In today’s interconnected world, the threat of cybercrime is ever-present. Malicious actors are constantly evolving their tactics, and one of the most persistent dangers is “phishing” – deceptive emails designed to trick you into revealing sensitive information or taking harmful actions. We’ve seen a rise in sophisticated phishing attempts, with some even appearing to originate from government sources, making them particularly convincing.
This is a critical reminder for all developers and users of the City of Asheville’s permitting system: Beware of current email phishing attempts!
There have been an increasing number of emails from at least four local governments in North Carolina with suspicious documents attached over the last several weeks. Be very suspicious of any emails with a document attached.
The City of Asheville will never ask for payment by wire transfer.
Any email that makes such a request is a scam and should be treated with extreme caution. Your permit payments and processes are handled through official, secure channels, and we will never solicit payments through unsecured methods like wire transfers via email.
Your cybersecurity toolkit: essential tips to stay safe
As you navigate your inbox, keep these vital tips in mind:
- Be extra cautious about clicking links in email messages: Even if an email appears to come from a legitimate source – like the City of Asheville – it’s smart to hover your mouse cursor over any links before clicking. Look for misspellings in the URL, odd-looking domain names (e.g., https://www.google.com/search?q=cityofasheville.com instead of ashevillenc.gov), or unusual characters. If something feels off, it probably is. When in doubt, type the official website address directly into your browser.
- Be especially suspicious of unexpected messages requesting action: Phishing emails often try to create a false sense of urgency. They might ask you to “click here immediately,” “reset your password,” “confirm account details,” or “verify a payment” – even for a permit you weren’t expecting to pay for. If you weren’t anticipating the message, take a moment to verify it through another trusted, independent channel. For City of Asheville permitting, use the official phone numbers or visit the official website you already know. Do NOT reply to the suspicious email or call a number listed within it.
- Government email addresses can be spoofed or compromised: Just because an email appears to come from a .gov address doesn’t automatically guarantee it’s safe. Cybercriminals are adept at “spoofing” sender addresses, making them look legitimate. In some cases, even legitimate government accounts can be compromised and used maliciously. Always look closely at the content and context of the message. Does it sound like something the City would send? Is it for a permit you know about? Does it ask for unusual payment methods?
What to do if you encounter a suspicious email:
- Do not click on any links.
- Do not open any attachments.
- Do not reply to the email.
- Do not provide any personal or financial information.
- Delete the email immediately. If you’re concerned about a legitimate transaction, contact the City of Asheville’s Development Services Department directly through official contact methods found on the ashevillenc.gov website.
For official City of Asheville information regarding permits and inspections, always visit https://www.ashevillenc.gov/department/development-services/.