As soon as people start to get to grips with a certain type of scam, criminals deploy new tactics to keep stealing money.  Now people have learned to distrust links in text messages, scammers have changed the bait, and in 2026 the “new link” is often a QR code tucked inside a fake notice.

The latest twist on the old unpaid toll and traffic violation scams is especially sneaky because it looks more official than a simple message with a URL. Instead of a plain link, victims get an image of a court or agency notice and are told to scan the QR code to pay a fairly small fine.

That small fee is part of the trick. It feels cheap enough to pay quickly, which is exactly why the scam works. These criminals don’t want you to think too hard about it.

The basic script elements in these newer campaigns are the same. Urgency, authority, and a tiny payment designed to bypass caution.

BleepingComputer reported how recipients were told they had an outstanding traffic violation and needed to act immediately, while Cyber Safety Watchdog highlighted the evolution of the toll scam.

Whether the message mentions tolls, parking, or traffic violations, the important part is that it impersonates a government authority and rushes the target into a fast decision without taking the time to verify anything.

Why QR codes help scammers

QR codes provide scammers with an extra layer of obfuscation. Instead of a visible text link, the victim is nudged to scan a code embedded in an image, which lowers the odds of immediate scrutiny.

Scammers know that people have been trained to spot obvious links, suspicious domains, and poorly written emails. So they move the malicious content into images, notices, and QR codes, then wrap the whole thing in the language of official enforcement.

In the campaign described by BleepingComputer, the QR code first sent victims to an intermediary site that served a CAPTCHA challenge, then redirected them to a phishing page impersonating the Department of Motor Vehicles or a similar state agency.

That extra CAPTCHA step is there to slow down any automated analysis.  The end goal is to impersonate a trusted institution, create urgency, attach a small fee, and steal the personal and financial data at the payment screen.

In both campaigns, the fake sites ask for names, addresses, phone numbers, email addresses, and credit card details. Once that data is entered, the scam can continue as identity theft, card fraud, and the data can be resold to other criminals for further fraud.

The impact of scams is huge

The FBI’s 2025 IC3 Annual Report makes it clear that scam operations are not a sideshow; they are the main event. IC3 received over a million complaints in 2025, and reported losses topped $20.8 billion.

Phishing and spoofing alone accounted for nearly 200,000 complaints, while government impersonation reached 32,424 complaints and nearly $800 million in reported losses.

Those numbers matter because the toll scam sits squarely inside the same ecosystem as phishing, impersonation, and payment fraud. It is not an isolated nuisance. It is a clear sign that cyber-enabled fraud is part of a wider ring of organized crime.

How to stay safe

Scammers are adapting to our habits faster than people expect. Every time a defense becomes widely known, criminals adjust the format slightly.

That is why these messages should be treated with the same suspicion as any other unsolicited demand for money. 

• Check the phone number that the text message comes from. Some scams were easy to dismiss because they came from telephone numbers outside the US.
• Look for the actual site that handles the alleged violation and compare the domain name. Sometimes there is only a small difference, so inspect it carefully.
• If you think the violation is feasible because you have indeed travelled in the area, check on the official toll service’s website or call their customer service number.
• If you decided to pay, check you received confirmation of payment. Official agencies will send confirmation after collecting payments. If you don’t receive that, call them to check and take appropriate action if you think you paid scammers. Contact your bank straight away, and the FBI Internet Crime Complaint Center at ic3.gov. Be sure to include the phone number from where the text originated, and the website listed within the text.
• Never interact with the scammer in any way. Every reaction provides them with information, even if it’s only that the phone number is in use.
• If you receive a suspicious message, Scam Guard can help you identify whether a text, email, or other communications is a scam and guide you through the process.
• Use up-to-date, real-time anti-malware protection, which will block known malicious domains.
  

---

Let’s face it, an incognito window can only do so much. Breaches, dark web trading, credit fraud. Malwarebytes Identity Theft Protection monitors for all of it, alerts you fast, and comes with identity theft insurance.