A new planning and zoning permit phishing scam is raising concerns across the United States as cybercriminals impersonate city and county officials to trick individuals and businesses into paying fraudulent permit fees. The warning, issued by the FBI, highlights how attackers are exploiting publicly available government data to make phishing emails appear legitimate.
The scam targets people who have active applications for planning and zoning permits, particularly those involved in land-use projects or property development. By using accurate permit details, criminals create convincing emails that pressure victims to transfer money for fake administrative fees.
Planning and Zoning Permit Phishing Scam Targets Active Applications
Unlike generic phishing attempts that rely on vague messages, this scam is highly targeted. Criminals gather information from publicly available sources related to planning and zoning permit applications, including property addresses, application numbers, and the names of local officials.
Armed with this data, they send emails to applicants posing as planning and zoning board representatives. The emails typically claim that additional fees are required to process or approve the permit.
Victims are instructed to make payments through wire transfers, peer-to-peer payment services, or cryptocurrency—methods that are difficult to trace or recover once the money is sent.
What makes this planning and zoning permit phishing scam particularly effective is its timing. Emails may arrive while applicants are actively communicating with local government offices about their permits, making the fraudulent request appear routine.
Why the Zoning Permit Scam Looks So Real
The success of this planning and zoning permit phishing scam lies in its attention to detail. Many phishing campaigns fail because they are poorly written or obviously suspicious. This one is different.
The fraudulent emails often contain:
- Accurate property addresses and zoning case numbers
- Names of real city or county officials
- Professional language mirroring official government correspondence
- Attachments such as PDF invoices listing itemized fees
The emails may also use formatting and visual elements that resemble legitimate municipal communications, including references to regulatory compliance or planning commission procedures.
However, a key red flag is the email domain. While the sender’s name may resemble a government official, the email address often originates from non-government domains such as “@usa.com” instead of official municipal domains.
Another tactic involves discouraging verification. Victims may be told to request payment instructions through email rather than by phone, supposedly to maintain an “audit trail.” In reality, this discourages them from contacting the city office directly.
Public Data and Trust
This planning and zoning permit phishing scam highlights a broader cybersecurity issue—how publicly accessible government data can be weaponized.
Permit records and zoning applications are often publicly available to maintain transparency in local governance. But criminals are increasingly exploiting this information to craft targeted attacks.
In this case, the scam works because it combines accurate data with institutional trust. Most applicants assume that communications about permit fees will come from government offices, and the emails mimic that expectation convincingly.
The result is a form of government impersonation phishing that is harder for victims to detect than traditional scams.
Lessons from the Planning and Zoning Permit Phishing Scam
The rise of this planning and zoning permit phishing scam offers several lessons for businesses, property owners, and local governments.
First, legitimate-looking emails should never be trusted solely based on branding or professional formatting. Attackers can easily replicate logos, signatures, and official language.
Second, payment requests, especially those involving wire transfers or cryptocurrency—should always be verified through official channels.
Experts recommend contacting the relevant city or county office directly using the phone number listed on the government’s official website rather than responding to an email.
Applicants should also carefully examine the sender’s domain and watch for subtle misspellings or unusual characters.
Reporting Permit Payment Fraud
Authorities are urging victims of the planning and zoning permit phishing scam to report incidents to the FBI’s Internet Crime Complaint Center (IC3).
Reports should include details such as:
- The sender’s email address and date of the message
- Any phone numbers included in the communication
- The project’s scheduled hearing date, if applicable
- The amount requested and the payment method demanded
Reporting these scams helps investigators identify patterns and disrupt criminal networks running permit payment fraud schemes.
The emergence of the planning and zoning permit phishing scam is another reminder that cybercriminals are increasingly exploiting real-world processes—not just digital vulnerabilities. When administrative systems move online and data becomes public, attackers adapt quickly.
For applicants and businesses, the safest approach remains simple: verify first, pay later. In today’s threat landscape, even a routine permit email deserves a second look.
