What is happening?
The City of Novato recently issued an alert about a phishing scam targeting individuals involved in planning, building, and permitting. Cybercriminals are impersonating City staff and sending emails that appear legitimate, often including real permit details.
Why This Scam Is Different
This is not a generic phishing attempt. Instead, it is targeted using real project data.
Cybercriminals are pulling information from publicly available permit records, including property addresses, case numbers, and even the names of City staff. They use this information to create emails that look legitimate and relevant to ongoing projects.
Because the details are real, these messages are much harder to spot and far more likely to be trusted. That’s what makes this type of scam more dangerous than typical phishing emails.
Why this matters
This is not random spam. Attackers are using publicly available information—such as property addresses, permit numbers, and staff names—to make their messages more convincing. As a result, even experienced professionals are more likely to trust what they’re seeing.
Who is most at risk?
- Contractors and subcontractors
- Property owners and developers
- Anyone involved in permit or planning processes
What to watch for
- Emails requesting payment for permit-related fees
- Messages that create urgency or threaten delays
- Payment requests via wire transfer, apps, or cryptocurrency
- Sender email addresses that do not end in “@novato.gov”
What you should do
- Do not send payments based on email requests
- Always verify requests using official contact information
- Train your team to pause before acting on urgent payment requests
- Implement a simple internal verification process for financial transactions
Final thought
These scams are becoming more targeted and more convincing because they rely on real data. A quick verification step can prevent a costly mistake.
Learn more
We’ve outlined how these attacks work and how to protect your business here: