U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Artificial Intelligence

FBI alert: scammers target zoning permit applicants

The FBI warns of phishing attacks where crooks impersonate U.S. city and county officials to target people requesting planning and zoning permits. The FBI warns that scammers are impersonating U.S. city and county officials in phishing campaigns targeting businesses and individuals applying for planning or zoning permits. Using publicly available information, attackers craft messages that […]

FBI surveillance

The FBI warns of phishing attacks where crooks impersonate U.S. city and county officials to target people requesting planning and zoning permits.

The FBI warns that scammers are impersonating U.S. city and county officials in phishing campaigns targeting businesses and individuals applying for planning or zoning permits. Using publicly available information, attackers craft messages that appear legitimate to trick victims into responding or sharing sensitive information.

“The FBI is warning the public about an emerging phishing scheme by criminals impersonating city and county officials to solicit fraudulent payments for city and county planning and zoning permits.” reads the FBI’s public service announcement (PSA). “The criminals leverage publicly available permit information to identify potential victims and increase the legitimacy of the scam. Victims of this scam have been identified nationwide.”

Criminals are targeting individuals and businesses applying for land-use permits by impersonating city and county planning or zoning officials. Victims receive unsolicited emails referencing real permit details such as property addresses, case numbers, and the names of actual officials. The messages request payment of permit-related fees and instruct victims to send money via wire transfer, peer-to-peer payment apps, or cryptocurrency. The FBI states that the emails often appear convincing, using professional language, official-looking formatting, and attached PDF invoices listing supposed charges.

“Attached PDF invoices contain itemized statements of purported fees and direct applicants to request payment instructions via email, rather than telephone, to ensure a reliable audit trail for all correspondence related to the application. This is designed to deter the victim from calling the city or county office to verify the fees.” continues the PSA. “The emails emphasize urgency, threatening delays or other obstacles in the permitting process if the applicant does not immediately render payment.”

Attackers also time their messages to coincide with ongoing permit applications, increasing credibility. However, the sender addresses typically come from non-government domains that resemble official ones. Victims are often asked to request payment instructions by email rather than by phone, discouraging direct verification with local offices. The messages also stress urgency, warning that delays or problems with the permit process may occur if payment is not made immediately.

FBI recommends not trusting emails simply because they include official logos, names, or correct language. Always check the sender’s email address and domain for misspellings or unusual characters. Verify any requested fees directly with city or county offices using phone numbers from official websites. Law enforcement also recommends reviewing local government sites for warnings about impersonation scams. Users who suspect fraud or become a victim should report the incident to the FBI’s Internet Crime Complaint Center (IC3) at ic3.gov.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, scam)