An email notification service used by U.S. state and federal agencies to keep residents informed has been exploited to send GovDelivery scam messages. On Tuesday, the state of Indiana confirmed that residents received fraudulent emails impersonating official state communications. These emails warned recipients about unpaid tolls and directed them to malicious websites disguised as government portals. One such message was reviewed, which appeared to come from Indiana’s Emergency Operations Center and referenced unpaid tolls in Texas. The link in the email redirected users to a fake version of Texas’ toll service, TxTag, where victims were asked to submit sensitive personal and financial information.
The Indiana Office of Technology responded by stating it was working with the vendor used to distribute the emails to prevent further abuse. While the state emphasized that no current state systems were breached, it did confirm a contractor’s account had been compromised. That contractor is govtech giant Granicus, which operates the widely used GovDelivery platform for government notifications. Although Indiana claims its contract with Granicus ended in December 2024, the state says the vendor failed to deactivate their account, leaving it vulnerable to exploitation.
Granicus Confirms Account Compromise, Denies System Breach
Granicus acknowledged the incident, stating that a compromised user account was the source of the malicious emails. Spokesperson Sharon Rushen noted that the Granicus systems themselves were not breached, and the company is currently assessing how many individuals received the scam messages. However, it has yet to release an exact number.
Beyond Indiana, other local governments have been affected. Doña Ana County in New Mexico confirmed that its Granicus-managed news portal was also compromised. Emails sent from a govdelivery.com address linked to the county posed as a professional services company and included scam payment links. The county’s IT director, Kent English, described the event as a broader system-wide issue impacting multiple Granicus clients.
The surge in fake toll collection scams has already prompted warnings from the Federal Trade Commission earlier this year. Scammers are increasingly leveraging the credibility of government communications systems to boost the chances of victims engaging with their messages. In this case, the scam emails appeared particularly convincing due to the use of official domains and references to penalties like vehicle registration holds.
Although the malicious sites impersonating TxTag appeared to be offline by Tuesday morning, the incident underscores a larger concern about the security of third-party services used by public agencies. It also raises questions about vendor offboarding procedures and the risks posed when former contractors retain access to sensitive communication platforms.
