twitter facebook rss

Tech Support Scams: is Dell Compromised?

Posted by on January 7, 2016.

One of the weaknesses of the classic cold-calling tech support scam is that even people who aren’t particularly technologically knowledgeable might nevertheless be cautious enough to test the scammer’s claim to know something about the potential victim’s PC. For instance, by asking him to confirm what version of Windows was being used, or the brand of PC. Which is why the scammers are so fond of the CLSID ploy, where they attempt to persuade the victim that the string ZFSendToTarget=CLSID{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} is unique to their PC. Of course it isn’t, as I said in that article:

That’s the CLSID on both the PCs open on my desk at the moment. Amazingly, it’s also the one that the scammer quoted to Herold. And I bet that if you have a recent version of Windows and go through the same steps you’ll find that you have it too.

So as more people have learned to recognize that ploy for the deception it is, the scammers have tended to move away from cold-calling and towards the equally deceptive pop-ups that are so often used to lure a victim into calling what they believe, incorrectly, to be a legitimate helpline. Since the victim has actually initiated the phone call, they’re  already halfway to falling for whatever unlikely tale the scammer spins.

But what if the scammer does know more about you and your machine than you could reasonably expect?  Recently, there’s been a spate of cold-call scammers claiming to be calling from Dell. According to Nat Hoffelder these”support techs” know ‘everything about a customer, including the customer’s name, email, account info, and everything down to the support tag and device serial number.’ An article by Rod Simmons from May 2015 suggests that this has been happening for several months, if not longer. I first became aware of it from an article published on 10 Zen Monkeys on the 4th of January 2016, which includes links to similar stories.

The article states:

I called the (real) Dell, and spoke to a customer support representative named Mark, who tried to explain how the scammers knew my account history.

“Dell has detected hackers,” he said. “They’re hacking our web site.”

However, I haven’t so far been able to find any official confirmation from Dell. The nearest I’ve found is from someone with the job title Liaison for Customer Care including the statement:

Unfortunately, there are unscrupulous third party entities posing as Dell or Microsoft representatives trying to obtain personal credit card information from Dell customers. Please be assured we take these reports very seriously. DO NOT give them any personal information as they are not associated with Dell.

Dan Goodin said on the 6th of December in an article for Ars Technica that the site has been in frequent communication with Dell, but has not received any answer to the question “…did Dell officials have any reason to believe its customer data had been compromised, and if not, how did they believe the scammers had access to serial numbers, contact information, and past support calls?”

Hoffelder comments “…the scary part is that these scam phone calls have been going on since at least May 2015, and Dell doesn’t seem to be able to stop it.” Actually, the really scary part is that Dell can’t promise that its customers won’t get unsolicited calls from the company if they’ve signed up with Dell’s premium support services.

If this did turn out to be the result of a breach at Dell, what could the company do about it? Obviously it wouldn’t be able to get the data back from the scammers, but it could notify the users of their products and services – especially the support services. After all, the company was able to respond reasonably appropriately to the recent exposure of backdoor issues with its computers. It could even, perhaps, make infrastructural changes to their database so that the stolen data would no longer be valid, though I don’t suppose such an exercise would be particularly cheap. In the absence of more information, I have to agree with Goodin’s advice that Dell customers “should presume their support histories and purchase and contact information has been compromised…”

David Harley

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: David Harley | Tags: , , , ,