We always expect government emails to be dry, but this one’s got spice — phishing links, fake fines, and even the Indiana Horse Racing Commission. Sounds like the worst episode of “Scammy Things.”
In this publication, we’re uncovering a scam that’s making the rounds across Indiana and targeting residents with official-looking emails that could trick even the sharpest Hoosiers. Let’s break it down.
Phony emails using legitimate Indiana state agency addresses are scaring residents into paying fake toll fees — with links leading to potentially malicious sites.
How It Works:
- Residents receive emails from what look like official Indiana state agencies — yes, even ones like the Department of Transportation and the Prosecuting Attorneys Council.
- The email claims you have unpaid toll fees and warns of vehicle registration holds or financial penalties if you don’t pay.
- The message signs off with “Thank you, TxTag Customer Service” (a real toll brand, but irrelevant to Indiana).
- It includes a link to “pay now,” which may lead to malicious websites.
- The emails were sent using GovDelivery, a legitimate communications system used by the state — but a contractor’s compromised account allowed scammers access.
Who’s Targeted:
- Indiana residents, especially those likely to use state highways or toll roads.
- Anyone familiar with TxTag or government email communications.
- Email users who trust messages from ".gov" domains without verifying them.
Real-Life Example:
The Indiana Department of Homeland Security had to issue a public alert, confirming the emails were fake. Here’s what they shared via X (formerly Twitter):
“The State does not send unpaid toll notifications via text or email messages. A contractor’s account was hacked and used to send those messages.”
Meanwhile, Granicus, the vendor behind GovDelivery, noted this wasn’t a system-wide breach but rather a compromised admin account — likely due to a weak password or phishing scheme.
Why You Should Care:
This scam plays on urgency, authority, and fear. Clicking the wrong link could:
- Compromise your personal data
- Infect your device with malware
- Trick you into making unnecessary payments
- Lead to identity theft or long-term financial loss
The emails look real because they come from actual government domains — a detail that makes this attack especially dangerous.
How to Protect Yourself:
• Don’t trust toll notices via email or text — Indiana doesn’t send them that way.
• Check the source — Look beyond the email domain. Typos, strange phrasing, and odd sign-offs are red flags.
• Don’t click links in unsolicited messages — Go to the official site yourself.
• Enable multi-factor authentication wherever possible — even for your email account.
• Report phishing attempts to the FTC and Internet Crime Complaint Center (IC3).
Quick Tips:
Quick Tip #1: “Did you know? Government agencies rarely initiate first contact about fees or fines by email or text — they typically use mail.”
Pro Tip: “If you get an urgent message about money, verify it independently. Don’t click — check the official site first.”
Stay safe, stay informed.
Keywords:
• Phishing Scam – A fraud attempt where attackers impersonate trusted entities via email or text to steal information.
• GovDelivery Compromise – Unauthorized use of a legitimate government messaging platform to send scam messages.
• TxTag Scam – A toll fee scam falsely using the TxTag brand in regions it doesn’t serve.
• Multi-Factor Authentication (MFA) – A security measure that adds an extra layer of protection to logins.
• Social Engineering – Psychological manipulation used to trick individuals into divulging confidential info.
To read more, kindly find source article here