Category Archives: cybercrime

True Crime Thursday – Government License and Permit Scams

Posted on by

by Debbie Burke

You may be familiar with email and text scams from fraudsters claiming you missed jury duty or owe traffic fines or road tolls. Immediate payment is demanded, or they threaten you’ll be arrested, your driver’s license suspended, yada, yada, yada.

https://creativecommons.org/licenses/by-nc/4.0/

When such messages are sent by email, they’re called “phishing.” Those sent by text are “smishing.”

https://creativecommons.org/licenses/by-nc/4.0/

Many victims fall for these scams because the convincing messages look and sound like the government agencies they supposedly represent. Plus they play on fear and urgency.

Well, criminals have stepped up to a new level of sophistication.

If you plan to build, remodel, make additions, or otherwise change the use of your property, you may need to obtain permits and/or licenses. When a business or individual applies, the information filed for those projects is publicly available and can be accessed by criminals. That includes the property address, as well as actual code numbers for required permits.

In some states (like Florida), even a change as small as replacing a window requires permits, inspections, and, of course, fees.

Zoning and licensing departments are usually backed up, causing delays in project completion while the property owner waits for inspections and re-inspections before they receive approval to continue.

So it’s not surprising to receive an email that appears to originate from these agencies demanding fees. If you don’t pay immediately, they warn your project will be delayed, disapproved, and blocked.

Anyone who’s ever built a house or developed property understands the frustration of constant delays, as well as fees on top of fees on top of more fees.

Criminals are quick to recognize new profit opportunities. Permit and license scams are among the latest.

The FBI issued a public service announcement on March 9, 2026, warning about the recent rising trend of phishing emails from criminals impersonating government departments.

According to the PSA:

  • The emails contain detailed, accurate information about planning and zoning requests, including property addresses, case numbers, and the true names of city and county officials.

  • The emails use professional language, formatting, and imagery consistent with legitimate government communications for planning and zoning applications, including review processes, planning commission procedures, regulatory compliance, and relevant ordinances.

  • The email addresses contain usernames similar to city or county planning and zoning departments but originate from non-governmental domains, such as “@usa.com”

  • Email delivery may be timed to coincide with ongoing communications with city and county officials regarding the permitting process.

  • Attached PDF invoices contain itemized statements of purported fees and direct applicants to request payment instructions via email, rather than telephone, to ensure a reliable audit trail for all correspondence related to the application. This is designed to deter the victim from calling the city or county office to verify the fees.

  • The emails emphasize urgency, threatening delays or other obstacles in the permitting process if the applicant does not immediately render payment.

So how do you determine if an email is real or fraudulent?

  • If they demand payment by wire transfer, peer-to-peer payment service, or cryptocurrency, it is a fraud. Government agencies do not require these methods. But criminals love them because funds can’t be traced, and you can’t recover your money.
  • Check the actual website (NOT the link in the email). You may find the agency has posted warnings with updates about new scams.
  • Call the agency using the phone number listed on their official website (NOT a number from the email). Find out if fees are actually due.

Some agencies even reach out proactively to warn of scams. For instance, a few days ago, I received an email from the Montana Secretary of State who handles business licenses. She warned impersonators were making bogus demands for fees from business owners.

Since her email didn’t ask for money, I knew it was genuine!

The FBI adds:

If you or someone you know has fallen victim to this impersonation scam, file a complaint with the IC3 at www.ic3.gov. Be sure to include any available information including:

  • The email address, date of email, phone number, if provided;

  • The date of your project’s scheduled hearing, if applicable; and,

  • The amount listed in the fraudulent invoice, the method requested to pay fees, and bank account information, if provided.

Under the best circumstances, the permit and licensing process is glacial in speed.

Unfortunately, in some instances, internal corruption means shakedowns and bribes are required before a project moves forward. Remember The Sopranos?

Now phishing scams will mire systems even more as people call to find out if notices are fakes. Plus agencies must field complaints from victims who’ve been defrauded.

Ironically, so-called “artificial” intelligence is being used to create scams that appear increasingly real.

Credit: Andrea Pokrzywinski

As AI improves, new phishing emails may not smell as phishy as older versions but they still are frauds (phrauds?). 

~~~

TKZers: Have you encountered phishing or smishing?

~~~

In Stalking Midas, glamorous con artist Cassandra Maza doesn’t need AI. Instead, she uses charm and flattery to ensnare her latest prey: a cranky senior who loves his nine rescue cats. Then investigator Tawny Lindholm uncovers the scam. Cassandra has killed before and each time it gets easier. Now Tawny is in her sights.

Sales link

True Crime Thursday – Cybercrime Then and Now

Posted on by

Public domain

by Debbie Burke

@burke_writer

Cybercrime continues to expand globally with costs estimated to reach more than $10 trillion. That’s trillion with a T.

At the turn of this century, cyberattacks affected relatively few individuals. From 2001 to 2017, statistical charts showed a gradual increase. Between 2018 and 2020, cybercrime numbers shot up like a rocket. Since then, the rise maintains a nearly vertical trajectory.

Take a look at this chart by Statistica.com.

According to Keepnetlabs.com, cyberattacks occur every 39 seconds, with ransomware incidents happening every 11 seconds.

I first wrote about cybercrime, hackers, and deepfakes back in 2019, imagining how AI could be misused in the future. Early on, attacks were often pranks, like that naked guy who crashes a Zoom meeting.

During Covid, people were stuck home with nothing to do. Idle hands are the devil’s workshop. Cybercrime blossomed into a major industry. Since then, with AI advances, it’s exploded beyond all imagination. I’ve written about various forms here, here, and here.  

Here are four updates on cyberscams:

  1. Social media cloning continues to be a growing problem, according to attorney Steve Weisman who writes the great informational site, Scamicide.

Almost a decade ago, cloning happened to me on Facebook. I’d developed a small but loyal following on FB, including readers from all over the US, Canada, UK, Australia, and Japan. Then someone cloned my identity. At the time I didn’t even know what the term “cloning” meant.

Cloning is a process by which a bad actor takes over your social media handle, creates a new account using your same name, information, photo, etc. and pretends to be you. They usually send out new friend “requests” to your contacts. Anyone who accepts the request is now caught in the bad actor’s web.

My FB friends received strange messages supposedly from me. I learned about it after several emailed me, asking if I was in Spain and needed bail money. Uh, no. When I tried to access my account, it was blocked. Nor could I contact FB for help. A brilliant astrophysicist friend figured out what happened and contacted them on my behalf.

Many hours of work later, things were back to normal, with newly adjusted stringent privacy settings. But why did fixing the problem require help from a friend with a Harvard PhD?

Some months later, my account was cloned again. At that point, I decided if FB’s security was that lax, and reporting a problem was so difficult, I didn’t need the headaches. I closed my account, unfortunately losing contact with valued readers.

Back then, FB was reluctant to acknowledge the problem and made it nearly impossible to report. I figured maybe my case was an unusual occurrence.

Wrong.

Now, according to Steve, FB/Meta admits to “as many as 60 million phony cloned Facebook accounts including hundreds of its founder Mark Zuckerberg.”

Cloning happens across all social media platforms, and is especially pervasive when they’re interconnected with each other, like FB and Instagram. Criminals are happy to exploit any opportunity to reach thousands, if not millions, of people with a few clicks. Cloning is only one of many ways they victimize users of social media. That topic could fill up a whole ‘nother post.

2. Smishing scams – According to Steve Weisman’s new post, smishing is defined as:

…Text messages that lure you into clicking on links or providing personal information in response to a text message from what appears to be a trusted source, such as a company with which you do business.

Steve’s post says the FTC warns of a huge uptick in smishing that cost $470 million in the past year. Text messages often appear to come from Amazon, FedEx, USPS, Cash App, Netflix, banks, etc.

A new twist is: 

Making matters worse, scammers are able to use bots to send thousands of smishing text messages in a matter of seconds and while many phones have anti-spam filters to recognize repetitive text patterns used by scammers, scammers are able to use AI to create slight variations of their smishing text messages to avoid detection.

 

Every week, I receive smishing messages supposedly from my bank, warning of suspicious activity in my account. 

Phony messages from Fedex and the post office claim there’s a problem with a delivery and tell you to click on this link. Don’t do it!

And speaking of the post office…

3. Account hacking – Here’s a weird crime twist that recently happened to me.

For years, I’ve used usps.com to preprint and prepay postage for priority mail labels. During extended absences from home, I preprint labels for the friend who forwards first class mail to us once a week at a Florida address.

Around the 2024 holidays, our forwarded mail didn’t arrive in Florida. Tracking showed a circuitous route that ended with the vague message “in transit.” We visited the local Florida post office. The clerk said a bin of mail had gone missing. “It happens all the time. It’ll eventually turn up.”

How reassuring since our envelope contained bills that needed to be paid now.

After more trips to the post office, we learned the envelope had been “returned to sender” to our address in Montana.

What???

The mailing label was totally correct since it had been officially printed by the post office. So why wasn’t it delivered?

Meanwhile, our friend sent another batch of mail to Florida using another preprinted label. But when I checked tracking, it showed that envelope had been delivered to an address in Maryland.

What???

Back to the Florida post office. The same helpful clerk ran the tracking number through his computer. Yup, his also showed delivery to Maryland. Then he disappeared in the back processing room. Fifteen minutes later, he came out with our envelope. Even though tracking showed delivery to Maryland, here it was in Florida where it was supposed to be.

Something smelled fishy.

Since our friend in Montana still had several preprinted labels that had not been used, I checked the tracking numbers for those. Incredibly, all showed as already delivered to addresses around the country—New York, Georgia, California, etc.

What???

Back to the post office to show this evidence to the same long-suffering clerk (who was now our new best pal). He called fraud/security and dug deeper. After nearly an hour of research, he suspected someone had hacked into our usps.com account. He recommended changing the password, which I did.

Fortunately, no one had accessed the VISA card I used to pay for the postage.

The plot thickens.

Turns out this is a regular racket. Clever thieves hack into usps.com user accounts, and steal labels that have already been paid for but not yet used. They reprint the labels with the same tracking bar code but a different address. They then use those fraudulent labels to ship merchandise (usually stolen) to customers of their own shady businesses.

Selling stolen merchandise and shipping it with stolen postage equals zero expenses and 100% profit for crooked operators. Our post office pal gave the thieves a grudging compliment: “These guys are very good.”

A clear case of postal fraud, likely an inside job. Most of the bogus labels had been routed through the post office’s Bethesda, MD distribution center. If I were a detective, I’d start my investigation in Bethesda. Hint, hint.

Did fraud/security ever follow up? Dunno. Our PO pal never heard another word. Will anyone ever get caught or prosecuted? Unlikely.The advantage for cybercriminals is they are nearly impossible to track. 

4. Impersonation scams – For years, scammers have posed as government agencies and law enforcement. They contact victims by phone, email, text, or social media with bogus claims you owe fines and/or back taxes that must be paid immediately or else you’ll be arrested. But because they are such generous, caring folks, they’ll make your problem go away if you pay them with cryptocurrency, gift cards, wire transfers, or other untraceable funds. 

This morning, I received a public service announcement from the FBI warning of scammers who pose as representatives of the FBI’s Internet Crime Complaint Center (IC3) who claim they recovered money you’d been previously scammed out of. They will return that lost money to you…you guessed it…for a fee, payable by cryptocurrency, gift cards, wire transfers, or other untraceable funds. 

Yup, the cybercrime situation has gotten so out of control that the FBI’s IC3 division has to issue PSAs about their own department being impersonated. Talk about irony.

Back in 2000, we wondered IF we might ever be victims of this mysterious new method of crime.

Now it’s a certainty and the only question is WHEN? 

A sad fact of life in the 21st century.

~~~

Now that I’ve spoiled your day, it’s your turn, TKZers.

Share your personal experience with cybercrime. Any brilliant suggestions to block criminals? Do you have favorite security software?

~~~

Coming July 2025! Debbie Burke’s new writing craft guide:

The Villian’s Journey ~ How to Create Villains Readers Love to Hate

For more details, please click here. No, this link won’t ask for cryptocurrency, gift crads, or wire transfers!