Dell Has Been Hacked, and Scammers Have Its Customer Database

Dell Has Been Hacked, and Scammers Have Its Customer Database Security & Privacy We've probably all encountered those bogus "Windows Support" phone calls, and I'm sure most know that the calls are a scam.

Dell customers, on the other hand, aren't so lucky.

News is breaking this week that Dell's customer service database is in the hands of scammers. There are numerous reports of Dell customers receiving phone calls from "support techs" that knew everything about a customer, including the customer's name, email, account info, and everything down to the support tag and device serial number.

Those cold-callers ultimately proved to be scammers out to con Dell's customers out of fake service fees, but that is not the scary part. No, the scary part is that these scam phone calls have been going on since at least May 2015, and Dell doesn't seem to be able to stop it.

10 Zen Monkeys broke the story yesterday when they reported:

Scammers pretending to be from Dell computers phoned me in November — but these scammers knew things about me. They identified the model number for both my Dell computers, and knew every problem that I'd ever called Dell about. None of this information was ever posted online, so it's not available anywhere except Dell's own customer service records. (Even my e-mail account is secured with "two-step verification"...)

I called the (real) Dell, and spoke to a customer support representative named Mark, who tried to explain how the scammers knew my account history.

"Dell has detected hackers," he said. "They're hacking our web site."

The story is only just breaking in the tech blogosphere, but the earliest reports are eight months old, and there have been over a dozen similar reports in June, July, September, October, and November.

Dell Has Been Hacked, and Scammers Have Its Customer Database Security & Privacy The reports are frighteningly consistent. Many read like this:

I just got a call on my cell phone from someone with a foreign accent who knew my name and said he was from Dell, and that over the last few weeks they have been getting reports from my Dell computer that there is a problem.  Was Dell hacked and customer information stolen??  There is no other way the person would have my name, cell phone # and know I had a Dell computer if it didn't come from your company.

It's not clear whether Dell's database has been hacked or whether the out-sourced tech support is making some extra money on the side, but we do know from the many reports that this is a widespread problem.

Dell Has Been Hacked, and Scammers Have Its Customer Database Security & Privacy

And to make matters worse, the scammers are using security flaws in Dell's support software to take control of a victim's computer:

They called my parents house from number 800-425-0090 they knew his model, his name, and account from Dell. They scared him into thinking his computer has viruses at which point they used Dell's assistant program to take control of the PC. They also knew how to do this. When my father realized they were trying to scare him, he asked for them to leave a notepad message saying what was wrong with the PC. They left a notepad text file saying viruses, hacking. This is definitely a scam and furthermore they have information only Dell would have and used Dell's program to gain access.

Dell keeps telling everyone that they are going to fix the problem; meanwhile the reports keep rolling in.

Clearly Dell's customers are going to have to protect themselves, so here are five rules for handling a scam phone call:

One, get the caller’s name and extension number and call them back, but be sure to place the call to the toll-free support number listed on the Dell website. The goal is to verify the caller's identity and relationship with Dell, so DO NOT call the number provided.

Two, if you  get a first and last name, try to look the caller up on LinkedIn. See if he has a profile which says he currently works at Dell. Not all valid support techs will, but if you find a profile then you can use it to judge the caller's trustworthyness.

Three, make a note of the number they are calling you from and Google it to see if there are other reports of scammers. (And yes, you can make them wait while you Google the phone number. A scammer deserves it, and a real support tech will understand your caution.)

Four, treat every call as if it is a scam by asking probing questions that may or may not be true so you can gauge their response. You can also try to try to trick the potential scammer into making a mistake by providing false information.

Five, don't hesitate to listen to your gut and simply hang up on the caller. If that proves to be a mistake, you can always pursue this through a secure channel like the Dell website.

found via Daring Fireball

images by MShades,

hypotekyfidler.cz,

Alexandre Dulaunoy

Nate Hoffelder

View posts by Nate Hoffelder
Nate Hoffelder is the founder and editor of The Digital Reader: He's here to chew bubble gum and fix broken websites, and he is all out of bubble gum. He has been blogging about indie authors since 2010 while learning new tech skills at the drop of a hat. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.

19 Comments

  1. iucounu6 January, 2016

    ‘A secure channel like the Dell website’ made me smile, given that it’s a story about Dell getting horribly pwned

    Reply
    1. Nate Hoffelder6 January, 2016

      Yes, I snickered at that as well. But it is still more secure than a cold call.

      Reply
  2. Mackay Bell6 January, 2016

    I’ve never encountered any bogus Windows Support phone calls. I never even knew there was such a thing.

    Maybe that’s yet another perk of always using Apple Macs.

    Reply
  3. Haesslich6 January, 2016

    Mackay: I’ve found that attitude has trained Mac users to blindly open attachments or engage in risky behaviour that’s gotten their Macbooks infected. Apple devices of all sorts are no longer the niche products that once upon a time kept them from being targeted… and as a result, while they’re still far behind the number of viruses Windows area, there’s been a huge upswing in malware infections in Mac computers.

    Best practises are the same no matter what platform you’re running (mobile device, desktop or laptop, thin client like a Chromebook)

    Reply
  4. Gbm6 January, 2016

    There is no way I will ever put my info on LinkedIn, too many trolls, harassers and scammers patrol it.

    Reply
  5. […] Dell Has Been Hacked, and Scammers Have Its Customer Database (The Digital Reader) – In case you missed this story. As a long-time Dell customer, this ruined my day. […]

    Reply
  6. Sharon Reamer8 January, 2016

    Nate – is this Dell US or is it international as well? I just recently acquired a Dell laptop (am worried). Wasn’t my choice – it’s a work computer. *sigh*

    Reply
    1. Jason Stewart10 November, 2017

      If it is a work computer then your internal IT department would probably be responsible for troubleshooting and fixing it wouldn’t they?
      This is coming from the technical support for Dell which is in India. I know it is coming from them because the scammers have my model and my name and my service tag and they also know about the previous repairs that Dell has done to the laptop.

      Speaking of which, I don’t recommend the Inspiron 14 7000 series to anyone. It is their thin laptop which can fold over and make it a tablet. I have had the motherboard replaced twice and three hard drives replaced. It is a piece of crap. And even after all of those repairs they will not provide me with a different model under the lemon law. They said it isn’t their policy and they would rather just keep fixing it.

      Reply
  7. Gbm8 January, 2016

    @Sharon Reamer
    Just remember Microsoft or Dell will not cold call you–that cost’s money. Dell will send you a snail mail letter if their is a problem or recall.

    Reply
    1. Nate Hoffelder9 January, 2016

      @ Gbm

      Good point. They might also send you an email, but a phone call is requires a person and that is costs money.

      Reply
  8. Sharon Reamer9 January, 2016

    Thank you!

    Reply
  9. Chuck15 January, 2016

    I can confirm that I’ve been getting these calls on a weekly basis for over three months now. All callers address me by my name, ask about my dell Inspiron including the model number, and have an Indian accent. They even spoof their number to make it appear like the real Dell Support phone number. I’ve given up on trying to block the calls, I just answer and mess with them. As soon as they realize I know they’re not from Dell they hang up. Rather than be annoyed I’m just enjoying patronizing and insulting them ^^

    Reply
  10. Ben30 March, 2016

    It’s still happening. I just got one today.

    Reply
  11. terry16 April, 2016

    Just got one yesterday. They gave me all kinds of info about a service call I made in the past. Then they told me that the past couple of days they noticed that someone has been trying to break into my Dell PC and that because it is a Dell PC, then it had the Dell security so he could attach to my PC and check it out. I told him, no thanks. I’ll check myself and hungup.

    Reply
  12. Tom26 July, 2016

    Bought a Dell PC in September 2015, and have gotten a dozen calls on my cellphone since January. The scammer of course knows my cellphone, date of purchase, serial number, email, etc. I would just hang up but played along the other day. Told me to do this, do that. Finally got bored and told him “I found the problem, a photo of your mother fucking a pig.” The discussion went downhill from there, with him calling me back repeatedly threatening to kill me and my family. I responded in kind.

    Reply
  13. Michael12 August, 2016

    I’ve gotten these calls daily for about two weeks. Yesterday I told the guy I know it is a scam and told him to stop f**king calling me. He then called me a f**king whore and hung up.

    Reply
  14. Stu20 December, 2016

    Still occurring nearly 2 years later.

    Reply
    1. Nate Hoffelder20 December, 2016

      And yet there’s almost no coverage.

      Crazy, isn’t it?

      Reply
  15. Jess2463 December, 2017

    This problem is still occurring and I WISH I would’ve read this forum before I let those stupid Dell hackers into my computer. I had no idea since they knew my full name, call number, and my service tag on my laptop. I’m still having problems with the computer after they hacked it with messages saying my ac adapter cannot be determined and I need to visit supportassist.dell.com and give them my info to fix it. I’m on the phone with the real Dell now. I’m buying an Apple MacBook next time, those last forever and I’ve never had any hacking issues with my old one (my son still uses that one).

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top
%d bloggers like this: