An e-mail notification system utilized by U.S. federal and state authorities departments to alert residents to vital info, has been used to ship rip-off emails, TechCrunch has realized.
The U.S. state of Indiana mentioned Tuesday that it’s “conscious of fraudulent messages purportedly despatched by state businesses” to residents about unpaid tolls. TechCrunch has seen one e-mail message despatched from an Indiana authorities division that claimed the recipient had an impressive toll stability, and contained a disguised hyperlink that redirected to a malicious website.
An announcement from the Indiana Workplace of Know-how mentioned it was “working with the corporate that was used to ship these messages to cease any additional communication.”
Indiana mentioned a contractor’s account was hacked and used to ship the rip-off messages. The state mentioned it was not conscious of “any present state methods” being compromised, however didn’t rule out an earlier breach.
The assertion mentioned that the contract with the unspecified firm, which TechCrunch has realized is govtech large Granicus, led to December 2024, however the state claimed that the corporate “didn’t take away the state’s account.”
When reached for remark, Granicus spokesperson Sharon Rushen informed TechCrunch: “We’re conscious of the latest malicious emails despatched by way of GovDelivery from Indiana’s authorities area.” The corporate confirmed the breach was brought on by a compromised consumer account, however didn’t touch upon Indiana’s claims.
“Granicus methods themselves weren’t breached,” mentioned Rushen. When requested, the corporate mentioned it does have the technical means to find out what number of people acquired the malicious emails, however didn’t instantly present a determine of these affected.
Pretend toll messages are an more and more frequent rip-off, because the Federal Commerce Fee warned in January. The rip-off entails sending textual content messages and emails that declare the recipients owe cash to tolling businesses throughout the USA. By concentrating on e-mail methods utilized by governments to inform the general public, scammers are hoping victims could be extra more likely to open official-looking emails.
An individual who acquired the rip-off message shared the e-mail with TechCrunch. The rip-off e-mail was despatched from an official Indiana authorities e-mail handle related to the state’s Emergency Operations Heart, which coordinates responses and alerts within the occasion of a pure catastrophe or different emergency occasions. The e-mail claimed the recipient had unpaid tolls in Texas, and that “failure to pay might lead to penalties or car registration holds.”
The rip-off e-mail contained a hyperlink, which seems as an official govdelivery.com internet handle, however when clicked redirects to a malicious website impersonating the web site of state of Texas’ Division of Transport’s street toll assortment service, TxTag.
The rip-off web site tried to trick customers into turning over their private info, reminiscent of their identify, cellphone quantity, dwelling handle, and their bank card particulars. The positioning (and one other clone website hosted on the same area) seemed to be offline as of Tuesday morning on the U.S. east coast.
A spokesperson for the Indiana authorities didn’t instantly remark.
{content material}
Supply: {feed_title}
