Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Dell Tech Support Scams Have Customers Worried Company Was Hacked (onthewire.io)

Posted by Soulskill on from the wouldn't-be-the-first,-won't-be-the-last dept.

Trailrunner7 writes: A new twist on the fake tech support scam has arisen that has victims wondering whether Dell has been hacked.There has been a recent rash of calls to Dell customers in which the caller says he is from Dell itself and is able to identify the victim's PC by model number and provide details of previous warranty and support interactions with the company.

These are details that, it would seem, only Dell or perhaps its contractors would know. One person who was contacted by the scammers wrote a detailed description of the call, and said the caller had personal details that could not have been found online. Dell officials say they're looking into it.

43 of 76 comments (clear)

  1. Service Tags don't require log-in to check by Not-a-Neg · · Score: 3, Interesting

    Service Tags are rather short, if you brute force guessed existing service tags would it give enough personal info (first/last name) to then do a phone directory look-up to get enough info to know your number, name, service tag, etc...?

    --
    -==- Buy a Mac and leave me alone!
    1. Re:Service Tags don't require log-in to check by swb · · Score: 2

      This was my thought. I've always wondered if there was a kind of algorithm or heuristic to service tags or if they are just kind of serially generated.

      It probably wouldn't do this scam a bunch of good to use, say, tags for really obsolete models (ie, something 10+ years old, which the owner may not even still own) or for some of the non-PC equipment that Dell has sold over the years that has had otherwise similar looking service tags applied to it.

      If you COULD sort out what models went with what tag ranges, it would be a lot more useful as you could pick on "home" models and maybe even prey on slightly older but not completely obsolete vintages with the idea that that class of older, home PCs models are prone to the kinds of issues that fake tech support people could use to get you to run their malware stuff on.

      Or not -- maybe you'd pick on NEW models, with the idea that if you were building malware/identity theft empire newer computers would represent more affluent people (more money to steal), would generally be less likely to have other malware/rot problems and perhaps even have access to better networking connection (ie, rich-guy 100 meg cable versus less-rich-guy shared wireless or something).

      Either way, being able to decode tags for models BEFORE you exploited tag lookup online would be beneficial. Maybe they just had a lot of time on their hands and access to enough platforms that they could guess ranges.

    2. Re:Service Tags don't require log-in to check by vux984 · · Score: 4, Interesting

      Service Tags are rather short, if you brute force guessed existing service tags would it give enough personal info (first/last name) to then do a phone directory look-up to get enough info to know your number, name, service tag, etc...?

      Brute force guessing valid tags is trivial: Here's one i made up by changing some digits around from one I had: FCKBRK1

      Other than the country in which it was, and when it was shipped, and when the warranty ended, I'm not seeing anything useful for identifying who owns it.

      I'm expecting dell itself was breached, or one of its support contractors.

    3. Re:Service Tags don't require log-in to check by Penguinisto · · Score: 2

      I'm expecting dell itself was breached, or one of its support contractors.

      I wouldn't be surprised if it were a contracted help desk monkey who harvested the info off his little cubicle machine and sold the list. That, or a 'partner' company bought the list legitimately for marketing purposes, and someone working for (or formerly working for) that 'partner' peeled off a copy of the DB for his own uses.

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    4. Re:Service Tags don't require log-in to check by Anonymous Coward · · Score: 1

      FCKBRK1

      "Fuck brick 1," are you sure that isn't the service tag on your Fleshlight?

  2. Maybe that Dell kid is desperate for money by NotDrWho · · Score: 1

    Dude, I'm homeless now!

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
    1. Re:Maybe that Dell kid is desperate for money by Sir_Eptishous · · Score: 4, Funny

      Dude, I'm homeless now!

      "Dude, you're getting a Dell box!"

      --
      We play the game with the bravery of being out of range
  3. Dell "privacy" policy is bullshit, IMO by argStyopa · · Score: 4, Interesting

    More than a decade ago, I'd ordered my small business's desktops from Dell. Might have been a couple of times, actually.

    A few years later, I was looking up drivers or somesuch, and noticed that oddly, the login screen for my Dell account had me misidentified as "Ben".

    (My name is nothing like Ben.)

    Then I saw a WAVE of spam, as well as dead-tree mail spam, all addressed to "dear Ben".
    Dell INSISTS that they didn't sell my name to spammers.
    Despite complaining to Dell, last time I checked it still calls me Ben, and I continue to get spam occasionally addressed to Ben.

    Seems pretty clear to me.

    --
    -Styopa
    1. Re:Dell "privacy" policy is bullshit, IMO by Anonymous Coward · · Score: 1

      (My name is nothing like Ben.)

      Obi-wan, is that you?

    2. Re:Dell "privacy" policy is bullshit, IMO by Sir_Eptishous · · Score: 4, Funny

      last time I checked it still calls me Ben, and I continue to get spam occasionally addressed to Ben.

      Seems pretty clear to me.

      You're our only hope

      --
      We play the game with the bravery of being out of range
    3. Re:Dell "privacy" policy is bullshit, IMO by phishybongwaters · · Score: 5, Informative

      The likely didn't sell the info. It's more likely that at least 1 of their outsourced call centers (guess which country) *shared* this information with other parties. You'd be surprised, or maybe not, to know this is actually a business model many agencies use. Get the contract to be tech support, get access to customer records, lose contract and walk away with the account database, then start cold calling. In fact, there's a documentary out there somewhere showing this in action.

  4. Dell's been "looking into it" for months by Anonymous Coward · · Score: 5, Interesting

    Anyone notice that that the link is to a forum post from SIX MONTHS ago? And here's a post in Dell's forum about the problem in 2014 -- so, *18* months ago.

    http://en.community.dell.com/s...

    Is Dell unable to address this problem -- so they're just hoping it goes away?

  5. Re:Dell has always hired shady contractors! by __aaclcg7560 · · Score: 1

    When I worked at Google in 2008, it wasn't unusual to see a field tech carting multiple laptops on a bicycle.

  6. That info is easy to get. by farrellj · · Score: 1, Interesting

    You can get a great deal of information from the "service tag" on your Dell equipment. Every piece of Dell equipment has one, and you can get the entire service history through the Dell website. This is very useful for service types, both inside and outside Dell. But it sounds like some people are abusing that, and I fear that will cause Dell to shut down or limit access to that service. :-(

    --
    CAN-CON 2019 - Ottawa's only book oriented Science Fiction Convention! October 18-20, Sheraton Hotel, Ottawa, Canada h
    1. Re:That info is easy to get. by gstoddart · · Score: 1, Interesting

      Yeah, with my service tag and NO other authorization Dell gave me my Express Service code.

      From there it was a captcha away from being able to log into the warranty page, which I didn't bother doing.

      This tells me there is probably VERY little authentication around something which is a relatively short and formulaic looking identifier.

      If you need no real authentication and a captcha to get this information, then this service should be shut down. Because it basically would suggest they'll provide a tremendous amount of information for pretty much anybody who can come up with a single number.

      If all it takes is auto-generating a bunch of possible service tags and brute forcing it, then Dell are fucking idiots who are just handing out your information like candy.

      This is a system which is just begging to be exploited, because it's almost wide open.

      --
      Lost at C:>. Found at C.
    2. Re:That info is easy to get. by Anonymous Coward · · Score: 1

      You realize that the Service Tag and Express Service Code are freely convertible, right?

      http://creativyst.com/Doc/Articles/HT/Dell/DellNumb.htm

      Now, as to securing access, yes, that's a problem, but nothing of value was leaked when you were given the ESC.

  7. Bah ... by gstoddart · · Score: 3, Interesting

    It's the same bloody call center they use for support in the first place.

    If they have information that specific either Dell has been hacked, or these guys for the information directly from Dell for a supposedly legitimate purpose.

    When will people get it through their heads: incoming phone calls are inherently not trustworthy because the lobbyists for telemarketing companies have ensured caller ID spoofing is legal.

    If someone calls you claiming to be from an entity you have a relationship with, tell them you'll only talk to them if you can call them on a number you can get from the official company web page.

    I no longer give callers the benefit of being polite to them; I start out fairly hostile and either climb down or rapidly escalate from there. Because 90% or more of the incoming calls I've received in the last few years are fraudulent.

    Between "the Microsoft support", or the "Air Duct cleaning" assholes, or that twat from cardholder services who wants to get me a lower rate ... it's all lies.

    Best thing I ever did was get a Panasonic cordless phone which will drop all calls from "Unknown", "Unavailable", and "Private Caller". And for the rest, well, caller ID is a lie anyway, so I don't trust that.

    Hell, a few times I've phoned myself to try to scam myself.

    --
    Lost at C:>. Found at C.
    1. Re:Bah ... by Anonymous Coward · · Score: 1

      I fixed the problems you are having by not answering the phone. When we still had a landline (got rid of it two years ago) all of the calls were from either the entities you mention or charities or political campaigns. We realized there was absolutely no reason to answer the phone. Then we realized there was no reason to HAVE the phone. I rarely - once or twice a month - get a spam call on my cell. But I don't answer unknown callers very often on the cell anyway. I recently had some repair work being done on our house and had to answer a few unknown callers since they were from several different people in the office of this company and their field people. During that time I believe I got two of the spam calls. The rest of the time I don't notice them since I don't answer unless it is a known caller in my contact list.

    2. Re:Bah ... by PixelPusher1532 · · Score: 1

      Best thing I ever did was get a Panasonic cordless phone which will drop all calls from "Unknown", "Unavailable", and "Private Caller".

      You looked at all your life's accomplishments and that was the best thing?

    3. Re:Bah ... by gstoddart · · Score: 1

      Well, it was that or touching Suzy Lou's boob in third grade ... but in the end I had to go with the phone thing. ;-)

      I'm glad to see that the level of smart-ass around here in unchanged, though. I was beginning to think Slashdot had lost its sense of humor.

      --
      Lost at C:>. Found at C.
    4. Re:Bah ... by fulldecent · · Score: 1

      I feel bad for the 10% of callers that are not scams:

      Me: He this is [my name]
      Operator: Hello I am Sally, is this the husband of [my wife]?
      Me: Maybe
      Operator: Well you are listed as her emergency contact and I am calling about her doctor's appointment tommorrow
      Me: OK
      Operator: Is there a different number we can call her at?
      Me: Let me take a message for you

      Is it sad, but only correct way to talk to unknown numbers is: fuck you, authenticate

      --

      -- I was raised on the command line, bitch

    5. Re:Bah ... by nigelo · · Score: 1

      http://www.consumerreports.org...

      I use nomorobo with my Comcast service, and only the postman rings twice.

      (the phone rings once if it's from a known robo, and that's it, otherwise you get to service the call)

      --
      *Still* negative function...
    6. Re:Bah ... by PRMan · · Score: 1

      I switched to Ooma and turned on the Community Blacklist. I never get those calls anymore.

      --
      Peter predicted that you would "deliberately forget" creation 2000 years ago...
  8. Easiest way to tell if Dell support agent is real by JoeyRox · · Score: 2

    He has an Indian accent, his name is "Bob", he's far more courteous than any other support rep you've worked with, and his solution to every problem you throw at him is to perform a complete reinstall of your Windows installation.

  9. Re:Easiest way to tell if Dell support agent is re by gstoddart · · Score: 1

    and his solution to every problem you throw at him is to perform a complete reinstall of your Windows installation.

    Funny, I've met IT staff like that. Only they weren't courteous.

    I've also had the misfortune of dealing with outsourced IBM helpdesk people. They too seem to have no troubleshooting skills and suggest a complete reinstall.

    Your joke would be much funnier if there weren't already massive amounts of people whose suggestion for most problems is a complete reinstall.

    Rebooting and then reinstalling seems to be the standard Windows troubleshooting sequence, unfortunately.

    --
    Lost at C:>. Found at C.
  10. Low hanging fruit by HideyoshiJP · · Score: 1

    I'm willing to bet one of their warranty providers has been compromised. I know they farm out a lot of stuff to the likes of Unisys (and that's the better ProSupport) and likely less reputable companies. It wouldn't surprise me if Warranties-4-Less out of India/Mexico had a breach.

  11. Dell... by Sir_Eptishous · · Score: 2

    Please do the needful.

    --
    We play the game with the bravery of being out of range
  12. Re: Dell has always hired shady contractors! by Ravaldy · · Score: 1

    I doubt their means to travel tell you how qualified or shady they are.

  13. From July by The-Ixian · · Score: 1

    The second link to the forum is a post from July.... was this just noticed now?

    Posted by billroberts10 on 14 Jul 2015 4:11 PM

    Anyway, the advice I always give my friends and family is to never accept anything offered to you. If you get a call and it seems legit, get a phone number and tell them you will call them back, then try to look up that number.

    If a pop-up comes up asking you to download anything, hit Alt+F4

    --
    My eyes reflect the stars and a smile lights up my face.
    1. Re:From July by destinyland · · Score: 2

      There's a comment on the 10 Zen Monkeys article that links to a Dell forum post about the exact same issue *in 2014*

      http://en.community.dell.com/s...

      Maybe Dell *can't* fix this problem -- so their only solution is to hope nobody notices...

  14. Might be very low tech leak by 140Mandak262Jamuna · · Score: 1
    Dell contracts with local fix-it guys to handle support calls. They have enough information to fix the issue and bill Dell. Most of them are your typical small business people, very decent professionals. All it takes is a few bad ones to leak information about a small number of customers. It might not even be deliberate, they might have thrown carbon copies in dumpsters or they might have had employees gone bad and a few of them might have been seduced by the Dark side of the Force.

    Having said that, Dell might be hacked too. Who knows.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  15. Re:Dell has always hired shady contractors! by Anonymous Coward · · Score: 1

    This was in Georgia, and the vast majority of people I know with a moped have once since they don't require a driver's license. You don't see them often around here otherwise because it's usually either too hot or too cold here to be comfortable. Also, this guy was wearing no helmet and no shirt. He was wearing only a blue jean vest. He looked and sounded like a tweaker. The receptionist wouldn't even let him in the door until security came to escort him. Dell does hire shady people.

  16. Re:Easiest way to tell if Dell support agent is re by tibit · · Score: 1

    I don't even know what's the point of trying to "fix" malware. You can't win that battle, and the tools available for it - paid or not - are woefully insufficient. There's no way to "repair" a system install that is owned. No way period.

    --
    A successful API design takes a mixture of software design and pedagogy.
  17. Re: Easiest way to tell if Dell support agent is r by bestweasel · · Score: 1

    That's fine for corporations but for home users or single machines, if you don't have a suitable disc image, look forward to spending 3 days reinstalling 300 Windows updates and all the applications, then configuring them and restoring the data. If you don't have recovery media, you can play hunt the driver too.

  18. Last time I talked to dell support. by sims+2 · · Score: 1

    I asked if dell made a mfc scan/print/fax that could print on discs.

    Afaik dell doesn't sell printers. Or atleast dells sales depot couldn't find one.

    I also asked Canon, Epson & Brother who
    quickly replied with a list of models.
    I even got a message back from kodak that they no longer made consumer inkjet printers.

    But dell emailed back that I had to call and talk to a Indian that could barely speak english....I gave up after 10 minutes trying to explain I wanted a printer not a CD burner.

    --
    Minimum threshold fixed. Thanks!
  19. Repair guys by Etherwalk · · Score: 1

    The repair guys I've come across from Dell have mostly been okay. The people on the phone are mostly terrible, and probably get paid little enough that a little data-mining will earn them a LOT more than their salary.

    1. Re:Repair guys by Etherwalk · · Score: 1

      The repair guys I've come across from Dell have mostly been okay. The people on the phone are mostly terrible, and probably get paid little enough that a little data-mining will earn them a LOT more than their salary.

      Note: I'm talking about on the consumer side. I'm sure their business side is better.

  20. On The Bright Side by Greyfox · · Score: 1

    Although the scammers steal credit cards and drain bank accounts, Dell customers still reported the experience as "an improvement" over previous interactions with Dell technical support.

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  21. Re: Dell has always hired shady contractors! by tysonedwards · · Score: 1

    Don't hold the fact that he's a hipster against him!

    --
    Thirty four characters live here.
  22. Dude you getting a cell by Joe_Dragon · · Score: 1

    Dude you getting a cell unless you can pay off the local cop in el salvador

  23. Re:Dell support by Joe_Dragon · · Score: 1

    They don't cover the cost of tape, paper, and ink.

  24. Re: Dell has always hired shady contractors! by __aaclcg7560 · · Score: 1

    We didn't have any hipsters in 2008. They came later.

  25. Re: Dell has always hired shady contractors! by __aaclcg7560 · · Score: 1

    I never lived in San Francisco. All the hipsters I know today are from San Francisco.