Fraud emails from government addresses: US portal misused for scam

In the USA, the portal of a provider that sends emails to citizens on behalf of public authorities has been compromised. As a result, messages with fraudulent links were sent from government email addresses, reports TechCrunch. The messages claimed, for example, that the recipients should pay outstanding toll charges for toll roads. However, anyone who clicked on the link sent did not end up on the official site, but on a replica. The campaign was therefore carried out by a service provider whose contract with the authorities was terminated in December, but whose access was still available.

Scope of the fraud can probably be determined

According to TechCrunch, the breach was carried out via an account of the IT company Granicus, which provides services for government agencies. One of these is called GovDelivery and enables authorities and government agencies to disseminate information via email, SMS or social networks. As the company has now confirmed to the news site, unknown persons have compromised access to this system and thus sent the fraudulent messages. The Granicus systems themselves were not broken into. The company could even find out how many individuals the false messages were sent to. However, the company did not provide any figures.

The problems have now been acknowledged by the government of the US state of Indiana, and at least one municipality in New Mexico was also affected. TechCrunch also received a report of an email about alleged toll charges in Texas. It is therefore unclear how widespread the scam campaign was and whether it has now ended completely. Fraudulent emails with requests for payment are not uncommon, but they seem particularly convincing from state email addresses. What is also unusual in this case is that the campaign is being carried out via the systems of a service provider that is no longer responsible for the services. The contract with Indiana expired at the end of the year.

(mho)