GovDelivery Scam: Government Email Alerts Abused for Phishing

Government Email System Exploited for Scam Campaigns

A notification system utilized by numerous U.S. federal and state government entities to disseminate crucial information to citizens has been compromised and leveraged for the distribution of fraudulent emails, as discovered by TechCrunch.

Indiana Toll Scam Incident

The state of Indiana announced on Tuesday its awareness of deceptive messages, falsely attributed to state agencies, concerning unpaid toll fees sent to residents. TechCrunch has reviewed an email originating from an Indiana government department, falsely asserting an outstanding toll balance and containing a concealed link redirecting users to a harmful website.

According to a statement released by the Indiana Office of Technology, they are actively collaborating with the service provider responsible for delivering these messages to halt further unauthorized communications.

Contractor Account Breach

Indiana officials indicated that a contractor’s account experienced a security breach, enabling the dispatch of these fraudulent messages. While the state currently believes its own systems remain secure, the possibility of a prior compromise hasn’t been entirely dismissed.

The state’s statement further clarified that its contract with the unnamed company – later identified by TechCrunch as Granicus – concluded in December 2024. However, the state alleges the company failed to deactivate the state’s account following the contract’s termination.

Granicus Responds

Sharon Rushen, a spokesperson for Granicus, confirmed to TechCrunch their awareness of the malicious emails sent through GovDelivery from Indiana’s official government domain.

The company acknowledged the breach stemmed from a compromised user account but refrained from commenting on Indiana’s specific claims regarding account deactivation.

“Granicus systems themselves were not breached,” Rushen stated. The company possesses the capability to ascertain the number of individuals who received the malicious emails, but had not yet released that data at the time of inquiry.

Widespread Issues with GovDelivery

Granicus also reported that other local governments are encountering similar problems related to GovDelivery. They noted an increase in targeted social engineering attempts against GovDelivery customers, aiming to exploit the system for sending malicious emails.

Rise in Fake Toll Message Scams

The Federal Trade Commission issued a warning in January regarding the growing prevalence of fake toll message scams. These scams typically involve sending emails and text messages claiming recipients owe money to tolling agencies across the U.S.

By exploiting email systems used by governments for public notifications, scammers aim to increase the likelihood that victims will open and trust the seemingly official communications.

Details of the Indiana Scam Email

A recipient shared the fraudulent email with TechCrunch. The message originated from an official Indiana government email address linked to the state’s Emergency Operations Center, responsible for coordinating responses to emergencies.

The email falsely claimed the recipient had unpaid tolls in Texas, warning of potential penalties or vehicle registration holds if the balance remained unpaid.

The email contained a link disguised as a legitimate govdelivery.com address, but redirected users to a malicious website mimicking the TxTag website – Texas’ Department of Transport’s toll collection service.

Malicious Website Tactics

The fraudulent website attempted to deceive users into submitting personal information, including their name, phone number, address, and credit card details. Both the scam site and a cloned version hosted on a similar domain were reportedly offline as of Tuesday morning on the U.S. east coast.

A spokesperson for the Indiana government has not yet provided a comment.

Doña Ana County, New Mexico Also Affected

Doña Ana County in New Mexico confirmed on Tuesday that its news portal, managed by Granicus, had also been compromised. Kent English, the county’s IT director, characterized the incident as a “system-wide issue affecting other government clients.”

TechCrunch reviewed an email, provided by a reader, originating from a govdelivery.com address associated with Doña Ana County, but impersonating a professional services company and containing a link to a scam site requesting payment.

A spokesperson for Doña Ana County did not respond to a request for comment.

Update

This report has been updated to include additional details regarding the GovDelivery issue impacting multiple customers, as well as further commentary from Granicus.