Major government software service provider Granicus was noted by Indiana and New Mexico's Doa Ana County to have had its GovDelivery email alert system exploited in phishing attacks, TechCrunch reports.
Attackers purporting to be Indiana state agencies have used the email alert system to deliver fake unpaid toll warnings with a link redirecting to a phishing site, according to the Indiana Office of Technology, which disclosed the compromise of a contractor's account but not of the state's other systems. Another scam message involved the impersonation of the state's Emergency Operations Center and the inclusion of a link that redirected to a bogus website of TxTag, the road toll collection service of Texas. While Indiana's agreement with Granicus ended in December, the state said that its account has not been removed. Also compromised by the GovDelivery exploitation is Doa Ana County's news portal, which had its email address used to deliver fraudulent payment warnings. Granicus has denied the breach of its systems.
Attackers purporting to be Indiana state agencies have used the email alert system to deliver fake unpaid toll warnings with a link redirecting to a phishing site, according to the Indiana Office of Technology, which disclosed the compromise of a contractor's account but not of the state's other systems. Another scam message involved the impersonation of the state's Emergency Operations Center and the inclusion of a link that redirected to a bogus website of TxTag, the road toll collection service of Texas. While Indiana's agreement with Granicus ended in December, the state said that its account has not been removed. Also compromised by the GovDelivery exploitation is Doa Ana County's news portal, which had its email address used to deliver fraudulent payment warnings. Granicus has denied the breach of its systems.
