New Dell Tech Support Scams Have Customers Worried Company Was Hacked (onthewire.io)

← Back to Stories (view on slashdot.org)

New Dell Tech Support Scams Have Customers Worried Company Was Hacked (onthewire.io)

Posted by Soulskill on Friday January 8, 2016 @07:33AM from the wouldn't-be-the-first,-won't-be-the-last dept.

Trailrunner7 writes: A new twist on the fake tech support scam has arisen that has victims wondering whether Dell has been hacked.There has been a recent rash of calls to Dell customers in which the caller says he is from Dell itself and is able to identify the victim's PC by model number and provide details of previous warranty and support interactions with the company.

These are details that, it would seem, only Dell or perhaps its contractors would know. One person who was contacted by the scammers wrote a detailed description of the call, and said the caller had personal details that could not have been found online. Dell officials say they're looking into it.

13 of 76 comments (clear)

Min score:

Reason:

Sort:

Service Tags don't require log-in to check by Not-a-Neg · 2016-01-08 07:46 · Score: 3, Interesting

Service Tags are rather short, if you brute force guessed existing service tags would it give enough personal info (first/last name) to then do a phone directory look-up to get enough info to know your number, name, service tag, etc...?

--
-==- Buy a Mac and leave me alone!
1. Re:Service Tags don't require log-in to check by swb · 2016-01-08 08:07 · Score: 2
  
  This was my thought. I've always wondered if there was a kind of algorithm or heuristic to service tags or if they are just kind of serially generated.
  It probably wouldn't do this scam a bunch of good to use, say, tags for really obsolete models (ie, something 10+ years old, which the owner may not even still own) or for some of the non-PC equipment that Dell has sold over the years that has had otherwise similar looking service tags applied to it.
  If you COULD sort out what models went with what tag ranges, it would be a lot more useful as you could pick on "home" models and maybe even prey on slightly older but not completely obsolete vintages with the idea that that class of older, home PCs models are prone to the kinds of issues that fake tech support people could use to get you to run their malware stuff on.
  Or not -- maybe you'd pick on NEW models, with the idea that if you were building malware/identity theft empire newer computers would represent more affluent people (more money to steal), would generally be less likely to have other malware/rot problems and perhaps even have access to better networking connection (ie, rich-guy 100 meg cable versus less-rich-guy shared wireless or something).
  Either way, being able to decode tags for models BEFORE you exploited tag lookup online would be beneficial. Maybe they just had a lot of time on their hands and access to enough platforms that they could guess ranges.
2. Re:Service Tags don't require log-in to check by vux984 · 2016-01-08 08:28 · Score: 4, Interesting
  
  Service Tags are rather short, if you brute force guessed existing service tags would it give enough personal info (first/last name) to then do a phone directory look-up to get enough info to know your number, name, service tag, etc...?
  Brute force guessing valid tags is trivial: Here's one i made up by changing some digits around from one I had: FCKBRK1
  Other than the country in which it was, and when it was shipped, and when the warranty ended, I'm not seeing anything useful for identifying who owns it.
  I'm expecting dell itself was breached, or one of its support contractors.
3. Re:Service Tags don't require log-in to check by Penguinisto · 2016-01-08 08:58 · Score: 2
  
  I'm expecting dell itself was breached, or one of its support contractors.
  I wouldn't be surprised if it were a contracted help desk monkey who harvested the info off his little cubicle machine and sold the list. That, or a 'partner' company bought the list legitimately for marketing purposes, and someone working for (or formerly working for) that 'partner' peeled off a copy of the DB for his own uses.
  
  --
  Quo usque tandem abutere, Nimbus, patientia nostra?
Dell "privacy" policy is bullshit, IMO by argStyopa · 2016-01-08 07:47 · Score: 4, Interesting

More than a decade ago, I'd ordered my small business's desktops from Dell. Might have been a couple of times, actually.
A few years later, I was looking up drivers or somesuch, and noticed that oddly, the login screen for my Dell account had me misidentified as "Ben".
(My name is nothing like Ben.)
Then I saw a WAVE of spam, as well as dead-tree mail spam, all addressed to "dear Ben".
Dell INSISTS that they didn't sell my name to spammers.
Despite complaining to Dell, last time I checked it still calls me Ben, and I continue to get spam occasionally addressed to Ben.
Seems pretty clear to me.

--
-Styopa
1. Re:Dell "privacy" policy is bullshit, IMO by Sir_Eptishous · 2016-01-08 08:16 · Score: 4, Funny
  
  last time I checked it still calls me Ben, and I continue to get spam occasionally addressed to Ben.
  Seems pretty clear to me.
  You're our only hope
  
  --
  We play the game with the bravery of being out of range
2. Re:Dell "privacy" policy is bullshit, IMO by phishybongwaters · 2016-01-08 08:22 · Score: 5, Informative
  
  The likely didn't sell the info. It's more likely that at least 1 of their outsourced call centers (guess which country) *shared* this information with other parties. You'd be surprised, or maybe not, to know this is actually a business model many agencies use. Get the contract to be tech support, get access to customer records, lose contract and walk away with the account database, then start cold calling. In fact, there's a documentary out there somewhere showing this in action.
Dell's been "looking into it" for months by Anonymous Coward · 2016-01-08 07:48 · Score: 5, Interesting

Anyone notice that that the link is to a forum post from SIX MONTHS ago? And here's a post in Dell's forum about the problem in 2014 -- so, *18* months ago.

http://en.community.dell.com/s...

Is Dell unable to address this problem -- so they're just hoping it goes away?
Bah ... by gstoddart · 2016-01-08 07:54 · Score: 3, Interesting

It's the same bloody call center they use for support in the first place.
If they have information that specific either Dell has been hacked, or these guys for the information directly from Dell for a supposedly legitimate purpose.
When will people get it through their heads: incoming phone calls are inherently not trustworthy because the lobbyists for telemarketing companies have ensured caller ID spoofing is legal.
If someone calls you claiming to be from an entity you have a relationship with, tell them you'll only talk to them if you can call them on a number you can get from the official company web page.
I no longer give callers the benefit of being polite to them; I start out fairly hostile and either climb down or rapidly escalate from there. Because 90% or more of the incoming calls I've received in the last few years are fraudulent.
Between "the Microsoft support", or the "Air Duct cleaning" assholes, or that twat from cardholder services who wants to get me a lower rate ... it's all lies.
Best thing I ever did was get a Panasonic cordless phone which will drop all calls from "Unknown", "Unavailable", and "Private Caller". And for the rest, well, caller ID is a lie anyway, so I don't trust that.
Hell, a few times I've phoned myself to try to scam myself.

--
Lost at C:>. Found at C.
Easiest way to tell if Dell support agent is real by JoeyRox · 2016-01-08 07:57 · Score: 2

He has an Indian accent, his name is "Bob", he's far more courteous than any other support rep you've worked with, and his solution to every problem you throw at him is to perform a complete reinstall of your Windows installation.
Re:Maybe that Dell kid is desperate for money by Sir_Eptishous · 2016-01-08 08:13 · Score: 4, Funny

Dude, I'm homeless now!
"Dude, you're getting a Dell box!"

--
We play the game with the bravery of being out of range
Dell... by Sir_Eptishous · 2016-01-08 08:17 · Score: 2

Please do the needful.

--
We play the game with the bravery of being out of range
Re:From July by destinyland · 2016-01-08 08:54 · Score: 2

There's a comment on the 10 Zen Monkeys article that links to a Dell forum post about the exact same issue *in 2014*

http://en.community.dell.com/s...

Maybe Dell *can't* fix this problem -- so their only solution is to hope nobody notices...