning regarding an outstanding traffic violation involving your registered vehicle within the State of New York," reads the fake court notice, adding that "This matter has now entered the formal enforcement stage."  The text message shared with **BleepingComputer** claims to be from the "Criminal Court of the City of New York", stating that there is an unpaid parking or toll violation that must be paid immediately or the person must appear in court. Included are instructions to scan a QR code to settle the unpaid balances. ### Phishing Tactics Scanning the QR code redirects the target to an intermediary site that first prompts them to solve a CAPTCHA to prove they are human. The use of QR codes and CAPTCHAs is designed to make it harder for automated security software and researchers to analyze the phishing campaign. Solving the CAPTCHA redirects you to another phishing site that impersonates the state's DMV or another agency, claiming there is an unpaid toll or parking ticket. In all examples seen, this outstanding balance is $6.99. For example, phishing sites that impersonate the New York DMV use the hostname "ny.gov-skd[.]org" or "ny.ofkhv[.]life".  Clicking continue will take you to a page where you can enter your personal and credit card information to pay the alleged charge. This form is used to steal your data, including your name, address, phone number, email address, and credit card information. ### Risks and Mitigation This stolen information can be used for a wide variety of malicious activities, including follow-on phishing attacks, financial fraud, identity theft, and the sale of your data to other threat actors. As a general rule, if you receive a text from an unknown phone number or email address requesting payment of a bill, ignore it. State agencies have repeatedly stated in response to these scams that they do not use text messages requesting personal information or payment information.