The FBI says criminals are impersonating local planning and zoning officials in phishing emails that ask for permit-related fees. What makes the scam dangerous is not sloppy wording. It is the amount of real project detail attackers are putting into the message.
In a March 9 public service announcement, the FBI said victims across the United States have received emails tied to active planning and zoning applications. According to the advisory, the messages cite real permit information such as property addresses, case numbers, and the names of actual city or county officials.
That specificity is what makes the scam land. The email no longer feels like random spam. It feels like the next administrative step in a process already underway.
This is the kind of phishing email that catches people off guard because it arrives in the middle of a real, ongoing process.
The advisory says criminals are targeting people and businesses with active land-use or permit applications. Victims receive unsolicited messages requesting fees associated with those permits and are directed to make payment through wire transfer, peer-to-peer payment, or cryptocurrency.
The emails reportedly lean on urgency. Some threaten hearing delays or other complications if the payment is not made quickly.
Plenty of phishing emails fail because they are generic. This one succeeds for the opposite reason: it is specific. If the sender knows your project, your address, and the kind of fee you expect to pay eventually, the email feels like paperwork.
Attackers are borrowing trust from a real workflow, not just from a logo.
People expect permit and zoning work to be slow, formal, and document-heavy. That gives attackers a lot of cover. The FBI says common indicators include:
The result is a message that feels stressful but plausible at exactly the moment the victim is primed to accept it.
Even when the scam starts in email, the decision point often happens in the browser. Victims open the invoice, click a payment link, or reply into a thread that feels legitimate.
The final defense is often whether someone notices the domain, the payment flow, or the mismatch before money moves.
Attackers are increasingly building phishing around real workflows that victims already expect. That means protection has to account for context, urgency, and final payment destinations, not only grammar mistakes.
PhishClean is built around that gap: catching suspicious links, risky domains, and browser-level trust mismatches before a routine permit or invoice flow goes off course.
This post is based on the FBI/IC3 public service announcement Criminals Impersonating City and County Officials in Phishing Emails for Planning and Zoning Permits, published March 9, 2026.
What is the zoning permit phishing scam the FBI warned about?
The FBI says criminals are impersonating city and county planning or zoning officials and sending emails that request fraudulent permit-related payments using real project details.
Why does this scam feel so legitimate?
The emails reportedly include real permit information such as application numbers, property addresses, and the names of actual officials, which makes the request look routine instead of suspicious.
What should applicants do before paying permit fees by email?
Verify the sender domain, call the government office using a number from the official website, and never rely on payment instructions sent only by email.
PhishClean helps flag suspicious destinations and browser-level phishing signals before a routine permit or invoice flow turns expensive.
Install PhishClean FreeIf this helped, save it for later, share it with someone who would benefit from it, or subscribe for new browser-security guides from PhishClean.
Get practical phishing and browser-safety articles in your inbox. No salesy drip, just new guides and product updates when they are worth sending.