Phishing SMS Campaign Uses QR Codes to Impersonate State Courts, Targeting Drivers Across Multiple US States
What Happened — Scammers are sending fake “Notice of Default” text messages that appear to come from state courts. The messages contain an image with an embedded QR code; scanning the code leads victims to a multi‑stage phishing site that harvests personal and credit‑card data. The campaign has been reported in at least eight states, including New York, California, Texas and Illinois.
Why It Matters for TPRM —
- QR‑code phishing bypasses many traditional URL‑filtering solutions, increasing the chance of successful credential theft.
- The stolen data (PII and payment details) can be leveraged in downstream attacks against your vendors or customers.
- The multi‑state nature suggests a scalable operation that could target employees of third‑party providers.
Who Is Affected — Public sector agencies, financial services firms, and any organization whose employees may receive unsolicited SMS messages from unknown numbers.
Recommended Actions —
- Educate all workforce and third‑party staff to treat unexpected SMS payment requests as suspicious.
- Deploy mobile threat‑defense solutions that can detect QR‑code phishing payloads.
- Review SMS‑based authentication flows for susceptibility to social engineering.
Technical Notes — Attack vector: SMS phishing (SMiShing) with QR‑code redirection, CAPTCHA to evade automated analysis, and credential‑stealing web forms. No known CVE; data types exfiltrated include name, address, email, phone, and credit‑card information. Source: BleepingComputer