TxTag Indiana Unpaid Toll Emails: Massive Scam Alert

Officials confirm that all TxTag toll messages appearing to come from Indiana government agencies are fraudulent phishing attempts

Indiana residents have been flooded with deceptive emails and text messages claiming to be from various state government agencies demanding payment for unpaid tolls. State officials have confirmed that these messages are part of a sophisticated phishing scam targeting thousands of residents. Here’s what you need to know to protect yourself from this growing threat.

Overview of the TxTag Indiana Toll Scam

Beginning late Monday, May 12, and continuing through Tuesday, May 13, 2025, thousands of Indiana residents received emails and text messages appearing to originate from legitimate Indiana state government email addresses and notification systems. These messages falsely claimed recipients had unpaid toll charges with “TxTag” (a Texas-based toll collection system) and urged immediate payment to avoid penalties or vehicle registration holds.

The scam takes advantage of compromised access to a government messaging platform previously used by Indiana agencies. According to the Indiana Office of Technology (IOT), a contractor’s account for a service that previously managed the state’s email subscription services was hacked, allowing scammers to send messages that appeared to come from official state sources.

What makes this scam particularly dangerous is that the messages appear to come from legitimate government communication channels that many residents trust and regularly receive notifications from. In some cases, the scam texts arrived from the same short code number (468311) used for authentic INDOT traffic alerts.

How the Scam Works

The scheme operates through a sophisticated compromise of a third-party government communication system. Here’s the technical breakdown of how this scam operates:

1. Compromised Platform: The scammers gained access to GovDelivery, a platform previously used by Indiana state agencies to manage email and text communications with residents. Although Indiana’s contract with Granicus (the company that provides GovDelivery services) ended on December 31, 2024, the state’s account was not properly removed from the system.
2. Account Infiltration: According to Granicus, a contractor’s administrative account was compromised, either through credential guessing or social engineering tactics. The Indiana Office of Technology confirmed that this compromised account was then used to distribute the fraudulent messages.
3. Impersonation of Authority: The scammers sent messages appearing to come from a wide range of Indiana government departments and agencies, lending credibility to their demands.
4. Urgent Action Prompts: The messages use urgent language about penalties and registration holds to create pressure for immediate action without careful consideration.
5. Malicious Links: Recipients who click the “Pay Now” links are directed to fraudulent websites designed to capture personal and financial information, including names, addresses, phone numbers, and credit card details.

This scam is particularly effective because it leverages trusted government communication channels that many citizens are accustomed to receiving legitimate notifications from, making the deception harder to detect.

Email and Text Patterns: How to Recognize the Scam

The fraudulent messages follow several consistent patterns that can help you identify them:

Examples of Scam Emails

Subject Lines:

• “TxTag Account Suspension Warning”
• “TxTag Toll Bill Available”
• “Important: Action Required on Your TxTag Account”

From Addresses: These emails appear to come from various Indiana state agencies, with addresses often ending in “@subscriptions.in.gov”, such as:

• [email protected] (Indiana Department of Environmental Management)
• [email protected] (Department of Revenue)

Email Content Example:

Dear Customer,

You have unpaid toll fees totaling $6.69. Failure to pay may result in penalties or vehicle registration holds.

Click below to view and pay your balance:
[Pay Now]

Thank you,
TxTag Customer Service

People Also Read

KSDOT.GOV Toll Text Scam: Kansas Officials Issue Warning

Tax Relief Group Calling You? Beware of This Growing Scam

Skoll Foundation Grant Application Email: Is it a Scam?

Examples of Scam Texts

The text messages typically come from the short code 468311, which has previously been used for legitimate INDOT communications. Messages include:

INDOT: TxTag Account Suspension Warning https://lnks.gd/2/32dnHTd

INDOT: TxTag Toll Bill Available https://lnks.gd/2/32dHBnd

People Also Read

Infinity Kingdom Discord Text Scam Exposed: Gamers Beware

Morgan Hunt WhatsApp Recruitment Scam: Job Seekers Beware

Dominique Jones Scam: Duo Busted in $387K Bank Fraud

INDOT: Important: Action Required on Your TxTag Account https://lnks.gd/2/32dDJ3x

Common Elements Across All Messages

Despite variations in format and alleged sending agency, the scam messages share several distinguishing characteristics:

• Reference to “TxTag” (Texas’s toll system) in Indiana-based communications
• Generic greetings like “Dear Customer” or completely blank greetings like “Dear “
• Links with shortened URLs (often using lnks.gd)
• Consistent toll amounts (commonly $6.69, though some variations exist)
• Urgent language about account suspension or penalties
• “GovDelivery” mentioned in footers or metadata
• Outdated Indiana government information (some emails from the governor’s office still referenced former Governor Eric Holcomb instead of current Governor Mike Braun)

Official Warnings and Responses

Multiple Indiana state agencies and officials have issued warnings about these fraudulent messages:

Indiana Office of Technology

The IOT released an official statement confirming:

• The messages are scams, and users should not click on any links
• The State of Indiana does not send unpaid toll notifications via text or email
• The state’s contract with the company that delivered these messages ended on December 31, 2024
• A contractor’s account was hacked and used to send the messages
• They are working with the company to stop further communications
• They are not aware of any current state systems being compromised

Attorney General Todd Rokita

Indiana Attorney General Todd Rokita issued an alert specifically addressing these scam messages:

Scammers are relentless in exploiting hardworking Hoosiers, and these fake TxTag emails are no exception. We’re fighting back against fraudsters, but Hoosiers must stay vigilant. Never click links or share personal information from unsolicited emails.

People Also Read

WhatsApp Job Offer Scam: Don’t Fall for the Trap

Comcast Xfinity 50% Discount Scam Call Alert Issued

Apple Approval Notice: The $143.95 Text Scam Tricking Users

He added that “These scams are designed to prey on busy families and seniors who may not spot the red flags. Our office is committed to holding scammers accountable and protecting Hoosiers’ hard-earned money.”

Indiana Department of Transportation (INDOT)

INDOT released an official warning banner instructing recipients to:

• DO NOT CLICK THE LINK
• DELETE THE MESSAGE
• REPORT TO THE FEDERAL TRADE COMMISSION (REPORTFRAUD.FTC.GOV) AND/OR INTERNET CRIME COMPLAINT CENTER (IC3.GOV)

The banner explicitly stated: “INDOT DOES NOT SEND TEXT MESSAGES RELATED TO UNPAID OR PAST DUE TOLLS.”

Indiana Supreme Court

The Indiana Supreme Court sent an email acknowledging awareness of “a malicious email and/or text message being circulated from Indiana state agency GovDelivery accounts, including the Indiana Courts account.” They confirmed they no longer use GovDelivery to send emails and texts, and warned that the messages contain a hyperlink that is “malicious in nature; do not click it.”

Red Flags: How to Identify These Scams

Beyond the specific patterns of these messages, there are several general red flags that can help you identify similar scams in the future:

1. Cross-state services: Indiana agencies would not be sending notices about Texas toll systems (TxTag)
2. Generic greetings: Government communications typically address you by name, not as “Dear Customer”
3. Pressure tactics: Urgent language designed to make you act quickly without thinking
4. Unexpected tolls: If you haven’t traveled on toll roads or in areas mentioned, be immediately suspicious
5. Shortened URLs: Government communications typically use full, official domain names, not shortened links
6. Spelling and formatting issues: Many of the scam messages contain unusual spacing, formatting, or grammar errors
7. Outdated information: Some messages reference former officials or outdated information (like former Governor Holcomb)
8. Multiple, rapid messages: Receiving multiple urgent notices in quick succession is suspicious

As one recipient noted in social media comments, “I knew it was a scam, as I do not cross the bridge.” Another mentioned, “I get them all the time. I live in Louisville, but the text is for using the New Jersey turnpike. I haven’t been on the Jersey turnpike in 25 years.”

How to Protect Yourself from Unpaid Toll Payment Scams

If you’ve received these messages or want to protect yourself from similar scams in the future, here are the steps experts recommend:

Immediate Actions If You Receive These Messages

1. Don’t click any links in the email or text message
2. Delete the message immediately
3. Block the sender if your email or messaging app allows it
4. Report the scam to the appropriate authorities (see below)

If You’ve Already Clicked a Link

If you’ve already interacted with one of these scam messages:

1. If you entered payment information: Contact your bank or credit card company immediately to halt payments and replace your card
2. Monitor your accounts for suspicious activity
3. Consider placing a fraud alert on your credit reports
4. Change passwords for any accounts you may have accessed after clicking the link
5. Run a malware scan on any devices used to access the link

Reporting Options

• Report suspicious emails to the Indiana Attorney General’s Office at www.indianaconsumer.com
• Forward spam emails to the Federal Trade Commission at [email protected]
• File a complaint with the Internet Crime Complaint Center at IC3.gov
• Call the Indiana Attorney General’s Office at 1-800-382-5516

Long-Term Protection Measures

• Verify directly: Always verify toll charges through official websites or by calling official customer service numbers
• Use official channels: For TxTag specifically, use only www.txtag.org or call 1-888-468-9824
• Remember government communication methods: Indiana state agencies do not send toll notifications via text or email
• Be skeptical of unsolicited messages: Government agencies typically don’t initiate contact via text for financial matters
• Set up multi-factor authentication on important accounts to prevent unauthorized access

Frequently Asked Questions

1. Is any TxTag Indiana Unpaid Toll Email or Text Notice Legitimate?

No. The Indiana Office of Technology has explicitly confirmed that “The State does not send unpaid toll notifications via text or email messages.” Any toll-related message claiming to be from an Indiana government agency is fraudulent.

2. What Should I Do If I Already Clicked a Link in One of These Messages?

If you only clicked the link but didn’t enter any personal information, run a security scan on your device. If you entered payment information, contact your bank or credit card company immediately to stop payments and replace your card. Monitor your accounts for suspicious activity and consider placing a fraud alert on your credit reports.

3. How Did Scammers Get Access to Send Messages Through Official Government Channels?

According to official statements, the scammers gained access by hacking a contractor’s account for GovDelivery, a platform previously used by Indiana state agencies. Although Indiana’s contract with this service ended in December 2024, the state’s account was not properly removed from the system.

4. Are Indiana’s Current Government Systems Compromised?

The Indiana Office of Technology has stated they are “not aware of any current state systems being compromised.” The breach appears limited to the former email notification system (GovDelivery) that is no longer actively used by the state.

5. How Widespread Is This Scam?

Based on reports from news organizations and government agencies, the scam appears to have targeted thousands of Indiana residents. Messages have been reported coming from at least 15 different state agencies and departments. The scam is part of a broader trend of toll-related scams that the Federal Trade Commission identified as increasing since January 2025.

Conclusion

The TxTag Indiana toll scam demonstrates the increasingly sophisticated methods scammers use to target citizens. By exploiting trusted government communication channels, these fraudsters created a particularly convincing deception that nearly fooled even careful consumers.

This incident highlights several important lessons about cybersecurity in our interconnected world:

1. Legacy systems pose security risks: Even after contracts end, unused accounts can become security vulnerabilities if not properly decommissioned.
2. Verification is essential: Always verify unexpected payment demands through official channels, especially when they involve unfamiliar services or geographic areas.
3. Government communication patterns matter: Understanding how government agencies typically communicate—and what channels they use for different types of messages—can help identify anomalies.
4. Multi-layer security is crucial: For both individuals and organizations, multiple security measures (including multi-factor authentication) provide important protection.

As Attorney General Rokita noted, staying vigilant is our best defense against these evolving threats. By understanding the patterns of these scams and following the protection measures outlined by state officials, Indiana residents can protect themselves from this and future scam attempts.

Remember: When in doubt, don’t click, don’t share information, and verify through official channels.