An email alert system employed by various U.S. federal and state government departments has been hijacked to distribute scam messages, according to TechCrunch. Recently, Indiana’s government acknowledged fraudulent emails masquerading as official communications regarding outstanding toll balances, which included links leading to malicious sites.
Affected residents were warned about unpaid tolls in a message purportedly from Indiana state agencies. These scams often exploit government email systems to appear more credible to recipients. The Indiana Office of Technology is currently cooperating with the company responsible for these messages to cease further scam communications.
It has been revealed that a contractor’s account was breached, enabling the distribution of these fraudulent emails. While Indiana claims no current state systems were hacked, it has not dismissed the possibility of previous breaches. The specific contractor involved is Granicus, a significant player in government technology, although its contract with Indiana concluded in December 2024, which has led to questions about why the state’s account was not deleted by the company after the contract ended.
In response, Granicus confirmed a user account had been compromised, leading to the distribution of the phishing emails, but denied that their systems were breached. Although the company can track how many people received these emails, they have not disclosed the exact figure of those impacted.
The scam in question is part of a growing trend, as the Federal Trade Commission (FTC) had previously issued warnings about fraudulent messages claiming individuals owe money to tolling agencies nationwide. By leveraging government email systems, scammers increase the likelihood that their target audience will engage with their fraudulent content.
One of the intercepted emails claimed the recipient owed unpaid tolls in Texas, threatening penalties or holds on vehicle registration for non-payment. The email was sent from an Indiana government address linked to its Emergency Operations Centre, which coordinates responses during emergencies. A deceptive link in the email appeared to direct users to the Texas Department of Transportation’s toll collection service, TxTag, but would lead them to a fraudulent site.
These deceptive websites aim to harvest sensitive personal information from users, including names, addresses, and credit card particulars. As of the morning of the report, both the scam site and a related clone site appeared to be offline.
While officials from the Indiana government have not provided immediate comments, the incident highlights the vulnerabilities present when trusted communication channels are exploited for fraudulent purposes.
Fanpage:Â TechArena.au
Watch more about AI – Artificial Intelligence
