Nationwide Court Impersonation Scam Targets US Drivers
Cybercriminals launched a sophisticated SMS phishing campaign on April 5, 2026, impersonating state court systems across the United States to target drivers with fake traffic violation notices. The scammers send text messages claiming recipients have outstanding traffic violations that require immediate payment to avoid legal consequences.
The fraudulent messages arrive with subject lines like "Notice of Default" and appear to originate from legitimate court systems. Recipients receive texts stating they have unpaid traffic citations and must scan an embedded QR code to resolve the matter immediately. The messages create urgency by threatening additional penalties or legal action if payment isn't made promptly.
Security researchers identified the campaign targeting drivers in multiple states simultaneously, suggesting a coordinated effort by organized cybercriminals. The QR codes embedded in these messages redirect victims to convincing replica websites that mimic official court payment portals. These phishing sites are designed to capture both personal identification information and financial data when victims attempt to pay the fake fines.
The scam exploits common anxiety around traffic violations and legal consequences to pressure victims into quick action without verification. Cybercriminals understand that most people want to resolve potential legal issues immediately, making this social engineering tactic particularly effective. The use of QR codes adds a layer of obfuscation, as recipients can't easily preview the destination URL before scanning.
Law enforcement agencies across affected states have begun issuing warnings about the campaign after receiving multiple reports from concerned citizens. The Cybersecurity and Infrastructure Security Agency has added this threat pattern to their ongoing monitoring of SMS-based attacks targeting US infrastructure and citizens.
Scope and Target Demographics of the Court Scam
The phishing campaign affects drivers across all US states, with cybercriminals sending messages that reference local court systems to increase credibility. Victims include anyone with a mobile phone number, as the attackers appear to be using purchased contact databases rather than targeting specific demographics. The scam particularly impacts older adults who may be less familiar with digital security practices and more likely to trust official-looking communications.
Small business owners and fleet managers represent high-value targets, as they often manage multiple vehicles and may have legitimate concerns about outstanding citations. The attackers craft messages that reference common traffic violations like speeding, parking infractions, and registration issues that most drivers have experienced at some point.
Financial institutions report that victims who fall for the scam typically lose the initial $6.99 payment plus face additional fraudulent charges as criminals use the captured payment information for further theft. Credit monitoring services have detected increased identity theft attempts following successful phishing attacks, indicating the criminals harvest comprehensive personal data beyond just payment details.
The geographic spread suggests attackers are using automated systems to customize messages with local court names and jurisdictions, making the scam appear more legitimate to recipients in each area. This localization technique significantly increases the success rate compared to generic phishing attempts.
Technical Analysis and Protection Measures
The QR codes in these fraudulent messages redirect to domains that closely mimic legitimate court websites, using similar color schemes, logos, and layout designs. Security analysis reveals the phishing sites employ SSL certificates to appear trustworthy, though they're hosted on compromised or newly registered domains that won't appear in official court records.
To protect against this threat, users should never scan QR codes from unsolicited text messages claiming legal or financial urgency. Instead, independently verify any traffic violation claims by directly contacting the relevant court system using official phone numbers found through government websites. Legitimate courts typically send violation notices through postal mail, not SMS messages with QR codes.
IT administrators should implement SMS filtering solutions that can detect and block messages containing suspicious QR codes or court-related phishing keywords. Organizations managing fleet vehicles should educate drivers about this specific threat and establish clear protocols for handling traffic violation notices that require verification through official channels only.
Mobile device users can enable additional security by disabling automatic QR code scanning in their camera applications and using dedicated QR scanner apps that preview URLs before opening them. Financial institutions recommend monitoring credit reports and bank statements closely for unauthorized activity if anyone suspects they may have fallen victim to this scam.
The Microsoft Security Response Center advises organizations to include SMS phishing awareness in their security training programs, as these attacks increasingly target mobile devices that may lack the same security protections as corporate computers.
