Reports from TechCrunch reveal that the electronic notification system used by federal and local authorities in the United States was breached and exploited to send out fraudulent mass emails disguised as official messages.
Indiana officials confirmed that false letters were sent out claiming to be from state entities. The letters falsely reported unpaid road training fees and included a link to a malicious website. The emails appeared to come from an official address associated with the state emergency response center, making them appear legitimate. Clicking on the link led recipients to a fake website impersonating the Texas Road Usage Service (TxTag), prompting them to enter personal information such as their name, address, and bank card details.
It was revealed that the breach occurred through a compromised account of a former contractor who had worked with the notification system, even though the contract had ended in December 2024. The company behind the Govdelivery platform, Granicus, allegedly failed to remove the state account after the partnership concluded. Granicus acknowledged the account hack but stated that their own systems were not affected. While the exact number of victims was not disclosed, the company assured that they could identify those affected through technical means.
In a separate incident in Dona Ana County, New Mexico, which also uses Granicus’ platform, several customers were impacted by a similar fraudulent scheme. One of the deceptive letters appeared to be from the county administration but contained a link to a fake website posing as a platform for payment of professional services.
Fraudsters have been actively exploiting the trust in official notifications to deceive individuals into believing they owe road training debts. The US Federal Trade Commission had previously warned about a rise in such attacks in January. These scams typically involve sending emails or SMS messages impersonating government agencies, leading recipients to fake websites where they input sensitive personal information.
Granicus acknowledged the increasing number of attacks on their customers through Govdelivery and attributed it to targeted social engineering tactics. The attackers aim to exploit trusted communication channels to distribute malicious content, banking on the fact that users will open emails from these sources without suspicion.