Dell Has Been Hacked, and Scammers Have Its Customer Database
We’ve probably all encountered those bogus "Windows Support" phone calls, and I’m sure most know that the calls are a scam.
Dell customers, on the other hand, aren’t so lucky.
News is breaking this week that Dell’s customer service database is in the hands of scammers. There are numerous reports of Dell customers receiving phone calls from "support techs" that knew everything about a customer, including the customer’s name, email, account info, and everything down to the support tag and device serial number.
Those cold-callers ultimately proved to be scammers out to con Dell’s customers out of fake service fees, but that is not the scary part. No, the scary part is that these scam phone calls have been going on since at least May 2015, and Dell doesn’t seem to be able to stop it.
10 Zen Monkeys broke the story yesterday when they reported:
Scammers pretending to be from Dell computers phoned me in November — but these scammers knew things about me. They identified the model number for both my Dell computers, and knew every problem that I’d ever called Dell about. None of this information was ever posted online, so it’s not available anywhere except Dell’s own customer service records. (Even my e-mail account is secured with "two-step verification"…)
I called the (real) Dell, and spoke to a customer support representative named Mark, who tried to explain how the scammers knew my account history.
"Dell has detected hackers," he said. "They’re hacking our web site."
The story is only just breaking in the tech blogosphere, but the earliest reports are eight months old, and there have been over a dozen similar reports in June, July, September, October, and November.
The reports are frighteningly consistent. Many read like this:
I just got a call on my cell phone from someone with a foreign accent who knew my name and said he was from Dell, and that over the last few weeks they have been getting reports from my Dell computer that there is a problem. Was Dell hacked and customer information stolen?? There is no other way the person would have my name, cell phone # and know I had a Dell computer if it didn’t come from your company.
It’s not clear whether Dell’s database has been hacked or whether the out-sourced tech support is making some extra money on the side, but we do know from the many reports that this is a widespread problem.
And to make matters worse, the scammers are using security flaws in Dell’s support software to take control of a victim’s computer:
They called my parents house from number 800-425-0090 they knew his model, his name, and account from Dell. They scared him into thinking his computer has viruses at which point they used Dell’s assistant program to take control of the PC. They also knew how to do this. When my father realized they were trying to scare him, he asked for them to leave a notepad message saying what was wrong with the PC. They left a notepad text file saying viruses, hacking. This is definitely a scam and furthermore they have information only Dell would have and used Dell’s program to gain access.
Dell keeps telling everyone that they are going to fix the problem; meanwhile the reports keep rolling in.
Clearly Dell’s customers are going to have to protect themselves, so here are five rules for handling a scam phone call:
One, get the caller’s name and extension number and call them back, but be sure to place the call to the toll-free support number listed on the Dell website. The goal is to verify the caller’s identity and relationship with Dell, so DO NOT call the number provided.
Two, if you get a first and last name, try to look the caller up on LinkedIn. See if he has a profile which says he currently works at Dell. Not all valid support techs will, but if you find a profile then you can use it to judge the caller’s trustworthyness.
Three, make a note of the number they are calling you from and Google it to see if there are other reports of scammers. (And yes, you can make them wait while you Google the phone number. A scammer deserves it, and a real support tech will understand your caution.)
Four, treat every call as if it is a scam by asking probing questions that may or may not be true so you can gauge their response. You can also try to try to trick the potential scammer into making a mistake by providing false information.
Five, don’t hesitate to listen to your gut and simply hang up on the caller. If that proves to be a mistake, you can always pursue this through a secure channel like the Dell website.
found via Daring Fireball
images by MShades,
Comments
iucounu January 6, 2016 um 8:24 am
'A secure channel like the Dell website' made me smile, given that it’s a story about Dell getting horribly pwned
Nate Hoffelder January 6, 2016 um 9:10 am
Yes, I snickered at that as well. But it is still more secure than a cold call.
Mackay Bell January 6, 2016 um 8:27 am
I’ve never encountered any bogus Windows Support phone calls. I never even knew there was such a thing.
Maybe that’s yet another perk of always using Apple Macs.
Haesslich January 6, 2016 um 9:52 am
Mackay: I’ve found that attitude has trained Mac users to blindly open attachments or engage in risky behaviour that’s gotten their Macbooks infected. Apple devices of all sorts are no longer the niche products that once upon a time kept them from being targeted… and as a result, while they’re still far behind the number of viruses Windows area, there’s been a huge upswing in malware infections in Mac computers.
Best practises are the same no matter what platform you’re running (mobile device, desktop or laptop, thin client like a Chromebook)
Gbm January 6, 2016 um 11:18 am
There is no way I will ever put my info on LinkedIn, too many trolls, harassers and scammers patrol it.
Daily Links: You Can Kiss Your 3.5mm Headphone Jack Goodbye | The eBook Evangelist January 6, 2016 um 12:24 pm
[…] Dell Has Been Hacked, and Scammers Have Its Customer Database (The Digital Reader) – In case you missed this story. As a long-time Dell customer, this ruined my day. […]
Sharon Reamer January 8, 2016 um 9:48 am
Nate – is this Dell US or is it international as well? I just recently acquired a Dell laptop (am worried). Wasn’t my choice – it’s a work computer. *sigh*
Jason Stewart November 10, 2017 um 1:30 pm
If it is a work computer then your internal IT department would probably be responsible for troubleshooting and fixing it wouldn’t they?
This is coming from the technical support for Dell which is in India. I know it is coming from them because the scammers have my model and my name and my service tag and they also know about the previous repairs that Dell has done to the laptop.
Speaking of which, I don’t recommend the Inspiron 14 7000 series to anyone. It is their thin laptop which can fold over and make it a tablet. I have had the motherboard replaced twice and three hard drives replaced. It is a piece of crap. And even after all of those repairs they will not provide me with a different model under the lemon law. They said it isn’t their policy and they would rather just keep fixing it.
Gbm January 8, 2016 um 7:58 pm
@Sharon Reamer
Just remember Microsoft or Dell will not cold call you–that cost’s money. Dell will send you a snail mail letter if their is a problem or recall.
Nate Hoffelder January 9, 2016 um 10:49 am
@ Gbm
Good point. They might also send you an email, but a phone call is requires a person and that is costs money.
Sharon Reamer January 9, 2016 um 11:59 am
Thank you!
Chuck January 15, 2016 um 2:24 pm
I can confirm that I’ve been getting these calls on a weekly basis for over three months now. All callers address me by my name, ask about my dell Inspiron including the model number, and have an Indian accent. They even spoof their number to make it appear like the real Dell Support phone number. I’ve given up on trying to block the calls, I just answer and mess with them. As soon as they realize I know they’re not from Dell they hang up. Rather than be annoyed I’m just enjoying patronizing and insulting them ^^
Ben March 30, 2016 um 6:01 pm
It’s still happening. I just got one today.
terry April 16, 2016 um 3:39 pm
Just got one yesterday. They gave me all kinds of info about a service call I made in the past. Then they told me that the past couple of days they noticed that someone has been trying to break into my Dell PC and that because it is a Dell PC, then it had the Dell security so he could attach to my PC and check it out. I told him, no thanks. I’ll check myself and hungup.
Tom July 26, 2016 um 11:13 pm
Bought a Dell PC in September 2015, and have gotten a dozen calls on my cellphone since January. The scammer of course knows my cellphone, date of purchase, serial number, email, etc. I would just hang up but played along the other day. Told me to do this, do that. Finally got bored and told him "I found the problem, a photo of your mother fucking a pig." The discussion went downhill from there, with him calling me back repeatedly threatening to kill me and my family. I responded in kind.
Michael August 12, 2016 um 2:57 pm
I’ve gotten these calls daily for about two weeks. Yesterday I told the guy I know it is a scam and told him to stop f**king calling me. He then called me a f**king whore and hung up.
Stu December 20, 2016 um 12:48 pm
Still occurring nearly 2 years later.
Nate Hoffelder December 20, 2016 um 4:14 pm
And yet there’s almost no coverage.
Crazy, isn’t it?
Jess246 December 3, 2017 um 1:32 pm
This problem is still occurring and I WISH I would’ve read this forum before I let those stupid Dell hackers into my computer. I had no idea since they knew my full name, call number, and my service tag on my laptop. I’m still having problems with the computer after they hacked it with messages saying my ac adapter cannot be determined and I need to visit supportassist.dell.com and give them my info to fix it. I’m on the phone with the real Dell now. I’m buying an Apple MacBook next time, those last forever and I’ve never had any hacking issues with my old one (my son still uses that one).