Dell Has Been Hacked, and Scammers Have Its Customer Database
Dell customers, on the other hand, aren’t so lucky.
News is breaking this week that Dell’s customer service database is in the hands of scammers. There are numerous reports of Dell customers receiving phone calls from "support techs" that knew everything about a customer, including the customer’s name, email, account info, and everything down to the support tag and device serial number.
Those cold-callers ultimately proved to be scammers out to con Dell’s customers out of fake service fees, but that is not the scary part. No, the scary part is that these scam phone calls have been going on since at least May 2015, and Dell doesn’t seem to be able to stop it.
10 Zen Monkeys broke the story yesterday when they reported:
Scammers pretending to be from Dell computers phoned me in November — but these scammers knew things about me. They identified the model number for both my Dell computers, and knew every problem that I’d ever called Dell about. None of this information was ever posted online, so it’s not available anywhere except Dell’s own customer service records. (Even my e-mail account is secured with "two-step verification"…)
I called the (real) Dell, and spoke to a customer support representative named Mark, who tried to explain how the scammers knew my account history.
"Dell has detected hackers," he said. "They’re hacking our web site."
The story is only just breaking in the tech blogosphere, but the earliest reports are eight months old, and there have been over a dozen similar reports in June, July, September, October, and November.
I just got a call on my cell phone from someone with a foreign accent who knew my name and said he was from Dell, and that over the last few weeks they have been getting reports from my Dell computer that there is a problem. Was Dell hacked and customer information stolen?? There is no other way the person would have my name, cell phone # and know I had a Dell computer if it didn’t come from your company.
It’s not clear whether Dell’s database has been hacked or whether the out-sourced tech support is making some extra money on the side, but we do know from the many reports that this is a widespread problem.
And to make matters worse, the scammers are using security flaws in Dell’s support software to take control of a victim’s computer:
They called my parents house from number 800-425-0090 they knew his model, his name, and account from Dell. They scared him into thinking his computer has viruses at which point they used Dell’s assistant program to take control of the PC. They also knew how to do this. When my father realized they were trying to scare him, he asked for them to leave a notepad message saying what was wrong with the PC. They left a notepad text file saying viruses, hacking. This is definitely a scam and furthermore they have information only Dell would have and used Dell’s program to gain access.
Dell keeps telling everyone that they are going to fix the problem; meanwhile the reports keep rolling in.
Clearly Dell’s customers are going to have to protect themselves, so here are five rules for handling a scam phone call:
One, get the caller’s name and extension number and call them back, but be sure to place the call to the toll-free support number listed on the Dell website. The goal is to verify the caller’s identity and relationship with Dell, so DO NOT call the number provided.
Two, if you get a first and last name, try to look the caller up on LinkedIn. See if he has a profile which says he currently works at Dell. Not all valid support techs will, but if you find a profile then you can use it to judge the caller’s trustworthyness.
Three, make a note of the number they are calling you from and Google it to see if there are other reports of scammers. (And yes, you can make them wait while you Google the phone number. A scammer deserves it, and a real support tech will understand your caution.)
Four, treat every call as if it is a scam by asking probing questions that may or may not be true so you can gauge their response. You can also try to try to trick the potential scammer into making a mistake by providing false information.
Five, don’t hesitate to listen to your gut and simply hang up on the caller. If that proves to be a mistake, you can always pursue this through a secure channel like the Dell website.
found via Daring Fireball
images by MShades,