Scam alert: E-mails that look local and legit, but aren’t – PSE, and now King County

| Safety | West Seattle news | West Seattle online

Just got an e-mail pretending to be from “King County Ecommerce” regarding property taxes. We are 100 percent sure – even before we check – that it’s bogus. So we wanted to warn you not to open it, if you get it too! The telltale flaw: It is formatted just like an e-mail we received yesterday pretending to be from “Puget Sound Energy,” which definitely wasn’t, and led to a warning from PSE itself. The dangerous part about these e-mails is the attached zip file. DON’T OPEN IT. Ahead, read the alert that PSE sent out late yesterday (and, ADDED 2:52 PM, a warning from King County about the new one):

First, the new afternoon warning from King County, followed by yesterday’s warning from PSE:

King County is warning of an apparent email scam. The county has received calls from people and businesses within and outside of King County, including individuals from other states and countries, who have reported receiving false confirmation of an online property tax payment made through the King County e-commerce system. These emails were not sent by King County, and the county’s e-commerce system has not been compromised.

“It appears that someone copied our standard payment confirmation email and altered the header in the email so that it appears to be from King County,” said County Chief Information Officer Bill Kehoe. “These messages did not come from King County, and the recipients have not made any payments with us.”

Kehoe added that King County’s e-commerce system is safe. “We have robust protections on all of our information technology systems. The email addresses did not come from our database. Residents can rest easy, knowing that their personal information is secure.”

King County encourages everyone to practice safe computing habits. If you have not made a King County tax payment via the online system, but received an email notification from KingCountyEcommerce@kingcounty.gov, delete it, and do not open any attachments.

King County will also post a message on the property tax payment web site that warns the public about this situation.

Puget Sound Energy has posted an advisory warning its customers and others about a fraudulent email that mimics a bill-payment notification. The bogus email does not affect PSE customer accounts, which are secure.

The email looks like the notice PSE sends to online-billing customers when their utility bill is ready to be viewed and paid. The message contains PSE’s logo and some legitimate links to the utility’s site.

The phony email, which has reached some PSE customers as well as people in other states who never have been a customer of the Washington state utility, is part of a nationwide phishing scam that sends emails claiming to be from several well-recognized companies like PSE.

In its email billing notifications, PSE always addresses its customers by their full name rather than using “Dear Customer,” which is a clue of the fraudulent email. A second indication of the false email is the boldfaced message, “Refer to the attached file.”

PSE’s website (PSE.com) advises customers to take the following steps if they receive an email addressed, “Dear Customer.”

Do not click on the link in the email or open any attachments, which may contain a virus
Delete the email notice immediately

PSE customers should call 1-888-225-5773 if they have questions or need further information.

Yeah-me December 15, 2011 (11:01 am)

I got a bogus email today with a Facebook friend request. It looked exactly like a real one.. But was fake! Be careful!

Dave December 15, 2011 (11:02 am)

I got one for king county property tax also.
Red flag for me was I live in Snohomish county and I do not own any property in King.

roz December 15, 2011 (11:09 am)

Got the same email from KingCountyEcommerce@kingcounty.gov

I live on the other side of the country from King county, and with a zip file attached I knew better than to open it!

All South December 15, 2011 (11:26 am)

I got one and I live in Atlanta, GA.

Jenny December 15, 2011 (11:53 am)

Received an Email from King County Ecommerce:

Thank you for completing your payment using the Property Tax Information System. Your transaction reference number is 8223572393.

The following items were paid for on Thu, 15 Dec 2011 16:29:31 -0300:

Product Id Description
884122789246 King County Real Property.

The total amount of the purchase including a $1.35 convenience fee was $7897.17.

SCAMMERS.

MeToo December 15, 2011 (12:06 pm)

Ditto here…and I live in Minnesota, with no ties to Washington state.

scott December 15, 2011 (12:13 pm)

Just got one too! I’m in “sunny” San Diego

J. December 15, 2011 (12:20 pm)

I received one of these in Dallas TX about 2:15 p.m. At first was concerned someone might have made a payment by stealing my credit card info. Looks like some other sort of scam. Glad that a google search turned up this blog on the first page!

ClayBit December 15, 2011 (12:30 pm)

Just got one too and I’m in Toronto, ON

Sandy Adams December 15, 2011 (12:34 pm)

I got an email purporting to be from Amazon.com about an item I “ordered”. It looked very official, and had information about the cost of the item, the tax, expected delivery date, etc. At the bottom it noted that “returns are very easy” and gave contact information. I thought it looked suspicious so just filed it a “miscellaneous” folder without opening it.

Last night KOMO had a piece about this very thing and showed a document looking just like the one I received.

The scammers evidently think you will look at the item, say “oh, no I didn’t order this” and respond to their “return policy”. Then they’ve gottcha.

sandy

Ajax December 15, 2011 (12:55 pm)

A few weeks ago I received two email notifications from PSE, one was for my new bill (which I get every month) and the other was for my June 2011 bill. It matched the amount from the June bill so I assumed something had gone wrong in their system. I received an apology email from PSE a few days later saying it was an error. I wonder if this is related?

Jackie December 15, 2011 (1:13 pm)

Me too!! Heres mine.. I didnt download or open the attachment. My first thought was someone used my email addy in there payment info..

Dear,

Thank you for completing your payment using the Property Tax Information System. Your transaction reference number is 1476904898.

The following items were paid for on Thu, 15 Dec 2011 20:45:55 +0100:

Product Id

Description

085672577558

King County Real Property.

The total amount of the purchase including a $8.26 convenience fee was $2273.97.

Please note that it may take up to two weeks for your property tax payment to be reflected in our records after receiving your payment.

Please print attached notification and keep it as a receipt for your records. If you have any questions regarding your transaction, please contact a King County representative. Please do not respond to this email.

Sincerely,

King County Ecommerce

Curiouser December 15, 2011 (1:21 pm)

Unfortunately, it is very easy to create a phishing email, so we must all be alert to the scams. Don’t click on links or open attachments. If it is somewhere that you have an account, go directly to their website and/or call their fraud department. That email Jackie got does look similar to the automated reply you get when paying the property taxes online.
.
You can also check the header information and try to see who the actual sender is (rather than the one shown in the email). If you determine that it is a legitimate web mail company, such as hotmail, gmail, etc., you can forward the email to abuse@ (for example, abuse@gmail.com) and be sure to include the header information. They may be able to trace it and stop it.
.
Yesterday I received my first phone text phishing attempt, which was obviously bogus because it was ostensibly from Washington Mutual Bank!! The phone number they gave had already been trapped by the FTC or FCC (forgot which).

Bunnyfer December 15, 2011 (1:22 pm)

If you’re on a PC and using Outlook, right click on the email in your inbox (dont open it) and it will bring up the actual email address of the sender. If you’re ever in doubt, try that. If the email address, return email or domain names don’t match, just add to your Junk Mail and be done with it.

Jenny H. December 15, 2011 (1:52 pm)

I just received an email from King County Ecommerce as well. I am in Denver, Colorado. I am glad that I didn’t open the attachment and googled to check it out first. Thank you for posting/commenting on this! Have a Merry Christmas All…tis the season!

nikki December 15, 2011 (2:10 pm)

got two today with different confirmation code. didn’t open, just check it and marked it as phishing scam thru hotmail.

too sad, i don’t OWN an property to pay property tax..

Kath December 15, 2011 (2:19 pm)

I live in the Finger Lakes Region of Upstate NY. I know that the Counties on Long Island, are King, Queens, Nassau and Suffolk, having spent my early childhood in (Suffolk county). The e-mail I received is below:
Dear,
Thank you for completing your payment using the Property Tax Information System. Your transaction reference number is 21771858867.

The following items were paid for on Thu, 15 Dec 2011 11:42:28 -8000:
Product Id Description
406893873066 King County Real Property.

The total amount of the purchase including a $3.44 convenience fee was $7,214.81

Please note that it may take up to two weeks for your property tax payment to be reflected in our records after receiving your payment.

Please print attached notification and keep it as a receipt for your records. If you have any questions regarding your transaction, please contact King County reprensentative. Please do not respond to this email.

Sincerley,

King County Ecommerce

bridge to somewhere December 15, 2011 (2:21 pm)

I wonder what database was breached that housed all of these emails? The scammer must have thought most of his/her victims would be in Washington State, hence the “Puget Sound Energy” and “King County Ecommerce” mentions. I guess some local company was hacked or something?

E December 15, 2011 (2:40 pm)

I received 2 of the KingCounty emails today within minutes of paying a legitimate tax in Georgia on the state website. Is it possible that the DOR site is hacked?
Worried about information in Georgia…

WSB December 15, 2011 (2:46 pm)

Just got a news release from King County about this hacking (glad we didn’t wait for a news release, since it’s been a few hours). Will add to story in a minute – TR

Steven December 15, 2011 (3:10 pm)

I got a bogus text yesterday from Washington Mutual Bank, looking to confirm account status- that was pretty obvious! Lots of phishing going on out there. Be wise!

Greg December 16, 2011 (7:03 am)

I got one of these, extracted the .zip file and sent the resulting program off to a couple of online virus scanners. The very concerning result was that the program contained something called the ‘Zbot’ trojan – malware with functions including, but not limited to, allowing remote access to your machine, stealing whatever credentials it can find, and so on. It wasn’t easy to detect – only 3 of the 43 antivirus programs used to check found anything.

If you were unfortunate enough to have run the program (“.exe” file) that came with this, unplug your computer’s network connection and get some help!

argonautter December 16, 2011 (10:21 pm)

I had the same issue as Ajax with PSE a few weeks back. I had already paid my current bill and received a bill for September (which had also obviously been paid). I contacted PSE and they sent an apology. I don’t recall any attachments or links.