Jake’s Blog: Dell Customer Data Breach Concern

Jake’s Blog: Dell Customer Data Breach Concern

Phone scammers claiming to be Microsoft tech support is not new but this is a new twist: Scammer claiming to be Dell representatives are targeting Dell computers owners and gain their confidence by reciting to their victim their own Dell computer model number, service tag and service history according to Ars Technica and other sources.  This points to a concern that Dell customer data has been breached.

The scammers, posing as Dell tech support reps, convince their victims that their computers are infected and they need to "run a malware scan" to clean it up.  This "malware scan" in actuality infects the victim's computer with a virus which the scammer claims that his scanner has detect.  The crook then proceeds to ask for a fee to clean it up.

Patrick Z., one of the victims of the scam, said that the fake Dell rep knew that he called months prior about issues with his optical drive.  The scammer also knew his exact computer model and service tag as well.

How Was Dell Customer Data Leaked?

On the surface, it appears that Dell may have experienced a breach which included customer contact information, specifics about their computers and service history data.  Dell refused to answer inquiries about whether they were aware of such a breach and instead point concerned customers to a boilerplate response on their support forums.

Another possibility is that legitimate Dell service reps are pilfering customer information and selling it in underground criminals forums.  This is purely speculative and no evidence that this has occurred although this type of threat is very real as in the Morgan Stanley insider breach incident.

Either way Dell is unwilling to divulge if there has been a breach of their customer data and support histories or if there is any sort of insider data theft.  They are trying to put themselves into the camp of the much less sophisticated Microsoft scam where the crooks randomly call people who are very likely using Microsoft Windows.  But this fails to explain how the scammers would know the specifics about the Dell customer.

Neither Dell nor Microsoft make outgoing support calls unless it is regarding an existing support case.  If in doubt, trust your instincts and never give out your credit card information.  You can always ask for the case number or support ticket number and call back Dell or Microsoft from the phone number you find on their website.  That is, don't use the phone number provided by the suspected scammer because it will like route to a fraudulent offshore call center. If the tech support rep is overly aggressive or gets angry with your lack of cooperation, that is surely a marker that you are dealing with a scammer.