Most businesses sell your basic information to mass marketers. However, knowing your Service Tag number is bothersome. Either Dell has been hacked, or you have. To make sure, ensure that you have good AV and malware programs running, and run as many free programs as you can to see what's what. More likely it's Dell.

To make sure, ensure that you have good AV and malware programs running, and run as many free programs as you can to see what's what.

Of course I keep a Security Suite running and up to date, McAfee that was shipped with the Dell in this case. Also 'occasionally' run MalwareBytes, SpyBot, and others. Can't be too careful here.

Supervisor did state they have gotten other calls like mine from customers and Dell Security is working on this.

Yes, names, phone numbers, and e-mail addresses are often sold to 'like' vendors who could use those contacts. I don't think Dell or Dell Financial does though. However my Service Tag should not be known unless I had posted it in a forum post and I'm pretty sure I would not have. Only Dell should know that. Yes, programs on my computer can see that, but what would be the odds of a specific program getting that data and sending it somewhere without my knowledge? Getting my name and phone number too, Even Dell's Support App. doesn't have my name or phone number. I know my name and phone number IS on this computer is different places, but for an app to collect that it would have to know all possible locations of such data AND it was running on a Dell. Hard to believe such an app would exist?

BTW, as it happens, McAfee started a scan today after the call, results:

It is a custom scan as I have replaced the C: drive with an SSD and kept the old one and can boot from it if need be, but that drive is never accessed or used, so I don't waste time scanning it.

Also just ran Malwarebytes Anti-Malware scan:

Pretty sure I'm 'clean'.

Hi IrvSp,

I appreciate you posting your story. I've had similar calls, as have my family, not claiming to be from Dell but Microsoft or in one case Windows. That's very disturbing about the service tag. As you know, Dell forum policy does not allow people to post their service tag, but many people do anyway, in addition to email addresses, home phone numbers and even home address. I've seen just about everything except blood type.

Anyway, your instincts served you well, and let's hope that's the end of it.

If you check the Customer Care forum, there have been a number of posts recently where the caller knows the user's name and Service Tag, so Dell should be aware of this issue.

I got one of these calls yesterday and he claimed to know my all info, but when pressed for details, all he'd say is "your Windows 7 PC". Asked which of my two Win 7 PCs is sending "distress messages" and he was stuck...

Said I'd have to call him back so he gave me his company name: "iTech" at 855-335-7469. I promptly filed an abuse report with the federal trade commission.  :emotion-2:

EDIT: Don't know why censor software didn't like the abbreviation.

Ron,

I get at least  3 or 4 calls a week  from ppl who say they are techs and  my computer is doing what they say yours is doing.

i don't think they ever said what my tag #is?

If i have the time and am so inclined, I'll play their game, but I'll also keep one step a head of them  and ask them what they want me to  do  next, open the event viewer?  :)

After a while i tell them the jigs  up and that's that.....btw, they didn't call today, I feel rejected!

Your service tag unfortunately can be had from WMI

and because remote support and WMI

are turned on by default that wouldn't require much to get.

wmic csproduct get vendor,name,identifyingnumber
 IdentifyingNumber    Name                Vendor
ABCDEF1              Precision 380      Dell Inc.

wmic /user:administrator /node:remote-host(or IP ADDR) 
bios get serialnumber

SerialNumber  ABCDEF1

This is why its bad to have an
 administrator with no password.

If you open a command 
prompt you can test this locally.

It allows me to do this even 
on a locked down system 
where I am a user in a domain.

If you open a command prompt you can test this locally.

I think all is OFF, but I also have a router that will block unsolicited packets as well as a firewall. My account requires a P/W too.

I opened a CMD prompt as an Administrator and ran this:

=================

C:\Windows\system32>wmic /user:administrator /node:192.168.1.30  bios get serial
number
Enter the password :

Node - 192.168.1.30
ERROR:
Description = Access is denied.

================

I don't think it was gotten from my system.

192.168.1.30 is an RFC1918 number and not routeable.

The NAT translated number is what a remote attacker would use.

The Internet Assigned Numbers Authority (IANA) has reserved the
   following three blocks of the IP address space for private 
(Non routeable) internets:

     10.0.0.0        -   10.255.255.255  (10/8 prefix)
     172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
     192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

Open a CMD window and type

wmic csproduct get vendor,name,identifyingnumber


what does it say?

Here's a link to some helpful information regarding this issue.

Third Party Entities Posing as Dell

Regards,
Robert 

Here's a link to some helpful information regarding this issue. Third Party Entities Posing as Dell Regards, Robert

That link doesn't work for me, get the 404???

Phishing Malware will "get on your machine" and not disable it but rather poke a wide as the grand canyon hole in your firewall to a remote hacker.  That person or persons can then use wmic and telnet and other protocols to pull information from your machine without your knowledge and consent.   This isn't dell being hacked its a persons machine being compromised in such a way as to leak data.  This is why the hackers DO NOT have your dell customer number, address, and other information that Dell Sales would have but would not share with anyone.  Its like getting a phone call supposedly from your credit card company or bank requesting your PIN and other Info.  The real Credit card company or Bank would never cold call you asking for this because they already know it.

There are also Printer servers that can be compromised to springboard from the printer's server onto your machine behind your firewall to telnet or RDP. This is why you need to make sure that your printers network firmware is up to date.  For Example: CVE-2012-5215 (VU#782451, SSRT101078), vulnerability affected 12 printer models including HP LaserJet Pro P1102w, P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh Multifunction Printer, M1217nfw Multifunction Printer, M1218nfs MFP, M1219nf MFP, CP1025nw, and CP1025nw.

This is what Lorna said 2 years ago.

http://commweb-ps3.us.dell.com/support-forums/customercare/f/4674/t/19491559

Alert || Fraudulent Outbound Sales being made to customers by 3rd party entities - How to report a Dell Security incident

We have been hearing some complaints about some fraudulent callers and emails promoting Dell sounding products – this is actually a scam or harmful programs from Third-party entities posing as Dell.

Customers are receiving calls from these fraudulent entities stating their system is infected by a virus/malware. The Third-party entities offer to assist them for a fee.

Have you received a suspicious message or email claiming to come from Dell? Let us know by posting to @ReportDellScams on Twitter

To protect yourself, please do NOT:

*Provide any confidential information such as password, Customer ID, Credit/Debit Card number or PIN, CVV, DOB to any e-mail or telephonic request, even if  the request is from Dell.
*Transfer funds to or share account details with, unknown/ non-validated parties.

We will forward this information to our Fraud Investigation Team. They will investigate the issue and if additional information is required, they may call you. Please be prepared to provide the following information:

Customer Name:
Phone No:
Email Address:
System Service Tag No:
Service Request Case No:
Fraudulent Company's Name: 
Fraudulent Caller's Name (If Available): 
Phone No. used to call customer (If Available):

Open a CMD window and type wmic csproduct get vendor,name,identifyingnumber

Sure, it shows it:

======

IdentifyingNumber  Name      Vendor
XXXXX02            XPS 8700  Dell Inc.

======

That STILL requires someone to get on my computer, exercise the CMD and send it back to themselves... defeating my A/V, Firewall, and Router... doubt it. Also not to mention connect that data to my name and phone number.

Are you suggesting Dell was NOT compromised?

Call on cell phone from this number 661-748-0240. They said they were calling from Microsoft and that his computer was infected with multiple trojan horses and he needed to pay for their help to remove them.  They said that his computer had come to their attention because it was sending messages to the Microsoft.  Scammers  website: microsoftsupportusa.com/tb-pc.html 

phone connection was very bad and the people on the other end didn't speak good English

The caller has a skype account using their pc to call you and they are not in the united states.  Dell might want to check with microsoft to see
 if skype is the app that they are tunneling thru to get user information and whether or not SKYPE's servers have been hacked.

My security office says that

(661) 748 0240 appears on outbound calls for Skype users who have not set up their Skype caller ID yet and is also utilized by cyber criminals to promote malware and initiate other scams.

Very interesting Blog that appeared recently.

Dell System Detect Vulnerability now classified as a PUP

April 3, 2015 | BY Adam Kujawa

https://blog.malwarebytes.org/exploits-2/2015/04/dell-system-detect-vulnerability-now-classified-as-a-pup/

Be sure to take the reference details link as well.

Note, the LINK seems to change, not sure if it will work, so here is the part of the link from // on:

blog.malwarebytes.org/exploits-2/2015/04/dell-system-detect-vulnerability-now-classified-as-a-pup/