As you likely know, online scammers often contact Windows users and pretend to be support techs. They say they have detected a problem with the person's computer and want to fix it. Consumers naive enough to grant access to their computers via remote software are presented with large bills for the service — though the bogus techs don't actually fix anything — and in some cases their PCs are infected with ransomware that locks them out of their computers until they pay ransom.
Shortly after placing a support call to Dell for help with a Windows 10 update issue, Richard Schulman, a retired computer consultant, received one of these calls. He did exactly what a savvy consumer should. He hung up. However, Schulman soon got another call from someone who also claimed to be Dell technician, but because the caller's English was so heavily accented and the call quality so poor, he quickly surmised that it was another scam.
New twist on an old scam
In hopes of somehow identifying the scammer, Schulman stayed on the line. He asked the caller if he could provide his Dell customer service tag number, a support number that's attached to a sticker on every dell computer. Surprisingly, the man had the tag number. Schulman was disturbed. The only people who should have those customers numbers work for Dell, he said.
Schulman hung up on the scammer and immediately tried to find a way to contact Dell's security team. He couldn't find a security contact, so he called the company's tech support line. During a series of phone calls, none of the Dell representatives he spoke with offered to relay his problem to someone further up the food chain.
Schulman gave up trying to get Dell to respond, but he contacted me shortly before Christmas and shared his story. I spoke to him at some length, and the Vero Beach, Fla., resident is far from naïve and says he has no grudge with Dell.
So how did the scammers get Schulman's customer information that only Dell should have had access to? And why didn't someone at Dell respond to his query about the scam?
Weak response from Dell
I reached out to the company for some answers and received this response:
"We are actively investigating these reports and that work is aided when customers contact us. We’ve found no evidence of a technology hack. This kind of phone scam, unfortunately, has become prevalent across our industry."
Dell offered no explanation of how the scammer obtained Schulman's service tag number.
In October, the company posted a warning about these types of telephone scams on its website, and it links to a form users can fill out if they think they've been contacted by a scammer. But it doesn't mention service tag numbers.
Schulman is not the only one who was targeted, and other Dell customers also claim scammers had their customer information. One such person posted a blog that details the same type of scam, and it references seven additional complaints posted to a Dell user forum. One of those customers posted the following comment on Dell's website in July: "Was DELL hacked...?? How did this 'helpful tech representative' have my contact info AND knowledge of my technical issue ???????"
Another man quoted in an Ars Techica story from last week said he called Dell about a problem with his optical drive, and soon after he got a call from a scammer who knew about his specific problem and had his service tag number and other customer information. Ars Technica said it received another similar report from a reader, and when it contacted Dell, the company failed to provide any sort of explanation for the possible breach.
It is unclear what exactly is going on, but there's simply too much smoke to believe Dell isn't dealing with some sort of fire. The company owes Schulman and other affected customers an explanation — and an apology. More importantly, it needs to determine whether or not a leak exists and if so, plug it as soon as possible.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.