Just got an e-mail pretending to be from “King County Ecommerce” regarding property taxes. We are 100 percent sure – even before we check – that it’s bogus. So we wanted to warn you not to open it, if you get it too! The telltale flaw: It is formatted just like an e-mail we received yesterday pretending to be from “Puget Sound Energy,” which definitely wasn’t, and led to a warning from PSE itself. The dangerous part about these e-mails is the attached zip file. DON’T OPEN IT. Ahead, read the alert that PSE sent out late yesterday (and, ADDED 2:52 PM, a warning from King County about the new one):
First, the new afternoon warning from King County, followed by yesterday’s warning from PSE:
King County is warning of an apparent email scam. The county has received calls from people and businesses within and outside of King County, including individuals from other states and countries, who have reported receiving false confirmation of an online property tax payment made through the King County e-commerce system. These emails were not sent by King County, and the county’s e-commerce system has not been compromised.
“It appears that someone copied our standard payment confirmation email and altered the header in the email so that it appears to be from King County,” said County Chief Information Officer Bill Kehoe. “These messages did not come from King County, and the recipients have not made any payments with us.”
Kehoe added that King County’s e-commerce system is safe. “We have robust protections on all of our information technology systems. The email addresses did not come from our database. Residents can rest easy, knowing that their personal information is secure.”
King County encourages everyone to practice safe computing habits. If you have not made a King County tax payment via the online system, but received an email notification from KingCountyEcommerce@kingcounty.gov, delete it, and do not open any attachments.
King County will also post a message on the property tax payment web site that warns the public about this situation.
Puget Sound Energy has posted an advisory warning its customers and others about a fraudulent email that mimics a bill-payment notification. The bogus email does not affect PSE customer accounts, which are secure.
The email looks like the notice PSE sends to online-billing customers when their utility bill is ready to be viewed and paid. The message contains PSE’s logo and some legitimate links to the utility’s site.
The phony email, which has reached some PSE customers as well as people in other states who never have been a customer of the Washington state utility, is part of a nationwide phishing scam that sends emails claiming to be from several well-recognized companies like PSE.
In its email billing notifications, PSE always addresses its customers by their full name rather than using “Dear Customer,” which is a clue of the fraudulent email. A second indication of the false email is the boldfaced message, “Refer to the attached file.”
PSE’s website (PSE.com) advises customers to take the following steps if they receive an email addressed, “Dear Customer.”
Do not click on the link in the email or open any attachments, which may contain a virus
Delete the email notice immediately
PSE customers should call 1-888-225-5773 if they have questions or need further information.