Hackers have reportedly misused a US federal and state government department’s email notification system to send scam messages . This system, which is used to alert residents to important information, has been exploited by cybercriminals, a report claims. According to a report by TechCrunch, the US state of Indiana has said that it is "aware of fraudulent messages purportedly sent by state agencies" concerning unpaid tolls. The report also claims to have reviewed an example of a scam email sent from an Indiana government department.
This email claimed the recipient had an outstanding toll balance and contained a disguised link redirecting to a malicious site. The Indiana Office of Technology issued a statement saying they are "working with the company that was used to deliver those messages to stop any further communication.”
The state suggested that a contractor’s account was compromised and used to distribute the scam messages. However, Indiana clarified that it was not aware of "any current state systems" being compromised but did not exclude the possibility of a prior breach. The statement also revealed that the contract with the unnamed company, which ended in December 2024, "did not remove the state’s account." The company was later identified as government tech major Granicus by TechCrunch.
What Granicus said about hackers misusing the govt email alert system
In a statement to TechCrunch, Granicus spokesperson Sharon Rushen said: “We are aware of the recent malicious emails sent via GovDelivery from Indiana’s government domain.”
The company acknowledged that the breach resulted from a compromised user account but dismissed Indiana’s allegations.
“Granicus systems themselves were not breached,” said Rushen.
The company also confirmed that it has the technical means to determine how many individuals received the malicious emails, but has yet to disclose that figure.
How scammers used to email alert system to trap users
In January, the Federal Trade Commission identified a practice where scammers were increasingly sending fake toll notices by text and email. These cybercriminals target official government mailing systems to make their messages appear legitimate.
In one case shared with TechCrunch, a phishing email claiming unpaid Texas tolls was sent from an Indiana Emergency Operations Center address. It warned of penalties or vehicle registration holds and included a link disguised as a govdelivery.com URL, which redirected to a fraudulent TxTag site. This fake site stole personal details, including name, address, phone number and credit card information.
This email claimed the recipient had an outstanding toll balance and contained a disguised link redirecting to a malicious site. The Indiana Office of Technology issued a statement saying they are "working with the company that was used to deliver those messages to stop any further communication.”
The state suggested that a contractor’s account was compromised and used to distribute the scam messages. However, Indiana clarified that it was not aware of "any current state systems" being compromised but did not exclude the possibility of a prior breach. The statement also revealed that the contract with the unnamed company, which ended in December 2024, "did not remove the state’s account." The company was later identified as government tech major Granicus by TechCrunch.
What Granicus said about hackers misusing the govt email alert system
In a statement to TechCrunch, Granicus spokesperson Sharon Rushen said: “We are aware of the recent malicious emails sent via GovDelivery from Indiana’s government domain.”
The company acknowledged that the breach resulted from a compromised user account but dismissed Indiana’s allegations.
“Granicus systems themselves were not breached,” said Rushen.
The company also confirmed that it has the technical means to determine how many individuals received the malicious emails, but has yet to disclose that figure.
How scammers used to email alert system to trap users
In January, the Federal Trade Commission identified a practice where scammers were increasingly sending fake toll notices by text and email. These cybercriminals target official government mailing systems to make their messages appear legitimate.
In one case shared with TechCrunch, a phishing email claiming unpaid Texas tolls was sent from an Indiana Emergency Operations Center address. It warned of penalties or vehicle registration holds and included a link disguised as a govdelivery.com URL, which redirected to a fraudulent TxTag site. This fake site stole personal details, including name, address, phone number and credit card information.
You may also like
'Only a fool would not accept this gift': Donald Trump defends his decision on accepting $400 million jet from Qatar
Man Utd transfer news: Ruben Amorim plans ruthless firesale as target makes priority clear
Europe's best hidden gem for food lovers has 1,600 restaurants but few tourists
Unearthed royal image suggests Meghan Markle copied a significant style icon
UK weather map shows Britain almost completely covered by huge storm - all 76 cities hit
