Computer maker Dell is asking for help in an ongoing probe into the source of customer information that appears to have somehow landed in the laps of fraudsters posing as Dell computer support technicians. KrebsOnSecurity readers continue to report being called by scammers posing as Dell support personnel who offer “proof” that they’re with Dell by rattling off the unique Dell “service tag” code printed on each Dell customer’s PC or laptop, as well as information from any previous (legitimate) service issues the customer may have had with Dell.
Image: Wikipedia
In January, Ars Technica’s Dan Goodin wrote about a guy who’d been complaining to Dell for six months about the very same problem, in which the scammers try to convince the customer that their computer is infected and in need of professional services. Dell responded at the time that its customer’s data protection was a top priority, and it reminded customers that Dell doesn’t make unsolicited calls asking to charge to fix an issue they did not report or previously request help with unless they have signed up for premium support services.
I first heard about this in December 2015 from Israeli resident Yosef Kaner, who reported receiving a phone call from someone with a thick Indian accent claiming to be from Dell technical support.
“He said that they had been monitoring my computer usage for the past couple of weeks, and that I had downloaded a dangerous piece of software,” Kaner said. “He offered to help me remove said software. Understanding that this was a scam, I asked him for a callback number. He gave me one. He also, though, knew my name and gave me the Service Tag of my PC. I thanked him and hung up. Then I Googled the number he gave me. It was a known number from a known scam.”
Almost every week this past month, I’ve received similar messages from other readers. Like this one, from Lucy Thomson of Washington, D.C. Thomson is the author of the ABA Data Breach and Encryption Handbook, and a former Justice Department fraud prosecutor.
“So I am not happy that Dell has had this breach and many people are potentially in jeopardy,” Thomson said. “I confirmed with two of the people who called on two different days, one who said he was in San Jose, CA and another who said he was in India, the nature of the PII and service records they have. All of it was correct and they have quite a bit of contact information and service records with specific dates of calls and service.”
Thomson said she called 1-866-383-4713 (the real Dell’s support line) and told the technician about having received calls every day for the previous five days from people claiming to be Dell certified technicians or who worked for Dell.
“I then told him they had all my PII and Dell service records for the computer I purchased from Dell in 2012,” Thomson recalled. “He said they had received calls ‘from people like you,’ and ‘many customers have called.’ In response to my question about why they had not sent data breach notifications, he said ‘The legal team is in charge. The legal team is working with the FBI on this.’ He said that twice. At the end of the call he said ‘we are creating a platform so this will never happen again.'”
Reader Peter Sullivan sent me this note two days ago:
I received a phone call this afternoon from a male with an Asian (Indian?) accent purporting to be a Dell support tech advising me that my computer had been infected with potentially damaging malware. As you can imagine, I was more than a little skeptical. After asking him several challenging questions, I said ‘I have two Dell computers, which one is infected?”
The caller gave me the Service Tag for my XPS 15 (L521x)! When I suggested that I would like to call him back, he told me that the support #s are very busy (!!) and I wouldn’t be able to get through. “ if I give you your Express Service Code will you trust me then?,” he said proceeded to give me the correct number.
I hung up and did a quick search, coming up with some problems from 2015 involving Dell System Detect that had exposed some Dell computers (I thought that I had responded to that issue). To be on the safe side I called Dell Tech Support and they told me that they don’t call … I wasn’t surprised.
Dell spokesman David Frink said the company has “no indication that customer information used in the sames reported recently were obtained through an external attack,” but he declined to respond to direct questions about whether the company had ruled out an insider attack, such as a current or previous channel partner that got hacked or illegally sold Dell customer information.
“Fact is, these phishing scams are increasingly more sophisticated, they are touching not only technology companies, but all industry, and we have devoted considerable resources to addressing them,” Frink said. “We have no indication that customer information used in the scams reported recently were obtained through an external attack. We continuously evaluate our internal physical and technical security measures to determine if there are additional efforts that would further ensure this customer data is secure. And, we investigate any customer complaint received when there is sufficient information to investigate.”
He pointed concerned Dell customers to information on the company’s site that warns customers to be on alert for phone scams.
“We also have provided an intake form to make it easy for customers to submit information for our teams to investigate,” Frink wrote in an email to KrebsOnSecurity. “We’re encouraging our customers to come to us with any information that could facilitate the investigations. We are investigating the issue, but can only do so with assist from customers who believe that someone tried to scam them. This is a continuing investigation, which by its nature, is based primarily on input from customers. We have no indication at this time that customer information used in the scams reported recently were obtained through an external attack.”
So if this wasn’t the result of a rogue partner, exactly how have the scammers managed to glean so much information about Dell customers and any previous service issues? Ars Technica’s Dan Goodin posited one possibility: That the scammers exploited a vulnerability in Dell computers that became public in November.
“It resided on Dell PCs that came pre-installed with digital certificates that made it easy for attackers to cryptographically impersonate any website on the Internet,” Goodin wrote. “The same certificate, it turned out, also allowed hackers to surreptitiously obtain the unique service tag Dell assigns to computers it sells.”
Goodin said that theory still doesn’t explain how scammers obtained contact information and support histories.
“The vulnerability, however, does demonstrate the plausibility that hackers could have devised a way to obtain personal details belonging to Dell customers,” he wrote. “For the time being, owners of Dell computers should presume their support histories and purchase and contact information has been compromised, and act accordingly.”
All that service tag info is in your dell.com account. It’s possible that these accounts were accessed through phishing or passwords gained from a separate breach. It’s not necessarily Dell that got breached.
My account doesn’t have a phone number in it, but there’s a place in there for it and I probably told them I only wanted to get email.
I got a call yesterday from one of those scammers saying he was a Microsoft Technical representative. I asked him a bunch of questions, which he couldn’t answer. I then asked him what my mac address was for the computer. His answer ” we don’t service Mac computers !
That was good!
Thanks for the heads up on this. I’ll be communicating to our employees as we have a purchase program that pushes Dell.
Hope there will be a follow up on the source of the leaked data.
Several months ago, I got a similar call, offering extend my laptop’s warranty for a special one-time only discounted rate. Of course, I doing so would require that I give my payment information over the phone. They read out the laptop’s service information, and offered to make a message pop up on the computer’s screen to prove that the offer was legitimate. I hung up on them.
It doesn’t take a rocket scientist to figure out the Dell’s outsourced India support team has that information. One bad apple in that bunch would easily download all of the data.
+1
^^^This
I’ve had reports from my customers of calls made to (real) HP printer support being followed up 10 min later by tech support scammers referencing the HP call and offering to clean up the PC.
It’s most certainly not just one bad apple… I’d wager it’s entire teams of internal support people. To a degree I can’t blame them… work a third shift job to get yelled at by clueless racist Americans? Might be very tempting to take a “bonus” for feeding data to the scammers.
no one is holding a gun to their heads to work that third shift job. not making excuses for bigots; i know i left a job because i was tired of the abusive idiots who were too stupid to figure out their tech toys.
“clueless racist Americans?”
No stereotyping there.
That’s what happened. This is old news though. I spent some years in retail PC repair, and I’ve seen some terrible scams. People losing thousands to these scumbags. Service tags is a nice one, but not new.
This is a Holy Man calling you, now you know!
Exactly.
I think Biff is onto something there. An employee in an Indian call center could have been paid by an outside scammer/source to siphon off some info for them.
This news about issues with Dell data is not new to me. About five years ago someone surely from India called me and ultimately took control of my PC (Me, stupid). Long story short he sold me Iolo protection with wrong price quoted and wrong description of what I was correcting. Four months of hassle and I got my credit on my charge card. Since then I would say I have received about one call a month telling me that they (sometimes Dell and sometimes Windows Repair) had spotted a terrible problem. Some callers are most skilled than other; I now cut them off immediately. I’ve had five Dell computer; never again.
If Dell would like to hear from customers who might be able to assist with tracking down the source of this problem, they should send an email to all Dell computer owners. This would both alert owners to the problem of unsolicited phishing phone calls, and allow Dell to inform owners of how to provide info to Dell.
I like Biff’s comment about a rotten apple in Dell’s India tech support group.
Agree with Biff. I only bought one desktop from Dell and it was my last. The cs was the most inept I have ever encountered. The rep sounded like Eastern Indian, but I can’t say for sure – I just know ita was “contracted” support because I got him to admit it. These companies think their outsourcing is secure because it’s in the contract.
Dell’s consumer level support is lousy, but their enterprise support is pretty decent. Every time I’ve called for enterprise support I end up getting someone in New Mexico.
If Apple caves to the FBI, this is exactly what will happen.
Hmmmm.
So, when 14 close members of your family (your children, spouse, parents, siblings, in-laws, etc., i.e., what ever it takes out of your hide to get to 14), are killed, and the killer had his Apple iPhone with him while killing them, the protection of Apple’s OS and its data is more important than society’s justice system, and due process?
So, the protection of Apple’s OS and its data is more important than any justice for you, and the remnants of your family?
So, you trust Apple’s CEO far more than judges, to protect you in a pinch?
So Apple’s CEO is more bound to protect you, over protecting the profits/assets of Apple, in spite of his enforceable employment contract with Apple’s investors?
Or no, the above are N/A, and Apple is absolutely right to refuse a judge’s court order or warrant, because you had no skin in the game in San Bernardino?
Perhaps no skin with Dell, either?
Hmmm.
+10 – only it will be far worse, particularly if you happen to be in China or any number of other countries with intrusive, repressive governments…
Eighteen years of corporate purchasing from Dell left me with satisfaction with their product and support. Disputes were rare, as were failures in their process.
I can only ‘ho hum’ at this. All our personal data in external systems must be assumed either leaked, or shortly so.
The only defense left to us is the old firewall: block anything incoming that you didn’t solicit.
Nevertheless, thanks to Mr Krebs for another useful heads-up.
Thank you Mr. Krebs. We have a new Dell PC and almost immediately started getting phone calls from “Mircosoft support”. At least one call a day, since 12/15. Again thanks for the heads up.
We have been getting calls at our home, for at least a year now, from people with thick accents claiming to be from Microsoft support, telling us there is something wrong with our Windows computer. Both my wife and I have Macs.
I have been getting calls like this for several months. I took out a support call from Dell, spent 4 days with them getting my computer cleaned out and still have 1 more service call that has been prepaid. I couldn’t understand why Dell kept calling me about service and either let the call go to voicemail or simply just rehung the phone. I did finally answer 1 call though and just flatly told them I wasn’t ready for any service and that I would call them. They are still calling and I am still not answering them. BTW, the Dell service I did get was excellent, the techs were very knowledgeble and they a great job cleaning up the mess the malware had left. I will certainly be on my toes now that I know what is going on. Thank you so much for the info.
If ANYBODY calls me and tells me my machine is infected I know they’re full of used beans. I’m not an IT but I’ve been playing with computers since I was in the second grade and now I’m 63. I know there is no way-no how anybody is going to know if my computer has a STD from where they’re sitting unless they’re sitting next to me. Somebody mentioned that an insider could be responsible. That’s my guess. You buy a new computer and you register with the company for updates, tech support, any fixes needed, etal and etc. You give personal info because you have to and somebody that has that info might be slightly disgruntled. Have you ever worked 3rd shift for minimum wage because you couldn’t get a better job? When it’s easy money why not grab it and run. ANYBODY that calls me saying my computer needs their help can go stick their heads up their dorsal orifice.
So…just what sort of ‘computer’ were you playing with in 1960 at age 7?
It was a computer the science teacher helped us put together as a class project. It was made from parts he bought himself installed on clear plastic boards. we learned computer logic, how digital systems are supposed to work and a a whole lot more.
ENIAC
Thanks for the warning Brian. I have a Dell desktop so i’m now aware i’m at risk. However, this scam sounds so much like the now familiar Microsoft service scams that other than the scammer having you personal Dell information it seems people by now should know its a scam. I get so many robocalls nowdays that i no longer answer any phone calls unless its from a person on my priority list which gives me a special ring. As long as i trust my system i have 100% eliminated scams and robocalls! I call Dell when i need help, i don’t answer the phone from them or anyone else unless i hear that special ring 🙂
People have told me about these kinds of things. I’ve read about it over the years. I consider myself fortunate that all I ever needed from Dell was drivers. Everything else, I’ll handle myself. Anything I might get a call about wouldn’t be anything I could actually use anyway.
Gee, I get calls like that a lot, too, from “MicroSoft Security” or the like.
But all I own is a desktop Mac.
I guess nobody’s perfect.
I have a webpage on fake email I think you should read this it is important it similar to you Dell to Customers Report
http://itstimefeed.com/fake-fedex-emails/
Some high position people are in involved there is no doubt about it ! We can surely see that Russia will dominate all over the world couse western society is so naive that even you put all the facts and evidence on the table they still don’t believe anything! So who we blame? Offcourse our selfes!
I have had this same phone call. I was told that Dell was getting messages from my Inspiron laptop showing that I had some internal problems. For 7 hours of work and $100. they would service my machine. I never had any pop ups until I connected with them. They insisted I had a severe virus infection and the one sign was all the pop ups I was getting. I told him this was the only one I saw since I bought the computer. When I questioned how was I too know they were from Dell he proceeded to tell me the service tag number. Wrong, the number did not match. It seems I purchased one Inspiron, had a problem with it and returned it to Dell. I believe it was that number he had and not the replacement. Besides the information being wrong, I thought I heard someone in the background wispering. I could not say for sure but at this point I ended the call. If my purchase records are looked into they may be able to come up with an approximate date from when the information was stolen from Dell. I would be happy to help if I can. Bob H.
Have a new Dell (month and a half old). Because of the issues with back doors by Dell’s inept certificate policies I blew away their install and put a clean Windows Install on it.
Be interesting to see whether we get any calls or not. It’d be alot easier to get this info through their outsourced support crew than one PC at a time via the certificate vulnerability though.
Dell says no breach occurred on their end. So that only leaves their outsourced customer service. Either way, it’s on their heads.
I had no idea Dell Service Tags are unique to a specific computer. I was under de impression they are unique to a specific configuration as sold by Dell, so if you say never upgraded your wifi card you can go and download drivers from their website and know they will match the configuration. (Not working for me since the Inspiron 1720 bought in January 2008 and still used by my wife had almost any component except the case and the motherboard replaced/upgraded (OS, discrete video-card, higher resolution LCD, wifi, 3G modem, memory, CPU and of course HDD replaced by 2 SSD)
I’m pretty sure the scammers aren’t getting service histories by just using the certificates. Scammers called me, and knew about *both* my Dell computers. (Could you get that information from just a single certificate?)
This has been happening to me for at least two years after I contacted Dell support in India about getting a copy of Windows 7 on a flash memory. Within a few days I got a call from an Indian scammer who almost convinced me to give him control over my computer. Since then I get a scammer phone call saying “there is something wrong with your computer” every four months or so. Now I unleash a string of obscenities to shame these folks but a different person calls each time. I must have ended up on some scammer list. I agree that there was a leak to these scammers in India from Dell Tech support. I reported this years ago when it first started and its finally getting noticed! Not impressed with Dell in this regard! Also I posted this using my smart phone the other day and got a message “incorrect email address” and it erased my comment and didn’t give me a chance to fix this error which I also think was bogus. Again, not impressed with Dell!
Outsourcing to call centers in India is the problem. The data is obviously not protected. This has been ongoing for the last 10 years. Most of the perpetrators are based in west Bengal state even though most call centers are based in Karnataka state. It is the responsibility of Dell and its contractors to protect their clients data! The less data you give away the better chances of not getting hit by this con.
So…. even though they catch this potential insider(s), whats the end result? They won’t be able to get any more info and service tags. So the Bozo(s) will dump all their data before they are cuffed, and the scammers will end up having a larger database.
When someone calls me about an issue about my system, I simply laugh until they hang up. They don’t call anymore.
I wonder when companies moved their support centers off site if they thought about how they now introduce additional data breaches with US Data?? If you think about how many companies have moved their support centers off-shore to ‘enjoy’ cheap labor and tax breaks if they knew this would also introduce/increase data breaches. ($ over Risk I guess)
I’ve worked in the IT industry for 20+ yrs. I work with off-shore resources today in my line of work. These off shore resources work 50+ hrs/Wk. for 20% less $ and they work for a company to get that company name on their resumes and then usually change jobs frequently. So, you have a work force that job hops and depending on their positions could have access to data that can be sold/used to create these scenarios. And because they are off-shore the likelihood of them being caught or prosecuted are unlikely. Instead we (US Consumers) have to be more aware of these stories so we don’t become a victim.
Transparency….The companies that have moved support and positions off-shore that have breaches like this need to be held accountable and they should have to be more forth coming of these discoveries ASAP! Days not Months when these occur!
Consumers…should have the ability to hold these companies accountable and bring liable/civil suit when these occur. I’m not a person that wants to ‘sue everyone’ but it sure feels like if that started to happen when these scenarios occur these companies would then be more pro-active in maintaining security of our personal data.
I suspect Dell employees and here is why; in the US (new England area) they are constantly trying to hire “Driving techs” for under 11/hr. I suspect dell pays their overseas staff as low as possible also. Crime of opportunity and they don’t feel bad as they are underpaid. But it’s just a guess.
In the paragraph starting “Dell spokesman David Frink”:
s/sames/scams/
Part of a quote, so may just need a (sic)
It may be that information taken is being used for more than these scams. On 7 January, I ordered a system from Dell using a coupon that had to be redeemed in a chat session. On 12 January a fraudulent charge was placed on my credit card. Other recent charges were with the usual merchants. Info could have come from any of them, but these scams make me suspect the chat session.