Unsolved
This post is more than 5 years old
2 Posts
1
527928
CRITICAL: Security Breach with Dell Ticketing System!!!
Today (7/18/14) I got a call from someone saying they we’re from "Dell Software Support" and that they needed me to start opening up some windows to check things due to messages they rec’d from my computer. It stank to high heaven, so I asked them to provide details about me. They had my full name, my email address, city I lived in (assume they know full address), my phone number, my computer service tag, and a real Dell ticket number. Other things that could be included in that ticket is partial SSN, Dell DFS account number etc. I even said I’d call them back and they answered the phone as “Dell Software Support.” The guys really knew what they were doing. I dropped them and called Dell support directly (that’s when I discovered the ticket number, though closed in January, was a legit #). The Dell tech said he’d escalate, but there have been posts for a few weeks. I called the scammers’ number back (202-580-8737) and was blocked. The originating number (from caller ID: 661-748-0240) is now an offline skype account. It’s an old scam, but more importantly I’m worried that Dell is either being intentionally silent or is ignorant of the situation. I thwarted the scammers on my end, but not sure what they could do if they called Dell and did some social engineering on that end.
zbestwun2001
8.8K Posts
1
July 19th, 2014 09:00
Patrick065
Thanks for bringing this to our attention, we are aware that scams like this are going on.
If you Google that number you'll see you're not the first to comment on it. I am sure that Dell is looking into this matter along with the Feds. Being that the calls seem to be coming from India there isn't a lot the FBI can do.
Education is the best policy here, Dell will never call with a pitch like that.
Z
Patrick0651
2 Posts
1
July 19th, 2014 20:00
Hi Z. Thank you for the response but it doesn't concern me as much that Dell can't track down the bad guys. The REAL issue here is that Dell has an obvious security breach and has done NOTHING that I know of to inform their customers of a problem. These bad guys have Dell proprietary information (support ticket number, service tag, hardware model and configuration). My account passwords are secure (using Dashlane) and get changed. the same goes for my email. This information was stolen/leaked from within Dell into the wild. I called up Dell DFS to make sure that no purchases or changes could be made on my account for the next 90 days...they had no idea what or even why I would want to do that. It was a simple phone call and I provided basic details to get to the representative. I could have EASILY gotten them to change my account details and made purchases. Dell stores PII (Personally Identifiable Information) and is NOT secure! Where is the response and oversight from Dell's Info Security? The fact that there are other customers complaining about the same issue from the same hacker phone number says that I'm not the one who got hacked, it was Dell! Hi Z. Can you follow up on the statement: "I am sure that Dell is looking into this matter along with the Feds" with details? Without details the statement should read "I would LIKE TO THINK THAT Dell is looking into this matter along with the Feds." Any public announcements of data breach? Any proof that they are aware their ticketing system has been hacked? I know you are "not an employee of Dell" so I would like to know that they are really addressing the issue.
DELL-Chris M
Community Manager
Community Manager
•
54.3K Posts
0
July 21st, 2014 06:00
Dell is aware of this and other complaints and is investigating. No, there will not be a public post/blog. We consider this closed from a Forum perspective.
Update August 26 = We are aware of the problem and have notified our Dell Securities team. Please read the announcement at the top of this Customer Care board, "Scammers posing as Dell Technical Support".