Latest news with #SharonRushen
Time of India
13-05-2025
- Business
- Time of India
Hackers may have misused US government's email alert system to send scam messages
Representative image Hackers have reportedly misused a US federal and state government department's email notification system to send scam messages . This system, which is used to alert residents to important information, has been exploited by cybercriminals, a report claims. According to a report by TechCrunch, the US state of Indiana has said that it is "aware of fraudulent messages purportedly sent by state agencies" concerning unpaid tolls. The report also claims to have reviewed an example of a scam email sent from an Indiana government department. This email claimed the recipient had an outstanding toll balance and contained a disguised link redirecting to a malicious site. The Indiana Office of Technology issued a statement saying they are "working with the company that was used to deliver those messages to stop any further communication.' The state suggested that a contractor's account was compromised and used to distribute the scam messages. However, Indiana clarified that it was not aware of "any current state systems" being compromised but did not exclude the possibility of a prior breach. The statement also revealed that the contract with the unnamed company, which ended in December 2024, "did not remove the state's account." The company was later identified as government tech major Granicus by TechCrunch. What Granicus said about hackers misusing the govt email alert system In a statement to TechCrunch, Granicus spokesperson Sharon Rushen said: 'We are aware of the recent malicious emails sent via GovDelivery from Indiana's government domain.' The company acknowledged that the breach resulted from a compromised user account but dismissed Indiana's allegations. 'Granicus systems themselves were not breached,' said Rushen. The company also confirmed that it has the technical means to determine how many individuals received the malicious emails, but has yet to disclose that figure. How scammers used to email alert system to trap users In January, the Federal Trade Commission identified a practice where scammers were increasingly sending fake toll notices by text and email. These cybercriminals target official government mailing systems to make their messages appear legitimate. In one case shared with TechCrunch, a phishing email claiming unpaid Texas tolls was sent from an Indiana Emergency Operations Center address. It warned of penalties or vehicle registration holds and included a link disguised as a URL, which redirected to a fraudulent TxTag site. This fake site stole personal details, including name, address, phone number and credit card information. AI Masterclass for Students. Upskill Young Ones Today!– Join Now
TechCrunch
13-05-2025
- Business
- TechCrunch
Government email alert system GovDelivery used to send scam messages
An email notification system used by U.S. federal and state government departments to alert residents to important information, has been used to send scam emails, TechCrunch has learned. The U.S. state of Indiana said Tuesday that it is 'aware of fraudulent messages purportedly sent by state agencies' to residents about unpaid tolls. TechCrunch has seen one email message sent from an Indiana government department that claimed the recipient had an outstanding toll balance, and contained a disguised link that redirected to a malicious site. A statement from the Indiana Office of Technology said it was 'working with the company that was used to deliver those messages to stop any further communication.' Indiana said a contractor's account was hacked and used to send the scam messages. The state said it was not aware of 'any current state systems' being compromised, but did not rule out an earlier breach. The statement said that the contract with the unspecified company, which TechCrunch has learned is govtech giant Granicus, ended in December 2024, but the state claimed that the company 'did not remove the state's account.' When reached for comment, Granicus spokesperson Sharon Rushen told TechCrunch: 'We are aware of the recent malicious emails sent via GovDelivery from Indiana's government domain.' The company confirmed the breach was caused by a compromised user account, but did not comment on Indiana's claims. 'Granicus systems themselves were not breached,' said Rushen. When asked, the company said it does have the technical means to determine how many individuals received the malicious emails, but did not immediately provide a figure of those affected. Fake toll messages are an increasingly common scam, as the Federal Trade Commission warned in January. The scam involves sending text messages and emails that claim the recipients owe money to tolling agencies across the United States. By targeting email systems used by governments to notify the public, scammers are hoping victims would be more likely to open official-looking emails. A person who received the scam message shared the email with TechCrunch. The scam email was sent from an official Indiana government email address associated with the state's Emergency Operations Center, which coordinates responses and alerts in the event of a natural disaster or other emergency events. The email claimed the recipient had unpaid tolls in Texas, and that 'failure to pay may result in penalties or vehicle registration holds.' The scam email contained a link, which appears as an official web address, but when clicked redirects to a malicious site impersonating the website of state of Texas' Department of Transport's road toll collection service, TxTag. The scam website attempted to trick users into turning over their personal information, such as their name, phone number, home address, and their credit card details. The site (and another clone site hosted on a similar domain) appeared to be offline as of Tuesday morning on the U.S. east coast. A spokesperson for the Indiana government did not immediately comment.
