New Delhi: A new cyber fraud campaign involving fake emails sent in the name of government officials has come to light. The Federal Bureau of Investigation (FBI) has issued a warning stating that cybercriminals are impersonating city and county administration officials to target businesses and individuals.
According to the advisory, the phishing campaign specifically targets people who have applied for land-use permits, planning approvals, or zoning permits. Criminals use publicly available information to craft emails that appear legitimate and official.
Fraudsters demanding payments in the name of permit fees
Reports indicate that victims receive emails containing details such as their permit application number, property address, or zoning information. The emails claim that an additional fee is required for processing the permit.
Victims are then instructed to make payments through wire transfers, peer-to-peer payment platforms, or cryptocurrency. In several cases, fake invoices are also attached to make the message appear more authentic.
Investigators say many people fall victim to such scams because the information mentioned in the emails often matches their real permit applications.
Publicly available information used to create phishing emails
Cybercriminals frequently collect data from publicly accessible records and application-related information available online. This allows them to identify potential victims and send personalized phishing messages.
When recipients see their actual application details mentioned in the email, they are less likely to suspect fraud and may quickly proceed with the payment.
Warning signs of phishing emails
Cybersecurity agencies say such fraudulent messages often show certain common indicators:
• Emails sent from non-government domains instead of official government addresses
• Messages creating pressure to make urgent payments
• Attachments asking recipients to request additional details through email
• Requests for immediate payment to avoid delays in the permit process
Scammers sometimes also time these phishing emails to coincide with actual government communication timelines, making the messages appear more convincing.
How to verify such messages
Experts advise individuals and businesses to verify any such message before making payments.
This includes carefully checking the email domain and sender’s address. Recipients should also directly contact the relevant city or county administration to confirm whether any legitimate fees are pending.
Advice to report suspicious activity
Anyone who receives such suspicious emails or becomes a victim of the scam is advised to report the incident immediately.
Victims should share details such as the email address used by the scammers, the date the email was sent, phone numbers involved, the amount mentioned in the fake invoice, and other related information to help investigators track down those responsible.
Similar scams reported earlier
In recent years, several fraud cases have surfaced where criminals impersonated government or law enforcement officials. In some schemes, scammers used spoofed phone numbers to pretend to be law enforcement officers and extort money from victims.
There have also been cases where criminals claimed they could recover money lost in earlier scams in order to deceive victims again.
More recently, authorities have warned about the use of AI-generated voice deepfakes in phishing attacks targeting officials and individuals.
Growing threat of social engineering
Renowned cybercrime expert and former IPS officer Prof. Triveni Singh says cybercriminals are increasingly relying on social engineering techniques instead of exploiting technical vulnerabilities.
According to him, “Criminals often gain people’s trust and trick them into sharing sensitive information or making payments. Phishing emails sent in the name of government officials are part of this strategy. Therefore, it is extremely important to verify any information before making online payments.”
Experts believe that with the rapid expansion of digital services, awareness and vigilance remain the most effective defenses against such cyber fraud.
