Executive Summary
In March 2026, the FBI issued a warning about a phishing campaign where criminals impersonated U.S. city and county officials to target individuals and businesses applying for land-use permits. The attackers used publicly available information to craft convincing emails, instructing victims to pay fraudulent fees via wire transfer, peer-to-peer payment, or cryptocurrency. This scheme exploited the victims' trust in official communications, leading to financial losses and potential exposure of sensitive information.
This incident underscores a growing trend of cybercriminals leveraging publicly accessible data to enhance the credibility of their phishing attacks. The increasing sophistication of such schemes highlights the urgent need for heightened vigilance and robust verification processes in all interactions involving sensitive transactions.
Why This Matters Now
The rise in phishing attacks impersonating government officials poses a significant threat to public trust and financial security. As these schemes become more sophisticated, it's crucial for individuals and businesses to implement stringent verification measures to prevent falling victim to such fraud.
Attack Path Analysis
Attackers initiated the campaign by sending phishing emails impersonating city and county officials to individuals and businesses with active land-use permit applications. Upon successful deception, victims were tricked into transferring funds to attacker-controlled accounts. The attackers then established command and control by maintaining communication with victims to ensure the fraudulent transactions were completed. Finally, the attackers exfiltrated the stolen funds, resulting in financial loss for the victims.
Kill Chain Progression
Initial Compromise
Description
Attackers sent phishing emails impersonating city and county officials to individuals and businesses with active land-use permit applications.
MITRE ATT&CK® Techniques
Impersonation
Spearphishing Attachment
Spearphishing Link
Spearphishing Voice
Spearphishing Service
Email Spoofing
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Security Awareness Training
Control ID: 6.4.3
NYDFS 23 NYCRR 500 – Cybersecurity Awareness Training
Control ID: 500.14(b)
DORA – ICT Risk Management Framework
Control ID: Article 13
CISA ZTMM 2.0 – Phishing-Resistant MFA
Control ID: Identity Pillar
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Government Administration
Primary target of phishing attacks impersonating city/county officials requesting zoning permit fees, exploiting public records and governmental communication channels for social engineering fraud.
Real Estate/Mortgage
High vulnerability as businesses with active land-use permits are specifically targeted through fraudulent zoning fee requests, risking financial loss and project delays.
Construction
Direct exposure through permit application processes where criminals leverage publicly available zoning information to conduct convincing phishing attacks requesting fraudulent permit fees.
Law Practice/Law Firms
Significant risk when handling client zoning applications and permit processes, potentially exposing both firms and clients to sophisticated government impersonation phishing schemes.
Sources
- FBI warns of phishing attacks impersonating US city, county officialshttps://www.bleepingcomputer.com/news/security/fbi-warns-of-phishing-attacks-impersonating-us-city-county-officials/Verified
- Criminals Impersonating City and County Officials in Phishing Emails for Planning and Zoning Permitshttps://www.ic3.gov/PSA/2026/PSA260309Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could likely reduce the attacker's ability to exploit internal network pathways, thereby limiting the potential financial impact.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's ability to exploit internal network pathways would likely be constrained, reducing the potential financial impact.
Control: Zero Trust Segmentation
Mitigation: While privilege escalation was not a factor in this incident, Zero Trust Segmentation could limit unauthorized access in similar scenarios.
Control: East-West Traffic Security
Mitigation: Although lateral movement was not observed in this incident, East-West Traffic Security could limit such activities in comparable cases.
Control: Multicloud Visibility & Control
Mitigation: The attacker's ability to maintain unauthorized communication channels would likely be constrained, reducing the effectiveness of fraudulent activities.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's ability to exfiltrate funds through unauthorized transactions would likely be constrained, reducing financial losses.
The financial impact on victims would likely be reduced due to constrained attacker activities.
Impact at a Glance
Affected Business Functions
- Permit Processing
- Financial Transactions
- Regulatory Compliance
Estimated downtime: N/A
Estimated loss: N/A
Potential exposure of sensitive permit application information, including property addresses and zoning application numbers.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Multi-Factor Authentication (MFA) to prevent unauthorized access resulting from credential compromise.
- • Deploy Intrusion Prevention Systems (IPS) to detect and block malicious traffic patterns associated with phishing campaigns.
- • Utilize DNS filtering to block access to known malicious domains and prevent users from accessing phishing sites.
- • Conduct regular security awareness training to educate employees on recognizing and reporting phishing attempts.
- • Establish robust incident response procedures to quickly address and mitigate the effects of phishing attacks.
