Well-informed tech support scammers target Dell users

Has Dell been breached and its databases containing customer’s personal, computer and tech support data been pilfered?

Dell still won’t say yes or no, but many online postings by users on the Dell support forum seem to point towards the postive answer, as they have experienced scammy tech support calls in which the scammers used correct information about their computers and about previous support requests they contacted Dell with.

Among these users is the author of the 10 Zen Monkeys blog, who recently wrote about having experienced a fake tech support call a few months ago.

“Scammers pretending to be from Dell computers phoned me in November — but these scammers knew things about me. They identified the model number for both my Dell computers, and knew every problem that I’d ever called Dell about,” the author pointed out. “None of this information was ever posted online, so it’s not available anywhere except Dell’s own customer service records.”

The scammers didn’t get what they wanted in this case, and the author called the real Dell tech support to discover how the scammer might have gotten the sensitive information. A customer support representative explained that “Dell has detected hackers. They’re hacking our web site.”

As answers go, it’s not very satisfactory. Previous complaints by other users, dating as far back as May this year, were also answered by Dell in a similar unsatisfactory way.

In short, the company repeats the same few lines again and again, saying that they are aware of tech support scammers posing as Dell Technical Support, and advising targeted users to report details about their interaction so that the company might investigate the matter.

And they still avoid answering the question of whether or not they have been breached.

Comments left on the post back up the author’s claims, and the commenters offered a few alternative theories about how the scammers might have gotten the information they used: company employees selling data they have access to, or legitimate tech support employees misusing it to try to earn money outside their regular work.