If you recently got an official-looking email from the government about unpaid tolls, don’t panic just yet—but definitely don’t click anything. Here’s what’s going on.
A legit U.S. government alert system—yes, the kind that’s supposed to keep us safe and informed—was hijacked by scammers to send out bogus toll collection emails. The system in question is called GovDelivery, and it’s normally used by federal and state agencies to send out emergency updates, road alerts, weather warnings, you name it. But in this case? It was used to trick people.
What Happened?
The state of Indiana confirmed that some residents received scam emails that looked like they came from the government. These messages claimed the recipient owed toll money and needed to pay up ASAP. They even included a link that looked like it led to a government website—but it actually redirected to a phishing site designed to steal your personal information.
You know, the classic scam playbook: “Click here to avoid fines!”—but instead of fixing anything, you’re handing over your name, address, phone number, and credit card info to cybercriminals in disguise.
How Did This Happen?
According to Indiana’s Office of Technology, the issue traces back to a compromised contractor account. That contractor worked with a tech company called Granicus, which operates GovDelivery.
Now here’s where it gets a little messy: Indiana says their contract with Granicus technically ended back in December 2024, but the state’s account was never fully deactivated. That leftover access might have been what scammers exploited.
Granicus confirmed the attack came from a compromised user account, but they say their own systems weren’t actually breached. Basically: it was like someone stealing the keys to your mailbox—not breaking into the post office.
When asked how many people received the scam emails, Granicus said they can find out, but didn’t immediately share any numbers.
What Did the Scam Emails Look Like?
The emails were pretty convincing. One message came from an address linked to Indiana’s Emergency Operations Center (the same folks who handle actual emergencies like tornados or chemical spills—yeah, this looked legit). The email claimed you owed tolls in Texas and warned that not paying could lead to fines or even having your vehicle registration frozen.
The link included in the email appeared to go to a GovDelivery web address, but when clicked, it took users to a fake version of the TxTag toll website—the toll payment service in Texas. The phishing site then asked for personal info and credit card details.
As of Tuesday morning, that fake site—and a nearly identical clone—was offline. But if you clicked the link before it disappeared, you might want to freeze your card and monitor for suspicious activity.
This Isn’t a One-Off Thing
Scams involving fake toll messages have been on the rise. Back in January, the Federal Trade Commission (FTC) even warned about this trend, where fraudsters impersonate tolling agencies and demand payment through official-looking messages.
The twist this time? The scam came from actual government email addresses. Which makes it way easier for people to fall for it.
So, What Should You Do?
Here’s how to protect yourself:
- Be skeptical of any email or text saying you owe toll money—especially if it seems sudden or aggressive.
- Hover before you click. Check where a link actually goes by hovering over it. If it looks weird or misspelled (like “tx-tag-pay.com” instead of the real site), don’t click.
- Never enter personal info on a website you didn’t search for directly.
- Report the scam to the FTC and your state’s consumer protection agency.
And if you think you already clicked or submitted info, call your bank immediately and monitor your credit.
Bottom Line
Even trusted systems like government alert services aren’t immune to cyberattacks. The safest approach? Always verify before you trust—even when it’s wearing a .gov badge.
Stay smart. Stay skeptical. And maybe don’t believe every “URGENT TOLL PAYMENT” email that shows up in your inbox.
Scam Alert: Hackers Hijack Government Email System to Send Fake Toll Messages
