A new phishing campaign has been observed leveraging a .gov domain to deceive employees into believing they owe unpaid tolls. The scheme uses urgency and fear tactics, threatening penalties or vehicle registration holds if the balance is not paid immediately. The attackers utilize the GovDelivery system to increase legitimacy, despite using Indiana's instance for a Texas-related scam. The phishing link leads to a fake TxTag website, where users are prompted to enter personal information and credit card details. The campaign exploits fear of consequences and mimics a well-known service, highlighting the importance of integrating human expertise into email security processes to identify and mitigate threats that bypass conventional malicious indicators.