Denver warns of scam emails targeting rezoning applicants amid rise in AI-powered phishing

The City and County of Denver has issued a cybersecurity alert after fraudulent emails surfaced impersonating the city’s Community Planning and Development department. The messages falsely claim recipients owe rezoning fees and use official looking language and city branding to appear legitimate.

According to the city, these emails were not sent by Denver and originate from non city email addresses. Officials are urging recipients to verify communications before responding, particularly when emails request payment or personal information tied to permitting or development activity.

Naked Denver CTO and senior security engineer Andrew Roe said scams like this are becoming increasingly common as artificial intelligence tools lower the barrier to entry for sophisticated phishing campaigns. AI allows nontechnical threat actors to quickly generate realistic messages and summarize large amounts of publicly available information, making outreach appear informed and credible.

Roe noted that attackers can easily search public records and aggregate data to identify likely targets, especially those actively involved in rezoning or development processes. Even responses that seem harmless can provide valuable information. Small details shared over email or phone can help attackers build detailed profiles that enable more serious attacks later.

He said awareness remains the most effective defense. That includes understanding how legitimate city staff communicate, knowing what types of questions permitting officials would and would not ask, and verifying email domains before responding. Roe emphasized that engaging with phishing attempts in any form can escalate risk, even when no money is exchanged.

City officials encourage anyone who receives a suspicious email to avoid clicking links or opening attachments and to report the message through official city channels.