Government email alert system GovDelivery used to send scam messages
An email notification system used by U.S. federal and state government departments to alert residents to important information, has been used to send scam emails, TechCrunch has learned.
The U.S. state of Indiana said Tuesday that it is 'aware of fraudulent messages purportedly sent by state agencies' to residents about unpaid tolls. TechCrunch has seen one email message sent from an Indiana government department that claimed the recipient had an outstanding toll balance, and contained a disguised link that redirected to a malicious site.
A statement from the Indiana Office of Technology said it was 'working with the company that was used to deliver those messages to stop any further communication.'
Indiana said a contractor's account was hacked and used to send the scam messages. The state said it was not aware of 'any current state systems' being compromised, but did not rule out an earlier breach.
The statement said that the contract with the unspecified company, which TechCrunch has learned is govtech giant Granicus, ended in December 2024, but the state claimed that the company 'did not remove the state's account.'
When reached for comment, Granicus spokesperson Sharon Rushen told TechCrunch: 'We are aware of the recent malicious emails sent via GovDelivery from Indiana's government domain.' The company confirmed the breach was caused by a compromised user account, but did not comment on Indiana's claims.
'Granicus systems themselves were not breached,' said Rushen. When asked, the company said it does have the technical means to determine how many individuals received the malicious emails, but did not immediately provide a figure of those affected.
Fake toll messages are an increasingly common scam, as the Federal Trade Commission warned in January. The scam involves sending text messages and emails that claim the recipients owe money to tolling agencies across the United States. By targeting email systems used by governments to notify the public, scammers are hoping victims would be more likely to open official-looking emails.
A person who received the scam message shared the email with TechCrunch. The scam email was sent from an official Indiana government email address associated with the state's Emergency Operations Center, which coordinates responses and alerts in the event of a natural disaster or other emergency events. The email claimed the recipient had unpaid tolls in Texas, and that 'failure to pay may result in penalties or vehicle registration holds.'
The scam email contained a link, which appears as an official govdelivery.com web address, but when clicked redirects to a malicious site impersonating the website of state of Texas' Department of Transport's road toll collection service, TxTag.
The scam website attempted to trick users into turning over their personal information, such as their name, phone number, home address, and their credit card details. The site (and another clone site hosted on a similar domain) appeared to be offline as of Tuesday morning on the U.S. east coast.
A spokesperson for the Indiana government did not immediately comment.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
a day ago
- Yahoo
After its data was wiped, KiranaPro's co-founder cannot rule out an external hack
Indian grocery delivery startup KiranaPro's recent data loss story has more holes than Swiss cheese, as the startup remains unclear whether the incident was an internal breach or an external hack. Last week, the Bengaluru-based startup discovered that it could not access its back-end servers and that all its data, including its app code, had been deleted from GitHub. The startup on Friday blamed a former employee for the breach. However, in an interview, KiranaPro co-founder and CEO Deepak Ravindran conceded that the company had not deactivated the employee's account after they departed the company and cannot rule out the possibility of subsequent malicious misuse of their account. "If we go deeper, we have to do a real forensic investigation. We are going to talk [about] this with our board, the investors, and we are going to get a formal opinion on that also with our legal advisers," Ravindran told TechCrunch. Earlier on Friday, Ravindran claimed in a post on X that the incident that affected its data was an internal breach. "After careful investigation, we conclude that this was not a hack. No external party penetrated our ordering or payment systems, exploited vulnerabilities, or bypassed security protocols," he wrote. The co-founder also explicitly shared a screenshot of a LinkedIn profile of one of KiranaPro's former employees on X on Thursday, alleging that they had deleted the startup's code. (TechCrunch is not sharing the post's link, as the startup has yet to offer concrete proof supporting its position.) "[T]his was an internal data breach. Specifically, it was the result of actions taken by a trusted internal employee who had legitimate access to our systems," the co-founder wrote in his post on Friday. "This individual intentionally deleted critical server logs while they were being tested and/or edited, an action that goes directly against our policies, our principles, and the trust we place in our team." When TechCrunch asked if KiranaPro could rule out whether any third party had maliciously gained access to the former employee's account, Ravindran could not. "We have to do a complete forensic check on the company. We have to do the entire IP scan. We have to look at where the tracks happened. We have to check the computers, MacBooks, and whatever is used. Everything has to be done. Then we have to spend money … so, that's why we decided not to," he told TechCrunch. Then what was the basis of Ravindran's allegation? It was a GitHub response, a copy of which he shared with TechCrunch. The response included a username, which Ravindran said was associated with the former employee. "All we have is the emails that we got from GitHub, stating that [the former employee's username] as an individual is the one who deleted the account. We haven't done the investigation further," Ravindran told TechCrunch. Launched in late 2024, KiranaPro operates as a buyer app on the Indian government's Open Network for Digital Commerce. The startup allows more than 55,000 customers in 50 cities to purchase groceries from their local shops and nearby supermarkets using its voice-based interface. The company also supports local language inputs, including English, Hindi, Malayalam, and Tamil. Ravindran stated that they decided to call out the former employee based on the company's "belief system," as they claim the former employee deleted the data after their sudden termination. However, the startup said it is not aware if there were enough protections on the former employee's devices, such as multi-factor authentication, to restrict malicious third-party access, like malware. The company confirmed it did not remove the employee's access to its data and GitHub account following his departure. "Employee offboarding was not being handled properly because there was no full-time HR," KiranaPro's chief technology officer, Saurav Kumar, confirmed to TechCrunch. Alongside its code saved in GitHub, KiranaPro also lost access to its Amazon Web Services (AWS) account, which included its customer data and their transaction details. Ravindran told TechCrunch that the GitHub data was restored after getting its backup from one of their employees. The startup also regained access to its AWS account along with its customer data. Both the co-founder and CTO said the AWS account was protected by multi-factor authentication, but neither could say how the account was accessed, as nobody else had physical access to Ravindran's phone, which generates the multi-factor code. Nonetheless, Ravindran claimed that the customer data stored in the AWS cloud remained intact and was not accessed by any third parties, nor was it downloaded by the former employee in question. "Because if that is the case, I will get its notification on email or anything [sic]," he said. That said, Ravindran stated that the startup has enough evidence to file a formal complaint with the police, but said that its investigation is ongoing. The startup has also not fully paid its current employees, the company's co-founder confirmed, soon after the company raised a seed round of ₹100 million Indian rupees (about $1.2 million), which Ravindran said has yet to be fully wired. The startup counts Blume Ventures, Unpopular Ventures, and Turbostart among its institutional venture backers, as well as Olympic medalist PV Sindhu and Boston Consulting Group managing director Vikas Taneja among its angel investors. It has 15 employees located in Bengaluru and Kerala. Sign in to access your portfolio
TechCrunch
a day ago
- TechCrunch
After its data was wiped, KiranaPro's co-founder cannot rule out an external hack
Indian grocery delivery startup KiranaPro's recent data loss story has more holes than Swiss cheese, as the startup remains unclear whether the incident was an internal breach or an external hack. Last week, the Bengaluru-based startup discovered that it could not access its back-end servers and that all its data, including its app code, had been deleted from GitHub. The startup on Friday blamed a former employee for the breach. However, in an interview, KiranaPro co-founder and CEO Deepak Ravindran conceded that the company had not deactivated the employee's account after they departed the company and cannot rule out the possibility of subsequent malicious misuse of their account. 'If we go deeper, we have to do a real forensic investigation. We are going to talk [about] this with our board, the investors, and we are going to get a formal opinion on that also with our legal advisers,' Ravindran told TechCrunch. Earlier on Friday, Ravindran claimed in a post on X that the incident that affected its data was an internal breach. 'After careful investigation, we conclude that this was not a hack. No external party penetrated our ordering or payment systems, exploited vulnerabilities, or bypassed security protocols,' he wrote. The co-founder also explicitly shared a screenshot of a LinkedIn profile of one of KiranaPro's former employees on X on Thursday, alleging that they had deleted the startup's code. (TechCrunch is not sharing the post's link, as the startup has yet to offer concrete proof supporting its position.) '[T]his was an internal data breach. Specifically, it was the result of actions taken by a trusted internal employee who had legitimate access to our systems,' the co-founder wrote in his post on Friday. 'This individual intentionally deleted critical server logs while they were being tested and/or edited, an action that goes directly against our policies, our principles, and the trust we place in our team.' When TechCrunch asked if KiranaPro could rule out whether any third party had maliciously gained access to the former employee's account, Ravindran could not. 'We have to do a complete forensic check on the company. We have to do the entire IP scan. We have to look at where the tracks happened. We have to check the computers, MacBooks, and whatever is used. Everything has to be done. Then we have to spend money … so, that's why we decided not to,' he told TechCrunch. Then what was the basis of Ravindran's allegation? It was a GitHub response, a copy of which he shared with TechCrunch. The response included a username, which Ravindran said was associated with the former employee. 'All we have is the emails that we got from GitHub, stating that [the former employee's username] as an individual is the one who deleted the account. We haven't done the investigation further,' Ravindran told TechCrunch. Former employee's account was never offboarded Launched in late 2024, KiranaPro operates as a buyer app on the Indian government's Open Network for Digital Commerce. The startup allows more than 55,000 customers in 50 cities to purchase groceries from their local shops and nearby supermarkets using its voice-based interface. The company also supports local language inputs, including English, Hindi, Malayalam, and Tamil. Ravindran stated that they decided to call out the former employee based on the company's 'belief system,' as they claim the former employee deleted the data after their sudden termination. However, the startup said it is not aware if there were enough protections on the former employee's devices, such as multi-factor authentication, to restrict malicious third-party access, like malware. The company confirmed it did not remove the employee's access to its data and GitHub account following his departure. 'Employee offboarding was not being handled properly because there was no full-time HR,' KiranaPro's chief technology officer, Saurav Kumar, confirmed to TechCrunch. Company restores AWS account and GitHub data Alongside its code saved in GitHub, KiranaPro also lost access to its Amazon Web Services (AWS) account, which included its customer data and their transaction details. Ravindran told TechCrunch that the GitHub data was restored after getting its backup from one of their employees. The startup also regained access to its AWS account along with its customer data. Both the co-founder and CTO said the AWS account was protected by multi-factor authentication, but neither could say how the account was accessed, as nobody else had physical access to Ravindran's phone, which generates the multi-factor code. Nonetheless, Ravindran claimed that the customer data stored in the AWS cloud remained intact and was not accessed by any third parties, nor was it downloaded by the former employee in question. 'Because if that is the case, I will get its notification on email or anything [sic],' he said. That said, Ravindran stated that the startup has enough evidence to file a formal complaint with the police, but said that its investigation is ongoing. The startup has also not fully paid its current employees, the company's co-founder confirmed, soon after the company raised a seed round of ₹100 million Indian rupees (about $1.2 million), which Ravindran said has yet to be fully wired. The startup counts Blume Ventures, Unpopular Ventures, and Turbostart among its institutional venture backers, as well as Olympic medalist PV Sindhu and Boston Consulting Group managing director Vikas Taneja among its angel investors. It has 15 employees located in Bengaluru and Kerala.
The Verge
2 days ago
- The Verge
Popular AI apps get caught in the crosshairs of Anthropic and OpenAI
Battlelines are being drawn between the major AI labs and the popular applications that rely on them. This week, both Anthropic and OpenAI took shots at two leading AI apps: Windsurf, one of the most popular vibe coding tools, and Granola, a buzzy AI app for taking meeting notes. 'With less than five days of notice, Anthropic decided to cut off nearly all of our first-party capacity to all Claude 3.x models,' Windsurf CEO Varun Mohan wrote on X this week, noting that 'we wanted to pay them for the full capacity.' An additional statement on Windsurf's website said: 'We are concerned that Anthropic's conduct will harm many in the industry, not just Windsurf.' Here, Mohan's company is collateral damage in Anthropic's rivalry with OpenAI, which has reportedly been in talks to acquire Windsurf for about $3 billion. The deal hasn't been confirmed, but even the spectre of it happening was enough for Anthropic to cut off one of the most popular apps that it powers. After a spokesperson told TechCrunch's Maxwell Zeff that Anthropic was 'prioritizing capacity for sustainable partnerships,' co-founder Jared Kaplan put it more bluntly. 'We really are just trying to enable our customers who are going to sustainably be working with us in the future,' Kaplan told Zeff. 'I think it would be odd for us to be selling Claude to OpenAI.'
