Calling a tech support line can be a fairly miserable experience. Having tech support reps calling you at home to warn you about supposed malware on your PC is even worse. It’s an old scam, but one that’s gotten a vicious new twist of late with scammers who know every detail of a victim’s support history, purchases, and even the model numbers of the machines they’ve bought, lending a high level of authenticity to scams that already dupe millions of people every year.
The fake tech support scam is one that’s been rattling around the tech industry for the better part of a decade now, with the most famous iteration being the Windows malware version. In most of these campaigns, scammers purporting to be from some nebulous “Windows support” organization call a victim directly and inform him that they have detected malware on the victim’s computer. The caller usually tells the victim to download a remote access tool to allow the support team to diagnose the malware infection. The callers will then, of course, find some fake malware on the victim’s PC and offer to remove it for a reasonable fee.
Various other versions of this scam can involve ransomware being installed on victims’ PCs, which can cost the victims quite a bit of money. However, the latest variant involves not random, ill-informed people throwing things against the wall, but rather highly knowledgeable scammers who know highly specific details of each target’s history with the company they’re spoofing. A case in point is a recent rash of calls to Dell customers in which the caller says he is from Dell itself and is able to identify the victim’s PC by model number and provide details of previous warranty and support interactions with the company.
These are details that, it would seem, only Dell or perhaps its contractors would know. One person who was contacted by the scammers wrote a detailed description of the call, and said the caller had personal details that could not have been found online.
These are details that, it would seem, only Dell or perhaps its contractors would know.
“Scammers pretending to be from Dell computers phoned me in November — but these scammers knew things about me. They identified the model number for both my Dell computers, and knew every problem that I’d ever called Dell about. None of this information was ever posted online, so it’s not available anywhere except Dell’s own customer service records,” the post on 10zenmonkeys.com, a tech and culture site, says.
The call is not an isolated incident. There are a number of posts on Dell’s own customer support forum from people who experienced similar calls.
“He claimed to be from the Dell ‘R and D Department’. He claimed that my computer had detected a problem and notified Dell automatically. He knew that Dell recently replaced a battery for me, which was true, so that’s why I believed he was really from Dell. (This means they also hacked Dell!) He had me run come commands on the PC and he told me all devices on my IP address were compromised. He had me install the teamviewer app. He passed us off to his ‘level 5 network support’ person. Then I got really suspicious and I hung up the phone,” one post says.
Many of the posts on Dell’s forums, as well as the post on 10zenmonkeys, mention the possibility that Dell has been compromised, allowing the scammers to access customers’ personal details. A company spokesman said Dell is looking into reports it has received from customers.
“We have an extensive end-user security practice that develops capabilities and best practices to better protect our customers. Further, we have established a process by which customers can report this type of tech-support phone scam,” said David Frink.
“Yes, we are investigating as customers provide us information regarding the calls.”
The FTC has been warning customers about tech support scams for many years and has taken steps to disrupt some of the crews running them. It’s a multimillion dollar business that has ensnared thousands of victims, and the addition of authentic details from the victim’s support and purchase history makes it even more difficult for potential victims to identify and ignore these scams.