TechCrunch learned that an email notification system used by federal and state government departments in the United States has been used to remind residents of important information and has been used to send scams.

Indiana said Tuesday it was “aware of fraudulent messages sent to residents by state agencies.” TechCrunch saw an email from the Indiana government department claiming the recipient's recipient balance is excellent and contains a disguised link that redirects it to a malicious website.

A statement from the Indiana Technical Office said, “It is working with the company that is using to pass on this information to prevent any further communication.”

Indiana says the contractor's account was hacked and used to send scams. The state said it was not aware of “any current status system” being compromised, but did not rule out earlier violations.

The statement said the contract TechCrunch learned about with the unspecified company was Govtech Giant Granicus, which ended in December 2024, but the state claimed the company "had not deleted the state's account."

"We are aware of the recent malicious emails sent through Govdelivery from the Indiana government field," Grannikos spokesman Sharon Rushen told TechCrunch. The company confirmed the breach was caused by compromised user accounts, but did not comment on Indiana's claims.

"The Granicus system itself is not compromised," Rushen said. When asked, the company said there is indeed a technical means to determine how many people received malicious emails, but did not immediately provide the figures of those affected.

As the FTC warned in January, the fake Fair news is an increasingly common scam. The scam involves sending text messages and emails, claiming that the recipient should be attributed to charging agencies across the United States. By targeting an email system that the government uses to notify the public, scammers hope that victims are more likely to open official-looking emails.

The person who received the scam shared an email with TechCrunch. Scam emails are sent from the official Indiana government email address associated with the state’s Emergency Operations Center, which coordinates responses and alerts in the event of a natural disaster or other emergency. The email claims the recipient has an unpaid toll in Texas, and “failure to pay could result in a fine or vehicle registration.”

The scam email contains a link that appears to be an official govdelivery.com URL, but when clicking redirects to a malicious website, the site impersonates the Texas Department of Transportation’s website, TXTAG.

Scam websites try to trick users into transferring their personal information, such as their name, phone number, home address and credit card details. As of Tuesday morning, the location (and another clone site hosted on a similar domain in a similar domain) appears to be offline.

An Indiana government spokesman did not immediately comment.