Do Son 
The electronic notification system employed by U.S. federal and local government agencies to inform citizens has been compromised and weaponized to distribute a wave of fraudulent emails. This was reported by TechCrunch, which obtained samples of the counterfeit messages, crafted to resemble official communications from government institutions.
On Tuesday, authorities in the state of Indiana confirmed the circulation of deceptive emails purportedly sent on behalf of government entities. These messages falsely informed recipients of unpaid toll charges and contained a malicious link. The emails originated from an official address associated with the state’s Emergency Response Center, lending them an air of legitimacy. Victims who followed the link were directed to a convincing imitation of the Texas toll collection service website—TxTag—where they were prompted to submit personal details, including their name, address, and bank card information.
Indiana clarified that the breach stemmed from the compromise of an account belonging to a contractor who had previously worked with the alert system. Although the contract ended in December 2024, the platform provider—Granicus, responsible for GovDelivery—allegedly failed to deactivate the contractor’s account after the termination of their engagement. Granicus confirmed that a user account had been compromised but asserted that its internal systems remained unaffected. The company declined to disclose the number of individuals impacted, though it acknowledged possessing the technical means to determine it.
The incident was not isolated. A similar breach occurred in Doña Ana County, New Mexico, where the Granicus platform is also in use. Several of the company’s clients were affected, pointing to a systemic issue. One such fraudulent email appeared to originate from the county administration but instead led to a phishing site masquerading as a professional services payment portal.
Scammers have increasingly exploited schemes involving fake toll debt notifications. The U.S. Federal Trade Commission had issued a warning as early as January, highlighting a surge in such attacks. These campaigns rely on the perceived legitimacy of official government communications—emails and text messages sent under the guise of public agencies—luring victims into revealing personal information on counterfeit websites.
Granicus acknowledged the uptick in GovDelivery-related attacks targeting its clients and attributed the trend to orchestrated social engineering campaigns. The attackers’ objective is to abuse trusted communication channels to deliver malicious content, banking on the likelihood that recipients will open the messages without suspicion.
Donate