Highlighted
3 Argentum

Very Disturbing Phone Call I Just got!

My phone rings and the Caller ID shows this:


Caller says he is from Dell and asks for me by name? Smelling something rotten I asked why the Caller ID didn't show Dell. He said it was because he was using an Internet Phone. Then asked if I was at the computer, said yes, and then he said it was sending out reports to them of errors on my computer. He said to make sure it was the correct computer he'd like to check the Service Tag... no way I'm telling him that and he proceeded to give me MY SERVICE TAG! Then the scam started, look at my Event Viewer and all the errors and warnings... at that point I hung up (and he didn't call back of course).


So I called Dell Support and spoke to them. Of course they told me it wasn't them who called and it was a scam. Surprisingly I was told this has been happening to many people.

I was concerned HOW they got the 3 pieces of info, name, number, and Service Tag. Asked to speak to a Supervisor. Eventually he confirmed they've been getting calls from customers like this. Dell Security is investigating.

Afraid that my Dell Credit card was compromised I call Dell Financial as well. They too say the data is safe.

Well, be warned.

Oh, I did call the number back and got a recorded message, "This call could not be completed because I was trying to reach a Skype user"?

Oh well.

22 Replies
Highlighted
5 Iridium

RE: Very Disturbing Phone Call I Just got!

Most businesses sell your basic information to mass marketers. However, knowing your Service Tag number is bothersome. Either Dell has been hacked, or you have. To make sure, ensure that you have good AV and malware programs running, and run as many free programs as you can to see what's what. More likely it's Dell.

XPS M1530, Win 10 CU Pro 32-bit
Inspiron E1705, Win 10 CU Pro 32-bit
Dimension 9100, Win 10 AU Pro 32 bit
Inspiron 660, Win 10 CU 64 bit
Inspiron 3668, Win 10 CU 64 bit
Asus T100 Tablet, Windows 10 CU 32 bit

0 Kudos
Highlighted
3 Argentum

RE: Very Disturbing Phone Call I Just got!

To make sure, ensure that you have good AV and malware programs running, and run as many free programs as you can to see what's what.

Of course I keep a Security Suite running and up to date, McAfee that was shipped with the Dell in this case. Also 'occasionally' run MalwareBytes, SpyBot, and others. Can't be too careful here.

Supervisor did state they have gotten other calls like mine from customers and Dell Security is working on this.

Yes, names, phone numbers, and e-mail addresses are often sold to 'like' vendors who could use those contacts. I don't think Dell or Dell Financial does though. However my Service Tag should not be known unless I had posted it in a forum post and I'm pretty sure I would not have. Only Dell should know that. Yes, programs on my computer can see that, but what would be the odds of a specific program getting that data and sending it somewhere without my knowledge? Getting my name and phone number too, Even Dell's Support App. doesn't have my name or phone number. I know my name and phone number IS on this computer is different places, but for an app to collect that it would have to know all possible locations of such data AND it was running on a Dell. Hard to believe such an app would exist?

BTW, as it happens, McAfee started a scan today after the call, results:

It is a custom scan as I have replaced the C: drive with an SSD and kept the old one and can boot from it if need be, but that drive is never accessed or used, so I don't waste time scanning it.

Also just ran Malwarebytes Anti-Malware scan:

Pretty sure I'm 'clean'.

0 Kudos
Highlighted
8 Xenon

RE: Very Disturbing Phone Call I Just got!

Hi IrvSp,

I appreciate you posting your story. I've had similar calls, as have my family, not claiming to be from Dell but Microsoft or in one case Windows. That's very disturbing about the service tag. As you know, Dell forum policy does not allow people to post their service tag, but many people do anyway, in addition to email addresses, home phone numbers and even home address. I've seen just about everything except blood type.

Anyway, your instincts served you well, and let's hope that's the end of it.

0 Kudos
Highlighted
8 Krypton

RE: Very Disturbing Phone Call I Just got!

If you check the Customer Care forum, there have been a number of posts recently where the caller knows the user's name and Service Tag, so Dell should be aware of this issue.

I got one of these calls yesterday and he claimed to know my all info, but when pressed for details, all he'd say is "your Windows 7 PC". Asked which of my two Win 7 PCs is sending "distress messages" and he was stuck...

Said I'd have to call him back so he gave me his company name: "iTech" at 855-335-7469. I promptly filed an abuse report with the federal trade commission.  emoticon.BigSmile.title

EDIT: Don't know why censor software didn't like the abbreviation.

Ron

   Forum Member since 2004
   I'm not a Dell employee

0 Kudos
Highlighted

RE: Very Disturbing Phone Call I Just got!

Ron,

I get at least  3 or 4 calls a week  from ppl who say they are techs and  my computer is doing what they say yours is doing.

i don't think they ever said what my tag #is?

If i have the time and am so inclined, I'll play their game, but I'll also keep one step a head of them  and ask them what they want me to  do  next, open the event viewer?  🙂

After a while i tell them the jigs  up and that's that.....btw, they didn't call today, I feel rejected!

 

Dell Forum Member Since 2004 but not an employee of Dell

If this answers your question, click
  Yes  

0 Kudos
Highlighted
8 Xenon

RE: Very Disturbing Phone Call I Just got!

Your service tag unfortunately can be had from WMI

and because remote support and WMI

are turned on by default that wouldn't require much to get.

wmic csproduct get vendor,name,identifyingnumber
IdentifyingNumber Name Vendor ABCDEF1 Precision 380 Dell Inc.

wmic /user:administrator /node:remote-host(or IP ADDR)   
bios get serialnumber
SerialNumber ABCDEF1


This is why its bad to have an
administrator with no password.


If you open a command
prompt you can test this locally.


It allows me to do this even
on a locked down system
where I am a user in a domain.







Report Unresolved Customer Service Issues
here

I do not work for Dell. I too am a user.

The forum is primarily user to user, with Dell employees moderating
Contact USA Technical Support






Get Support on Twitter @DellCaresPro

0 Kudos
Highlighted
3 Argentum

RE: Very Disturbing Phone Call I Just got!

If you open a command
prompt you can test this locally.

I think all is OFF, but I also have a router that will block unsolicited packets as well as a firewall. My account requires a P/W too.

I opened a CMD prompt as an Administrator and ran this:


=================

C:\Windows\system32>wmic /user:administrator /node:192.168.1.30  bios get serial
number
Enter the password :

Node - 192.168.1.30
ERROR:
Description = Access is denied.

================

I don't think it was gotten from my system.

0 Kudos
Highlighted
8 Xenon

RE: Very Disturbing Phone Call I Just got!

192.168.1.30 is an RFC1918 number and not routeable.

The NAT translated number is what a remote attacker would use.

The Internet Assigned Numbers Authority (IANA) has reserved the
   following three blocks of the IP address space for private 
(Non routeable) internets: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

 

Open a CMD window and type

wmic csproduct get vendor,name,identifyingnumber


what does it say?

Report Unresolved Customer Service Issues
here

I do not work for Dell. I too am a user.

The forum is primarily user to user, with Dell employees moderating
Contact USA Technical Support






Get Support on Twitter @DellCaresPro

0 Kudos
Highlighted

RE: Very Disturbing Phone Call I Just got!

Here's a link to some helpful information regarding this issue.

Third Party Entities Posing as Dell

Regards,
Robert 

0 Kudos
Highlighted
3 Argentum

RE: Very Disturbing Phone Call I Just got!

Open a CMD window and type

wmic csproduct get vendor,name,identifyingnumber

Sure, it shows it:

======

IdentifyingNumber  Name      Vendor
XXXXX02            XPS 8700  Dell Inc.

======

That STILL requires someone to get on my computer, exercise the CMD and send it back to themselves... defeating my A/V, Firewall, and Router... doubt it. Also not to mention connect that data to my name and phone number.

Are you suggesting Dell was NOT compromised?

0 Kudos
Highlighted
3 Argentum

RE: Very Disturbing Phone Call I Just got!

Here's a link to some helpful information regarding this issue.

Third Party Entities Posing as Dell

Regards,
Robert 

That link doesn't work for me, get the 404???

0 Kudos
Highlighted
8 Xenon

RE: Very Disturbing Phone Call I Just got!

Phishing Malware will "get on your machine" and not disable it but rather poke a wide as the grand canyon hole in your firewall to a remote hacker.  That person or persons can then use wmic and telnet and other protocols to pull information from your machine without your knowledge and consent.   This isn't dell being hacked its a persons machine being compromised in such a way as to leak data.  This is why the hackers DO NOT have your dell customer number, address, and other information that Dell Sales would have but would not share with anyone.  Its like getting a phone call supposedly from your credit card company or bank requesting your PIN and other Info.  The real Credit card company or Bank would never cold call you asking for this because they already know it.

There are also Printer servers that can be compromised to springboard from the printer's server onto your machine behind your firewall to telnet or RDP. This is why you need to make sure that your printers network firmware is up to date.  For Example: CVE-2012-5215 (VU#782451, SSRT101078), vulnerability affected 12 printer models including HP LaserJet Pro P1102w, P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh Multifunction Printer, M1217nfw Multifunction Printer, M1218nfs MFP, M1219nf MFP, CP1025nw, and CP1025nw.

This is what Lorna said 2 years ago.

http://commweb-ps3.us.dell.com/support-forums/customercare/f/4674/t/19491559

 

Alert || Fraudulent Outbound Sales being made to customers by 3rd party entities - How to report a Dell Security incident

We have been hearing some complaints about some fraudulent callers and emails promoting Dell sounding products – this is actually a scam or harmful programs from Third-party entities posing as Dell.

Customers are receiving calls from these fraudulent entities stating their system is infected by a virus/malware. The Third-party entities offer to assist them for a fee.

Have you received a suspicious message or email claiming to come from Dell? Let us know by posting to @ReportDellScams on Twitter

To protect yourself, please do NOT:

*Provide any confidential information such as password, Customer ID, Credit/Debit Card number or PIN, CVV, DOB to any e-mail or telephonic request, even if  the request is from Dell.
*Transfer funds to or share account details with, unknown/ non-validated parties.

We will forward this information to our Fraud Investigation Team. They will investigate the issue and if additional information is required, they may call you. Please be prepared to provide the following information:

Customer Name:
Phone No:
Email Address:
System Service Tag No:
Service Request Case No:
Fraudulent Company's Name: 
Fraudulent Caller's Name (If Available): 
Phone No. used to call customer (If Available):

 


Report Unresolved Customer Service Issues
here

I do not work for Dell. I too am a user.

The forum is primarily user to user, with Dell employees moderating
Contact USA Technical Support






Get Support on Twitter @DellCaresPro

Highlighted
3 Argentum

RE: Very Disturbing Phone Call I Just got!

Well, I too have gotten MANY scam calls purporting to MS or some name with MS in it. I no these are scams. This one however was different. Not only did they say they were Dell, they knew my name, and the Service tag. Normally these scams know nothing, and in some cases they are cold calls and don't even know if you have a Windows PC.

First I am on a LAN here. My wife has a Dell and another one (besides mine) is on the LAN as well. I don't think my LAN was compromised at all, nor my machine.

I don't dispute one could get the Service Tag off of my machine. I know my name is on the machine as well, and my phone number. I just don't see a program that would be smart enough to search for these on my machine? There are just too many places to look. I'm not saying it would happen, just I doubt it. Places like the one that called me could be called anything 'related to Windows', why waste time saying Dell, other than the fact that they have DATA that tells them I have a Dell. Think about this, IF they were able to get on my machine to get the data, wouldn't it be smarter to INFECT it? Run a 'locker' type program and demand a ransom? Why take a chance I'd know it was a scam when they called?

I say Dell was compromised and some data was stolen. Even the Dell Support Supervisor admits that might have happened as others have gotten the same call where the Service Tag was known.

Oh, Dell Financial Services can't put a hold on a credit card. It is either OPEN or CLOSED. They claim I'm protected as my home address can't be changed, anything ordered would be shipped to me. Hmm, how would I change my address if I move? They say before any changes can be made 'security' questions must be answered. Fine, but if someone has that data, what happens? Answer, we always e-mail any changes to the last e-mail address on record. Time will tell...

0 Kudos
Highlighted
8 Xenon

RE: Very Disturbing Phone Call I Just got!

Call on cell phone from this number 661-748-0240. They said they were calling from Microsoft and that his computer was infected with multiple trojan horses and he needed to pay for their help to remove them.  They said that his computer had come to their attention because it was sending messages to the Microsoft.  Scammers  website: microsoftsupportusa.com/tb-pc.html 

phone connection was very bad and the people on the other end didn't speak good English

The caller has a skype account using their pc to call you and they are not in the united states.  Dell might want to check with microsoft to see
 if skype is the app that they are tunneling thru to get user information and whether or not SKYPE's servers have been hacked.

My security office says that

(661) 748 0240 appears on outbound calls for Skype users who have not set up their Skype caller ID yet and is also utilized by cyber criminals to promote malware and initiate other scams.


Report Unresolved Customer Service Issues
here

I do not work for Dell. I too am a user.

The forum is primarily user to user, with Dell employees moderating
Contact USA Technical Support






Get Support on Twitter @DellCaresPro

0 Kudos
Highlighted
3 Argentum

RE: Very Disturbing Phone Call I Just got!

Very interesting Blog that appeared recently.

Dell System Detect Vulnerability now classified as a PUP

April 3, 2015 | BY Adam Kujawa

https://blog.malwarebytes.org/exploits-2/2015/04/dell-system-detect-vulnerability-now-classified-as-...

Be sure to take the reference details link as well.

Note, the LINK seems to change, not sure if it will work, so here is the part of the link from // on:

blog.malwarebytes.org/exploits-2/2015/04/dell-system-detect-vulnerability-now-classified-as-a-pup/

0 Kudos
Highlighted
8 Xenon

RE: Very Disturbing Phone Call I Just got!

Getting to your computer is usually done with malicious sites and or email links.  Malwarebytes will not detect this as its not on your machine but rather a link on an email server or website that you have been referred to.  This is not attributable to Dell specifically its a microsoft problem.  And windows isn't the only vunerable OS which is why Java is updated 4,576,344 times a year.

Current Version is Java 8 U40 I think.  Java 7 became End of life in april.  The Vunerable Website in these cases is setup to Deliberately be vunerable.Oracle has changed the way they package their installation files from v7 to v8. 

C:\WINDOWS\system32\config\systemprofile\AppData\LocalLow\Sun\Java\jre1.8.0_40\jre1.8.0_40.msi

 


 


Report Unresolved Customer Service Issues
here

I do not work for Dell. I too am a user.

The forum is primarily user to user, with Dell employees moderating
Contact USA Technical Support






Get Support on Twitter @DellCaresPro

0 Kudos
Highlighted
2 Bronze

RE: Very Disturbing Phone Call I Just got!

I just got the same call several times, they are relentless. Scary the knew my Service Tag, phone number, wife's phone number and my e-mail address. Dell most certainly has some leaks from their India Support Center or worse their website has been compromised.

0 Kudos
Highlighted
Not applicable

RE: Very Disturbing Phone Call I Just got!

Same here! However, what even scarier is the fact that DELL is aware and has been for quite some time now....dating back to 2012 (according to my quick search).

I found many many posts about the scammers calling folks (home/cell phones) with their service tags, the type of computer they have, etc. Customers are trying to figure out the scammers got their service tag #s. DELL said the information is confidential and secured; no hack attacks. HA!, ok. Well customers say they have never posted their service tag #s online (i.e, forums, public sites, etc.) Some say they only find the need to use their service tag # when they call Dell Tech Supp.

In my case, when I do decide to answer unknown calls or numbers that I'm unfamiliar with and they turn out to be scammers, I tend to have a little fun. What a hilarious day today has been. Out of 5 calls I answered twice and was told to go to *** both times. 

The first call came from "California". Yes, they gave me my service tag #. Yes, they told me I was having network issues. Yes, they told I bought a Dell Insipron. He told me that they were getting signals that my computer was having network issues and it may have a virus. I said, burst out in laughter and said Really!!?, try that on someone else! I was told to go to *** and he hung up.

A few hours later the called came in from an "unknown" number. The same information was given by the scammer, service, etc. I asked the guy was he calling from Dell and he said no, he was calling from Dell Technical Dept. I asked where he was located; he said in Dell's Tech Dept in India - Delphi. Right...hmm Ok. I asked him for his name, he said Chris. I asked for his customer rep #; he said 1-800-424-1235. I said no, your Dell employee # and he then gave me the ID #5531. He then began to tell me the reason for the call was because they were following up to my technical issues and they were picking up network security issues. I said really, like right now! He said yes ma'am you called Dell with issues that your computer would not boot and we've been monitoring those issues and your internet connections and it seems to be some issues with the number of devices you have connected to your internet right now. I said whoa, you mean to tell me Dell is monitoring my computer like right now? He said no we're not monitoring your computer ma'am. I said well how do you know what’s on my network; are you monitoring my network. He continued....Ma’am we can see network traffic coming through our servers through blah blah (nonsense)….I said really? Ma'am how many devices to you have connected to the internet right now when you bought your computer it came with remote services and monitoring capabilities. I said, “Ohh, okay!” Well tell how does that work? Huh, how is that possible? Ma’am we need to fix these issues; we have the ability to take care of these issues because your machine could be infected right now. I said you can see my machine right now; like you can see my computer right now!!! And my whole network can be infected right now??!!  Oh my goodness!!! Are you serious!!! (KMSL)

He was ma'am, you're not taking this serious! You're connected to internet right now?, (no answer from me) ma’am, how many different devices do you have connected? I paused (while LOL) and said very calmly.....ahhhh….let’s see...right now?.....hmmm…..None, I'm not on the internet.

He said, Go to ***!!! And Hung Up!!!!!!!!!!!!

KMSL!!! I wonder if they’re going to take me off of their call list! L ahh man

Admit DELL, everyone else is doing it!

~It'syou - Notme!~

0 Kudos
Highlighted
Not applicable

RE: Very Disturbing Phone Call I Just got!

Same here! However, what even scarier is the fact that DELL is aware and has been for quite some time now....dating back to 2012 (according to my quick search).

I found many many posts about the scammers calling folks (home/cell phones) with their service tags, the type of computer they have, etc. Customers are trying to figure out the scammers got their service tag #s. DELL said the information is confidential and secured; no hack attacks. HA!, ok. Well customers say they have never posted their service tag #s online (i.e, forums, public sites, etc.) Some say they only find the need to use their service tag # when they call Dell Tech Supp.

In my case, when I do decide to answer unknown calls or numbers that I'm unfamiliar with and they turn out to be scammers, I tend to have a little fun. What a hilarious day today has been. Out of 5 calls I answered twice and was told to go to *** both times. 

The first call came from "California". Yes, they gave me my service tag #. Yes, they told me I was having network issues. Yes, they told I bought a Dell Insipron. He told me that they were getting signals that my computer was having network issues and it may have a virus. I said, burst out in laughter and said Really!!?, try that on someone else! I was told to go to *** and he hung up.

A few hours later the called came in from an "unknown" number. The same information was given by the scammer, service, etc. I asked the guy was he calling from Dell and he said no, he was calling from Dell Technical Dept. I asked where he was located; he said in Dell's Tech Dept in India - Delphi. Right...hmm Ok. I asked him for his name, he said Chris. I asked for his customer rep #; he said 1-800-424-1235. I said no, your Dell employee # and he then gave me the ID #5531. He then began to tell me the reason for the call was because they were following up to my technical issues and they were picking up network security issues. I said really, like right now! He said yes ma'am you called Dell with issues that your computer would not boot and we've been monitoring those issues and your internet connections and it seems to be some issues with the number of devices you have connected to your internet right now. I said whoa, you mean to tell me Dell is monitoring my computer like right now? He said no we're not monitoring your computer ma'am. I said well how do you know what’s on my network; are you monitoring my network. He continued....Ma’am we can see network traffic coming through our servers through blah blah (nonsense)….I said really? Ma'am how many devices to you have connected to the internet right now when you bought your computer it came with remote services and monitoring capabilities. I said, “Ohh, okay!” Well tell how does that work? Huh, how is that possible? Ma’am we need to fix these issues; we have the ability to take care of these issues because your machine could be infected right now. I said you can see my machine right now; like you can see my computer right now!!! And my whole network can be infected right now??!!  Oh my goodness!!! Are you serious!!! (KMSL)

He was ma'am, you're not taking this serious! You're connected to internet right now?, (no answer from me) ma’am, how many different devices do you have connected? I paused (while LOL) and said very calmly.....ahhhh….let’s see...right now?.....hmmm…..None, I'm not on the internet.

He said, Go to ***!!! And Hung Up!!!!!!!!!!!!

KMSL!!! I wonder if they’re going to take me off of their call list!  ahh man

I simply report it to Government Authorities as appropriate.

Admit DELL, everyone else is doing it!

~It'syou - Notme!~

0 Kudos
Highlighted
5 Iridium

RE: Very Disturbing Phone Call I Just got!

Your Service Tag number and other computer info is also stored on your PC. It's just as likely that the scammers acquired the info directly from your computer and not from Dell. These scammers also are very tricky and have users actually tell them the info and then agree that that is the correct info.  

XPS M1530, Win 10 CU Pro 32-bit
Inspiron E1705, Win 10 CU Pro 32-bit
Dimension 9100, Win 10 AU Pro 32 bit
Inspiron 660, Win 10 CU 64 bit
Inspiron 3668, Win 10 CU 64 bit
Asus T100 Tablet, Windows 10 CU 32 bit

0 Kudos
Highlighted
7 Gold

RE: Very Disturbing Phone Call I Just got!

It is very easy to get infected by malware by going to a website that has been hacked. It happened to me which is why I mostly use Linux now. I have Windows PCs because I use and write software for them because of work.

While you lay the blame on Dell, you may very well have to point the finger at yourself.

 

0 Kudos
Highlighted
8 Xenon

RE: Very Disturbing Phone Call I Just got!

Service Tag and other information can be had REMOTELY via keyloggers, maleware. as well as by using WMIC commands

Hackers can infect 1 machine behind your firewall and use WMIC to get your info remotely.

This is also a reason to not use your real name or address or phone number when installing software .

Open cmd prompt and type.

wmic csproduct get vendor,name,identifyingnumber


Report Unresolved Customer Service Issues
here

I do not work for Dell. I too am a user.

The forum is primarily user to user, with Dell employees moderating
Contact USA Technical Support






Get Support on Twitter @DellCaresPro