Morning Overview

A QR-code text demanding you ‘pay the fine now’ is the scam feds want you to delete

The Federal Trade Commission published a consumer alert in April 2026 warning Americans to delete text messages that claim a traffic violation, include a QR code, and pressure recipients to “pay the fine now.” The messages threaten default judgments and enforcement actions if the recipient does not scan the code or attend a fabricated hearing. Both the FTC and the FBI have issued multiple warnings about QR-code fraud schemes, which have been reported since 2022 and now extend to cryptocurrency payment routing and even unsolicited physical packages.

How fake traffic-violation texts use QR codes to steal money

The scam follows a specific script. A text arrives claiming the recipient faces an upcoming traffic hearing. It presents two options: attend the hearing or pay the fine immediately by scanning an embedded QR code. The message uses urgent language, warning of default judgments or enforcement actions if the recipient does not act fast. The FTC describes this pattern in its April 2026 consumer warning, calling the messages probable scams designed to harvest personal and financial information.

Scanning the QR code does not lead to a legitimate court or government payment portal. Instead, it can redirect to a spoofed website built to collect login credentials, banking details, or credit card numbers. The FTC has separately explained that this category of fraud, sometimes called “quishing” or QR phishing, works because QR codes obscure the destination URL until after scanning. Scammers also overlay counterfeit codes on legitimate ones in public spaces, extending the same technique beyond text messages and into parking meters, restaurant tables, and event flyers.

The FBI has tracked a parallel threat: scammers who use QR codes to auto-populate cryptocurrency wallet addresses at crypto ATMs. In a public service announcement designated I-110421-PSA, the FBI’s Internet Crime Complaint Center documented how government and law-enforcement impersonation schemes use QR codes to route victim payments through cryptocurrency ATMs. That mechanism strips away the reversibility that traditional bank transfers or credit card chargebacks can offer, making recovery far harder once a payment is sent.

The shift toward crypto-based payment routing helps explain why these scams have grown more aggressive in their urgency language. When a victim pays through a bank or credit card, the transaction can often be disputed. Cryptocurrency transfers, by contrast, settle almost instantly and are extremely difficult to reverse. Scammers who push recipients toward QR-code-linked crypto payments gain a speed advantage that traditional fraud channels do not provide. The combination of government impersonation, time pressure, and irreversible payment rails creates a trap that closes quickly once a victim scans.

Federal agencies trace QR fraud back to 2022 with expanding tactics

QR-code scam reports first surfaced in 2022, according to the FBI’s El Paso Field Office, which published guidance on building a digital defense against these schemes. Early versions involved text messages referencing account problems, paired with QR codes that led to fake payment portals or credential-harvesting pages. The basic ingredients were consistent: an alarming claim, a promise to fix the problem quickly, and a QR code that concealed where the link would actually go.

Over time, the delivery methods diversified. Some scams began to mimic package-delivery notifications, claiming a parcel could not be dropped off until a small fee was paid via QR code. Others targeted small businesses with fake invoices and QR links that appeared to come from regular vendors. The FBI’s field-office guidance emphasized that none of these messages should be trusted if they arrive unexpectedly, particularly when the sender insists that the only way to resolve the issue is by scanning a code.

By 2025, the FBI issued a separate cyber alert, designated I-073125-PSA, warning that criminals had begun sending unsolicited physical packages containing QR codes to induce scanning. That alert advised consumers not to scan QR codes from unknown origins and directed victims to report incidents through official FBI channels. The jump from digital messages to physical mail signals that scammers are testing new delivery methods to bypass the spam filters and carrier-level blocking that intercept many fraudulent texts.

The FTC’s April 2026 alert on traffic-violation texts represents the latest iteration. Where earlier QR scams cast a wide net with vague pretexts, the traffic-violation variant uses a specific, anxiety-producing scenario. Most drivers have received a legitimate traffic ticket at some point, and the prospect of a missed court date or a default judgment triggers a fear response that can override skepticism. That emotional lever, paired with a QR code that hides the true destination, makes the newer version more targeted than its predecessors and more likely to catch even cautious recipients off guard.

No public loss totals and limited prosecution data leave gaps

Neither the FTC nor the FBI has published specific complaint totals or confirmed victim losses tied to the traffic-violation QR text variant. The FTC’s alert describes the scam mechanics and advises deletion, but it does not cite a dollar figure for aggregate losses or a count of reports received. The FBI’s public service announcements similarly focus on prevention guidance rather than enforcement outcomes or active investigation details.

That absence matters because it makes it difficult to measure how fast the threat is growing or whether law enforcement is keeping pace. Without published data on complaint volume, prosecution rates, or recovered funds, the public sees only the warnings, not the results. It is unclear from available documents how many scammers have been charged, what penalties they have faced, or how often victims are able to claw back money sent through QR-enabled fraud.

Several factors help explain the data gap. First, QR codes are simply a delivery mechanism; cases may be logged under broader categories like phishing, identity theft, or cryptocurrency fraud rather than tracked as a distinct trend. Second, cross-border operations complicate attribution and prosecution, since many schemes originate outside the United States even when they impersonate U.S. agencies. Finally, agencies often prioritize operational secrecy over public metrics when investigations are ongoing, releasing only general alerts to avoid tipping off suspects.

For consumers, the lack of detailed statistics does not change the practical advice. The FTC urges people to delete unexpected traffic-violation texts, avoid scanning codes in unsolicited messages, and independently verify any supposed fines or court dates by using official government websites or phone numbers obtained from trusted sources. The FBI, for its part, encourages victims and near-victims to file reports with its complaint center so investigators can identify patterns, connect related incidents, and decide where to focus limited enforcement resources.

Until more comprehensive data is released, the clearest signal of risk comes from the escalating tone of the warnings themselves. Federal agencies rarely issue multiple alerts about the same basic technique unless they see persistent, evolving abuse. The move from early QR phishing to crypto ATM routing, unsolicited packages, and now fabricated traffic hearings suggests that scammers view QR codes as a versatile tool for bypassing traditional defenses. The best countermeasure for now is heightened skepticism: treat every unexpected QR code-whether in a text, an email, a flyer, or a package-as a potential trap, and verify the story behind it before you ever open your camera app.

More from Morning Overview

*This article was researched with the help of AI, with human editors creating the final content.