Phishing gangs are posing as government officials to steal money from permit applicants
FBI issues warning about new scam involving the impersonation of city and county fee collectors.
Phishers are impersonating government officials to trick Americans into making fake permit payments, the FBI has warned.
In a new public service announcement, the agency said criminals are harvesting information from active land use permit applications, enabling them to produce highly effective phishing lures.
Victims receive unsolicited emails mentioning details of their permit information, zoning application numbers or property addresses - before being asked to pay invoices for permit fees via wire transfer, peer-to-peer payment, or cryptocurrency.
Warning that people have been targeted across the US, the FBI wrote: "The emails use professional language, formatting, and imagery consistent with legitimate government communications for planning and zoning applications, including review processes, planning commission procedures, regulatory compliance, and relevant ordinances."
Scammers may time their emails to coincide with legitimate communications between victims and local officials about permit applications.
The messages often include PDF invoices listing supposed fees and instruct recipients to request payment instructions by email rather than phone, a tactic designed to prevent victims from contacting government offices to verify the charges.
They often contain usernames similar to city or county planning and zoning departments, but are sent from non-governmental domains, such as "@usa.com"
"The emails emphasize urgency, threatening delays or other obstacles in the permitting process if the applicant does not immediately render payment," the FBI wrote.
How to identify permit phishing scam emails
The FBI advised people not to assume emails are legitimate simply because they include official logos, names, or professional language. Recipients should carefully check the sender’s email address and domain, review official government websites for scam warnings, and contact city or county offices directly using verified phone numbers to confirm any payment requests.
Commenting on the FBI announcement, Michael Tigges, senior security operations analyst at Huntress, said, "This FBI warning confirms a dangerous trend: cybercriminals are now leveraging the transparency of our civic systems to bypass traditional defences.
"By ingesting massive swathes of land-use and permit data, attackers are creating 'surgical' phishing lures that appear 100% legitimate. This makes our primary line of defence. We must train teams to look beyond the accuracy of the data and focus on the absurdity of the request.
"It is a critical red flag that victims are still being asked to pay 'government fees' via cryptocurrency or P2P apps. To be clear: no government agency, state, local, or otherwise, will ever request payment via Bitcoin, Venmo, or wire transfer. If a request for money starts with a cryptocurrency wallet address, it should end with you hitting the 'report phishing' button."
READ MORE: FBI warns of surge in ATM jackpotting "cash on command" attacks
READ MORE: Large language models will cause a huge phishing crime wave, researchers warn
Anna Collard, CISO Advisor at KnowBe4, also said: "This is another reminder that social engineering can be highly contextual. By referencing real permit applications and impersonating trusted officials, attackers make the request feel expected rather than suspicious. Our guardrails are down because we think this request is plausible in that context.
"As a golden rule, whenever there is money or urgent requests involved, slowing down and performing a quick verification through a known channel can stop many of these scams.
"Social engineers rely on our heuristic thinking (fast shortcuts our brain makes), so taking a breather and double-checking any money request is a defense that helps in a time when red flags are hard to spot? Especially when phishing emails can be made to look legitimate or are spoofing the impersonated organisation".
