Slashdot Mirror
New Dell Tech Support Scams Have Customers Worried Company Was Hacked (onthewire.io)
Trailrunner7 writes: A new twist on the fake tech support scam has arisen that has victims wondering whether Dell has been hacked.There has been a recent rash of calls to Dell customers in which the caller says he is from Dell itself and is able to identify the victim's PC by model number and provide details of previous warranty and support interactions with the company.
These are details that, it would seem, only Dell or perhaps its contractors would know. One person who was contacted by the scammers wrote a detailed description of the call, and said the caller had personal details that could not have been found online. Dell officials say they're looking into it.
These are details that, it would seem, only Dell or perhaps its contractors would know. One person who was contacted by the scammers wrote a detailed description of the call, and said the caller had personal details that could not have been found online. Dell officials say they're looking into it.
The last repair guy we had out was on a moped, aka DUI cycle. He had our new server motherboard in a milk carton bungie corded to the back of his moped.
You're getting a fake dell phone call man!
Into what?! How they are going to spin this so it's not their fault? How they can sue anyone who says otherwise?
Service Tags are rather short, if you brute force guessed existing service tags would it give enough personal info (first/last name) to then do a phone directory look-up to get enough info to know your number, name, service tag, etc...?
-==- Buy a Mac and leave me alone!
Dude, I'm homeless now!
SJW's don't eliminate discrimination. They just expropriate it for themselves.
More than a decade ago, I'd ordered my small business's desktops from Dell. Might have been a couple of times, actually.
A few years later, I was looking up drivers or somesuch, and noticed that oddly, the login screen for my Dell account had me misidentified as "Ben".
(My name is nothing like Ben.)
Then I saw a WAVE of spam, as well as dead-tree mail spam, all addressed to "dear Ben".
Dell INSISTS that they didn't sell my name to spammers.
Despite complaining to Dell, last time I checked it still calls me Ben, and I continue to get spam occasionally addressed to Ben.
Seems pretty clear to me.
-Styopa
Anyone notice that that the link is to a forum post from SIX MONTHS ago? And here's a post in Dell's forum about the problem in 2014 -- so, *18* months ago.
http://en.community.dell.com/s...
Is Dell unable to address this problem -- so they're just hoping it goes away?
I bought my mother a Dell about a year ago, and these scammers mostly definitely have information that came from that purchase. I dutifully plug them into the FTC complaint-box form, but of course that's peeing in the wind.
Of note, I can always tell that particular scam when their apparent caller ID matches area code + prefix of my cell number. XXX-YYY- always matches.
If support actually had a real person on the phone and not some automated BS I'd know right away it's a scam!
You can get a great deal of information from the "service tag" on your Dell equipment. Every piece of Dell equipment has one, and you can get the entire service history through the Dell website. This is very useful for service types, both inside and outside Dell. But it sounds like some people are abusing that, and I fear that will cause Dell to shut down or limit access to that service. :-(
CAN-CON 2019 - Ottawa's only book oriented Science Fiction Convention! October 18-20, Sheraton Hotel, Ottawa, Canada h
It's the same bloody call center they use for support in the first place.
If they have information that specific either Dell has been hacked, or these guys for the information directly from Dell for a supposedly legitimate purpose.
When will people get it through their heads: incoming phone calls are inherently not trustworthy because the lobbyists for telemarketing companies have ensured caller ID spoofing is legal.
If someone calls you claiming to be from an entity you have a relationship with, tell them you'll only talk to them if you can call them on a number you can get from the official company web page.
I no longer give callers the benefit of being polite to them; I start out fairly hostile and either climb down or rapidly escalate from there. Because 90% or more of the incoming calls I've received in the last few years are fraudulent.
Between "the Microsoft support", or the "Air Duct cleaning" assholes, or that twat from cardholder services who wants to get me a lower rate ... it's all lies.
Best thing I ever did was get a Panasonic cordless phone which will drop all calls from "Unknown", "Unavailable", and "Private Caller". And for the rest, well, caller ID is a lie anyway, so I don't trust that.
Hell, a few times I've phoned myself to try to scam myself.
Lost at C:>. Found at C.
He has an Indian accent, his name is "Bob", he's far more courteous than any other support rep you've worked with, and his solution to every problem you throw at him is to perform a complete reinstall of your Windows installation.
Funny, I've met IT staff like that. Only they weren't courteous.
I've also had the misfortune of dealing with outsourced IBM helpdesk people. They too seem to have no troubleshooting skills and suggest a complete reinstall.
Your joke would be much funnier if there weren't already massive amounts of people whose suggestion for most problems is a complete reinstall.
Rebooting and then reinstalling seems to be the standard Windows troubleshooting sequence, unfortunately.
Lost at C:>. Found at C.
I'm willing to bet one of their warranty providers has been compromised. I know they farm out a lot of stuff to the likes of Unisys (and that's the better ProSupport) and likely less reputable companies. It wouldn't surprise me if Warranties-4-Less out of India/Mexico had a breach.
Please do the needful.
We play the game with the bravery of being out of range
The second link to the forum is a post from July.... was this just noticed now?
Posted by billroberts10 on 14 Jul 2015 4:11 PM
Anyway, the advice I always give my friends and family is to never accept anything offered to you. If you get a call and it seems legit, get a phone number and tell them you will call them back, then try to look up that number.
If a pop-up comes up asking you to download anything, hit Alt+F4
My eyes reflect the stars and a smile lights up my face.
Funny, I've met IT staff like that.
As you joke about this "non" solution, an IT Manager somewhere is calculating the time wasted troubleshooting that random malware or user fuck-up that caused the system to crash, compared to the time it takes to push a new image onto the machine...
...Rebooting and then reinstalling seems to be the standard Windows troubleshooting sequence, unfortunately.
Rebooting a system can often solve a lot of problems, regardless of OS involved. Sure, it's far more prevalent a solution in Windows-land, but it's certainly not unheard of in general computing.
And wiping a system down to a known good state is called the surefire method of solving a problem. Of course it's not the easiest, it's merely the solution that works damn near every time. Go figure as to why the people you hate talking to for more than 10 minutes wants to use it...
Having said that, Dell might be hacked too. Who knows.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
He has an Indian accent, his name is "Bob", he's far more courteous than any other support rep you've worked with, and his solution to every problem you throw at him is to perform a complete reinstall of your Windows installation.
Oh lord. I had to deal with this. Broken Ethernet port. He kept asking me about my WiFi router. Because he didn't know the difference between Ethernet and Internet. It was a hardware failure, because we couldn't even establish a low level link to a known working port. His solution: reinstall Windows.
When I worked in desktop support, for a large multinational medical device, pharmaceutical and consumer packaged goods manufacturer, we would reimage any non critical Windows PC with technical issues, that took longer than 1/2 hour to troubleshoot. We had a couple of standard hardware models, had several standard images that set up the base system, and had a software inventory system that could reinstall all of the users software automatically. All of the users stored their files on network drives, and Exchange archived all of their emails. In all, it would take around two and one half hours from pickup to delivery for a reimage, and we also worked in refresh with newer hardware models as we worked through break fix.
As someone in IT, and someone who did tech support, it is a lot cheaper in time for the machine to be reimaged, as opposed to doing another snipe hunt hoping that all the malware is out of a system. With all the entry points, if one file is missed, it can equate to a re-infection. So, the best thing to do is tell a user to reinstall because if you don't, and the malware comes back, the user might be able to sue.
Had a friend of mine who does consulting actually get sued by a client because malware came back after he thought he completely deloused a machine. Luckily, he had insurance, but it does happen, and people will drag you to court. So, the only real thing you can do is tell the user to backup and reinstall.
No matter what the OS is, if the box was compromised, you reinstall it. Doesn't matter if it is AIX, Linux, OS X, BSD, Windows, or Solaris. The box gets all data saved off, low level formatted, and reinstalled from known, clean media. Anything less is a failure to do one's job.
I don't even know what's the point of trying to "fix" malware. You can't win that battle, and the tools available for it - paid or not - are woefully insufficient. There's no way to "repair" a system install that is owned. No way period.
A successful API design takes a mixture of software design and pedagogy.
Let's realize folks where a lot of Dell support is located. Or any PC maker for that matter. I question a lot about the validity of Dell support all the time and wonder how much experience or equipment they use is secure. I sometimes picture a Dell support tech in some third world place with a XP laptop running a unsecure connection with a VOIP phone connection. Its why I don't care to do much with Dell and when I do have to communicate with Dell I don't use Dell chat outside of Dell's local time zone support center in Texas. At least then, you have a better chance of dealing locally then overseas with after hours support.
That's fine for corporations but for home users or single machines, if you don't have a suitable disc image, look forward to spending 3 days reinstalling 300 Windows updates and all the applications, then configuring them and restoring the data. If you don't have recovery media, you can play hunt the driver too.
I asked if dell made a mfc scan/print/fax that could print on discs.
Afaik dell doesn't sell printers. Or atleast dells sales depot couldn't find one.
I also asked Canon, Epson & Brother who
quickly replied with a list of models.
I even got a message back from kodak that they no longer made consumer inkjet printers.
But dell emailed back that I had to call and talk to a Indian that could barely speak english....I gave up after 10 minutes trying to explain I wanted a printer not a CD burner.
Minimum threshold fixed. Thanks!
The repair guys I've come across from Dell have mostly been okay. The people on the phone are mostly terrible, and probably get paid little enough that a little data-mining will earn them a LOT more than their salary.
I was offered to be Dell support when I had a small computer repair business. There is no required background checks or anything. I just sign up and they start sending me work. I would have done it but the pay was so low I laughed at them. 15 bucks to replace a motherboard? I cannot even do the paperwork for 15 bucks let alone the actual work. So basicaly anyone breathing can get at all this info, just say you will work for them on the road replacing components and you are in....full access to all customer data except billing data.
Although the scammers steal credit cards and drain bank accounts, Dell customers still reported the experience as "an improvement" over previous interactions with Dell technical support.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Changing minimal amount of numbers and checking it against support.dell.com yields the as-built (giving you part numbers to sound like you know the system), warranty start and end, and model number. Calling support and asking about a DELL QUOTE # on a Service Tag has always been done without Identification. Dell has a secondary website you drop the quote # in and it gives the original invoice without dollar amounts. However includes all courier info (another source of information), and basic purchaser info... Courier info, again usually given without Identification usually disclose the customer phone # on the order. You know the number they might call if the courier has problems delivering, is typically close to the accounts payable or IT departments... I really don't think they were hacked / breached by the wording in this article...
This scam has been ongoing for a while. Their customer care forum has a sticky post on the scam calls as well as a wiki entry on how to deal with the scammers. I'm assuming it is one of their contractors passing on data dumps on customer information.
http://en.community.dell.com/support-forums/customercare/f/4674/t/19650143
http://en.community.dell.com/support-forums/customercare/w/wiki/11402.scammers-posing-as-dell-technical-support
Dude you getting a cell unless you can pay off the local cop in el salvador
Get a Mac. Reinstall over your fiber connection, grab all your apps from the App Store, and restore your data from time machine (assuming you didn't just rebuild from that, if you suspected malware was the problem).
Bam, done.