
Tech-support scammers know everything about my computer, Dell customer says - MilnerRoute
https://arstechnica.com/information-technology/2018/07/ongoing-scam-is-still-stoking-concerns-dell-customer-data-was-breached/
======
MilnerRoute
This 2016 story found many more people experiencing the same thing -- and has
comments from more people who've had the same problem over the last two years.

[http://www.10zenmonkeys.com/2016/01/04/dell-computers-has-
be...](http://www.10zenmonkeys.com/2016/01/04/dell-computers-has-been-hacked/)

It suggests another possibility: that scammers are simply getting hired BY
Dell, and then supplementing their hourly wage by trying to con Dell's
customers out of hundreds of dollars more.

~~~
56chan4
> that scammers are simply getting hired BY Dell, and then supplementing their
> hourly wage by trying to con Dell's customers out of hundreds of dollars
> more.

This, I've bought Dells in the past and one Indian based sales rep charged my
payment card for an additional amount, I wonder if they expected me to not
spot the extra charge but the card company refunded it. Thing is people deal
with call centres so its easier as a criminal to join a large multinational
company and operate from within as we assume big companies know what they are
doing. Other problem is Intel Vpro/AMT is supplied in a lot of Dell equipment
and its switched on by default. Even now, despite it being disabled, its not
disabled as its 169992 port is showing up in ipv6 port scans. Intel really
have created a hackers paradise with vPro/AMT.

~~~
acct1771
Likely by design.

------
JohnTHaller
This has been going on for a while. Dell's customer service records were
stolen. I thought this was fairly well known.

~~~
PakG1
Did not know that. Googling it, it doesn't look small. Makes me realize that I
miss the days when I could slap together a PC myself with parts I bought
myself. Really too bad we can't do that with laptops.

~~~
arpa
You should look into barebone laptops.

------
kevingadd
Scammers have had access to Dell's customer service databases for upwards of
like 3 years. I get the calls periodically and once spoke with someone from
Dell's security dept. about it. It's not clear whether the databases are
current or outdated, though, and it's not clear how they got them. It's
definitely not as narrow as 'data from Windows based suport software' or
anything, because in my case I get calls from "dell support" claiming my _4k
monitor_ has a virus. They seem to have a full support registry (my monitor is
in the database because I had to RMA it).

Sadly the nature of telecom security in the US means it's very hard to
actually trace it back to them - the caller ID is always forged. As far as I
know from speaking to Dell security staff they can't do anything without an
unmasked number. If you get a call from the scammers try to get them to give
you a callback number, because if it works it can be subpoenaed!

~~~
janoc
These are Indian (and other) call center employees who contract as support for
Dell (and others) during the day and then use their access and company data
after hours for some extra buck.

It has been going on for years, there was even an interview with one of these
guys published - basically they do it because they would be stupid not to. It
is essentially free money and the chances of getting caught are tiny. And even
then the worst that will happen is that you get fired - and promptly re-hired
by another call center operator.

This is very much Dell's fault for outsourcing English-speaking (it is not a
problem for other languages because it is much harder to find e.g. French or
German speakers in those cheap labor countries) to the lowest bidder in India
and elsewhere.

~~~
walshemj
It does happen in the west as well I remember being briefed about a BT call
centre where crims would hang out in a nearby underpass and try and get staff
to get information.

I did joke with my opposite number in Cellnet (o2) who was ex 2 Para and in
the Territorial SAS about taking direct action :-)

------
ChoGGi
So either Dell got hacked and they didn't notice, or they got hacked and
didn't report it... Nice

~~~
56chan4
There is no legal requirement in many countries for a company to report it has
been hacked and even if there were, if they dont spot the hack how can they
report it? See No Evil, Hear No Evil, Speak No Evil, problem solved. Beside
with so many global businesses employing the best from around the world, how
do these companies know they are not employing spooks with excellent
fabricated grades? It might explain how Microsofts Win10 source code their
crown jewels, was leaked online.

~~~
opless
GPDR or whatever it's called requires it. So pretty much the entirety of the
EU... Or companies with offices in the EU ... So if you're an EU citizen, you
should have been notified by law.

------
ahnooie
Had this happen to me a few years back as well: [https://b3n.org/dell-hacked-
watch-out-for-social-engineering...](https://b3n.org/dell-hacked-watch-out-
for-social-engineering-scams/) so far Dell wasn't sent any communication my
way to indicate they've been hacked.

------
mirimir
I'm guessing that these customers are running Windows. And very likely as
delivered by Dell. Might Dell have bundled a service that provides support
information to Dell tech support? And might the scammers be exploiting that
service, perhaps through an authentication weakness, without any customer data
taken directly from Dell?

~~~
jjeaff
They outsource their tech support to the lowest bidder, mostly in difficult to
monitor overseas offices. I'd say the most likely scenario is that underpaid
Dell employees are just using their official access to do the scams or pass
the information along to outside scammers.

~~~
goranb
I received the first call after I had a hardware issue with my laptop serviced
on site. The service guy was just a random contractor, so when the call
happened my immediate thought was "ah, somebody like that dude just vacuumed
up all the customer data." Because, you know, big companies are really great
at building secure internal software when chasing the cheapest dollar. </s>

------
ggm
I thought there were laws now requiring a declaration to the FTC of this kind
of information loss, with penalties?

~~~
TuringNYC
Isn't the typical "penalty" a year of free credit monitoring offered to the
customer? (as if that does anything...you're stuck with most Personally-
Identifying-Information for life and now it is already in the wild...)

------
ikeboy
Yes, been reported for years, I've been on the receiving end of such a call,
and they knew the service tag of the computer.

------
acd
Could it be that a reseller of Dell has been hacked someone stole the database
and the data leak contains Service Tags, serial numbers?

It sounds like it could be either a data leak or a software security bug. This
is just guesses.

------
Kagerjay
I own a Dell Laptop and I've experienced this same phone call at least a dozen
times. Its always someone with a thick indian accent as well.

They tell me my computer is compromised. It happened most frequently during
news of Meltdown and Spectre, probably hoping to use predatory tactics on
people who don't know any better.

I asked them to validate the information. They had my serial tag number, my
purchase date, the model, my address, my fullname last name, etc. I bought
this unit from bestbuy, I don't ever actually remember entering this
information in. It might have been the dell bloatware installed on the PC, or
information bestbuy gave to dell. This was 2013, I've gotten over dozens of
phone calls since then

I remember distinctly playing the con-man and really seeing how much
information they wanted. It was always "Sir, let me help you fix your computer
its urgent your computer is h4ck3d". I never gave them access to my computer,
but I did do one screensharing session out of sheer curiosity. He would have a
convincing story about telling me to go to the event manager, point at some
random unrelated item, tell me how come I've never noticed that before and
spin a convincing story about my computer being compromised. He would have me
run some basic terminal commands, I can't recall which ones, but it involved
things like _ipconfig_ among other things. Then we would go on some DNS
tracing tools online, some were actually legitimate I checked the domain name
on my other computer while this session was live.

I pretended to be gullible and naive so he would take the bait. I was brought
to some scam site. I can't remember anymore what it was. But it was like a
marketing ad agency, except it was clearly poorly designed with UX clearly
designed by someone overseas (with proper ingrammer and such), and they sold
prepaid hourly packages for "tech support" whatever that meant. Probably, it
was actual overly priced tech support with blackmailing mixed on the side, and
selling it to black data markets for creditcard theft. I didn't risk it
venturing further

 _I have another whole story unrelated to this as well from company checks
scams & Nigerian Princes that I personally experienced_

I just ask them one simple question. Please email me an official confirmation
via "yourname@dell.com" to validate everything stated on this phonecall. They
never did. That's how I validate all phony calls, but normally I just hang up
and look for the direct number on the official dell website.

I strongly considered running a Lenny anti-telemarketing chatbot, but I ended
up just installing an app called "Should I answer?" to determine legitimacy of
calls. Now I just straight don't answer calls I don't recognize anymore, I
always make an effort to add contact information of people I care about. Calls
can be spoofed for local numbers, and I have a voicemail. If it was important,
a voicemail would be left.

Controversally, I find the data market to be interesting. I keep track of
which companies have sold my data where, via something akin to honeypots using
specific appended email addresses. There's a good reddit article here
[https://www.reddit.com/r/LifeProTips/comments/45k8f7/lpt_whe...](https://www.reddit.com/r/LifeProTips/comments/45k8f7/lpt_when_providing_your_email_to_other_sites/)
, it doesn't work all the time but I have different email addresses for
different purposes now.

