An email notification system used by U.S. federal and state government departments to alert residents to important information, has been used to send scam emails, TechCrunch has learned.
The U.S. state of Indiana said Tuesday that it is “aware of fraudulent messages purportedly sent by state agencies” to residents about unpaid tolls. TechCrunch has seen one email message sent from an Indiana government department that claimed the recipient had an outstanding toll balance, and contained a disguised link that redirected to a malicious site.
A statement from the Indiana Office of Technology said it was “working with the company that was used to deliver those messages to stop any further communication.”
Indiana said a contractor’s account was hacked and used to send the scam messages. The state said it was not aware of “any current state systems” being compromised, but did not rule out an earlier breach.
The statement said that the contract with the unspecified company, which TechCrunch has learned is govtech giant Granicus, ended in December 2024, but the state claimed that the company “did not remove the state’s account.”
When reached for comment, Granicus spokesperson Sharon Rushen told TechCrunch: “We are aware of the recent malicious emails sent via GovDelivery from Indiana’s government domain.” The company confirmed the breach was caused by a compromised user account, but did not comment on Indiana’s claims.
“Granicus systems themselves were not breached,” said Rushen. When asked, the company said it does have the technical means to determine how many individuals received the malicious emails, but did not immediately provide a figure of those affected.
Fake toll messages are an increasingly common scam, as the Federal Trade Commission warned in January. The scam involves sending text messages and emails that claim the recipients owe money to tolling agencies across the United States. By targeting email systems used by governments to notify the public, scammers are hoping victims would be more likely to open official-looking emails.
A person who received the scam message shared the email with TechCrunch. The scam email was sent from an official Indiana government email address associated with the state’s Emergency Operations Center, which coordinates responses and alerts in the event of a natural disaster or other emergency events. The email claimed the recipient had unpaid tolls in Texas, and that “failure to pay may result in penalties or vehicle registration holds.”
The scam email contained a link, which appears as an official govdelivery.com web address, but when clicked redirects to a malicious site impersonating the website of state of Texas’ Department of Transport’s road toll collection service, TxTag.
The scam website attempted to trick users into turning over their personal information, such as their name, phone number, home address, and their credit card details. The site (and another clone site hosted on a similar domain) appeared to be offline as of Tuesday morning on the U.S. east coast.
A spokesperson for the Indiana government did not immediately comment.
