Support Scammers Targeting Dell Customers

Written by

As I've previously observed, one of the weaknesses of the classic cold-calling tech support scam is that the scammer needs to convince the potential victim that he (the scammer) really has knowledge specific to the victim's PC.

However, what if the scammer does know more about you and your machine than you could reasonably expect? Since May 2015 (or earlier) there has been a spate of cold-call scammers calling Dell customers apparently in possession of information that includes their account information, even down to their support tag and device serial number.

When I wrote about this previously, I was unable to find any official confirmation from Dell that customer information was being leaked, although I did find a fairly anodyne statement warning of callers who 'are not associated with Dell'.

Dan Goodin said in an article on 6 December for Ars Technica that Dell had not responded to the question “…did Dell officials have any reason to believe its customer data had been compromised, and if not, how did they believe the scammers had access to serial numbers, contact information, and past support calls?”

Since then, however, it seems that Brian Krebs has been receiving plenty of reports of similarly well-informed scammers. Lucy Thompson, author of the ABA Data Breach and Encryption Handbook reported that a conversation with the real Dell helpline seemed to confirm that while there has still been no data breach notification from Dell, its legal team is working with the FBI on the issue and the company is apparently "…creating a platform so this will never happen again."

So, it's disappointing that a Dell spokesman told Krebs that there is "no indication that customer information used in the scams reported recently were obtained through an external attack" and sidestepped questions about the possibility of an insider breach.

However, the spokesman did refer to a warning page that links to a reporting form that specifically asks about "the phone number used to contact you, any information they know about your Dell system, and the name of any program they want you to download."

Unfortunately, it still seems that the question remains open as to how the scammers are getting contact information and support histories, even if it turns out that they acquired service tags through a known vulnerability in Dell computers, as suggested by Goodin.

Irrespective of whether there was a direct breach at Dell, it sounds very much as if customer data are out there in the hands of scammers, and the company isn't going to be able to get it back.

If I were a Dell customer, I certainly wouldn't accept that customer-specific knowledge of the type the scammers have acquired, by whatever means, validates their claims.

After all, there's still a credibility gap between having support history information and knowing something about alleged malware currently on the machine.

However, I'm not a Dell customer, and not everyone who is has the technical grasp that Krebs's correspondents seem to have. So perhaps it's time Dell at least made more effort to notify people using its products (and especially its support services) that scammers may have such data, and that possession of such data shouldn't be taken as some sort of validation of the bona fides of a cold-caller.

What’s hot on Infosecurity Magazine?