Phishing is hitting us hard at King County. A common phishing tactic used by the bad guys is sending emails in which the display name in the “From” field looks like it’s been sent by someone within King County. But that email address is fake and actually from someone trying to phish you. Unfortunately, we don’t always notice when such an email is a phishing attempt. That makes us vulnerable to viruses and other problem.

To help you identify these phishing scams, KCIT is adopting a new security feature to easily let you identify emails coming from outside email addresses.

When any email is delivered from an outside email address, the following will be added:

• In the “Subject’ line, the word “EXTERNAL” will be added.
• A warning message will be added to the body of the email message.

This warning message will let you know the email came from outside the county and has the potential to be a phishing scam.

Some cybersecurity tips

• If you receive an email from what appears to be another King County employee, but the external warning message has been added to the email, this is a potential phishing scam.
• If you receive an email from an external email address, do not click any links or open attachments unless you know the content is safe.
• If you’re not certain if the links or attachments are safe and the email came from someone you normally get emails from, call the sender and verify they actually sent you the email.
• Do not reply to the email to ask them if they actually sent the email. You could be communicating with a phishing fraud scammer.
• If you don’t know who sent an email, delete it.

This new process will be implemented May 1. For questions or concerns visit the KCIT Support Site at https://helpdesk.kingcounty.gov.