What Happened

Recently, a significant phishing scam has been targeting individuals across the United States. Scammers impersonated various state courts and sent out fraudulent “Notice of Default” text messages to numerous recipients. These messages falsely claimed the recipients had outstanding traffic violations, and urgently encouraged them to remedy the situation.

The attack was reported to have begun around early September 2023. The text messages instructed individuals to scan a QR code embedded in the message. Upon scanning, users were redirected to a counterfeit website posing as an official state court page, which asked for a payment of $6.99 purportedly related to the bogus traffic violation.

Technical Details

The scam utilized text messages to distribute its payload, leveraging social engineering tactics to create a sense of urgency and legitimacy. The fake texts impersonated state court notices and prominently displayed a QR code to facilitate easy redirection to the malicious site.

Once a QR code was scanned, the user was taken to a phishing site that mimicked an official court website. The phishing page was sophisticated, capturing not only the victims' payment details but also personal information such as name, address, and social security number. These actions collectively resulted in both financial theft and identity theft opportunities for the threat actors.

As of this time, no particular CVE IDs were associated with exploiting software vulnerabilities since this scam relies on social engineering rather than technical exploitation. Nevertheless, indicators such as originating domains, email formats, QR code identifiers, and landing page URLs can be significant for analysts working on threat detection.

Impact

The campaign has reportedly affected thousands of individuals across multiple states, exploiting trust in public services like court systems. As a consequence, many have unwittingly provided personal and financial details to cybercriminals.

The broader impact extends to potential identity theft cases and unauthorized financial transactions. Furthermore, the technique could prompt additional campaigns exploiting different civic systems under similar pretenses.

What To Do

  • Educate users to verify unexpected messages directly with official sources.
  • Deploy advanced phishing filters to catch and neutralize suspicious domains and URLs.
  • Implement multi-layered email and SMS security solutions to identify and block fraudulent numbers.
  • Train employees and communities on recognizing phishing attempts and report them to local authorities.
  • Use mobile device management solutions to track and manage QR code scanning actions within corporate environments.

Organizations should enhance user awareness about potential scams, stressing the importance of not interacting with unsolicited messages, especially ones containing QR codes. They should also work in tandem with service providers and law enforcement to shut down the infrastructural elements of such scams quickly.

Related: