Warning: GovDelivery’s Government Email Alert System Compromised by Scam Messages!

In recent news, a significant email notification system utilized by U.S. federal and state government departments has fallen victim to a scam, leading to fraudulent messages being sent to residents. This alarming situation highlights the growing risks associated with government communication channels.

Indiana Government Alerts Residents About Scam Emails

On Tuesday, the state of Indiana issued a statement concerning fraudulent messages that appeared to be sent from state agencies. These messages falsely claimed that recipients had outstanding toll balances. An example of such an email was shared with TechCrunch, revealing a disguised link that redirected users to a malicious site.

State’s Response to the Scam

The Indiana Office of Technology confirmed that they are actively addressing the situation. The office stated:

• They are collaborating with the company responsible for the email delivery to halt further communications.
• A contractor’s account was compromised, but current state systems have not been reported as breached.
• The contract with the email service provider, identified as Granicus, ended in December 2024.

Despite the contract’s conclusion, Indiana officials noted that Granicus “did not remove the state’s account,” allowing the scam to occur.

Granicus Weighs In on the Situation

Sharon Rushen, a spokesperson for Granicus, acknowledged the issue, stating:

• They are aware of the malicious emails sent from Indiana’s government domain.
• The breach was caused by a compromised user account, not a failure in Granicus systems.

Although Granicus has the technical means to assess the number of affected individuals, they did not provide specific figures at this time.

Understanding the Toll Scam Trend

This incident is part of a larger trend of toll-related scams, as warned by the Federal Trade Commission earlier this year. Scammers often send deceptive emails and text messages claiming that recipients owe money to tolling agencies across the United States. By exploiting official-looking emails, these scams increase the likelihood that victims will engage with the content.

Details of the Scam Email

A recipient of the scam email shared their experience with TechCrunch. The fraudulent message was sent from an official Indiana government email linked to the state’s Emergency Operations Center, which typically coordinates emergency responses. The scam claimed that the recipient owed unpaid tolls in Texas and threatened penalties or vehicle registration holds for non-payment.

• The email contained a link that appeared to direct users to an official govdelivery.com web address.
• Upon clicking, it redirected to a malicious site impersonating Texas’ Department of Transportation’s toll collection service, TxTag.

This fraudulent website aimed to collect personal information, including names, phone numbers, home addresses, and credit card details. As of Tuesday morning on the U.S. East Coast, this scam site, along with another similar domain, appeared to be offline.

As the situation develops, residents and users of government email systems are advised to remain vigilant and report any suspicious messages to authorities.

For more information on protecting yourself against email scams, visit the Federal Trade Commission’s guide on spam.