Dell Owners Hit by Tech Scammers Who Know All About Their PCs

Somewhere, somehow, tech-support scammers seem to have access to the details about Dell customers' computers.

Credit: ShutterstockCredit: Shutterstock

Most tech-support scammers just dial random numbers and try to convince whoever answers that their Windows machine has problems, even if the person on the other end of the line doesn't own a Windows computer. The scammers try to be as generic and vague as possible, avoiding mention of computer brands or models or Windows versions unless the victim happens to bring them up.

By contrast, for more than three years, a persistent trickle of Dell owners have reported scam callers who seem to know precise details about the victims' individual machines, including model names and numbers, serial numbers and Dell service tags, Ars Technica reports. The callers appear to also possess the contact information provided by the Dell owners upon device purchase, including telephone numbers, email addresses and even personal names.

As in regular tech-support scams, the "technicians" claim that the users' computers are infected with malware or are otherwise vulnerable, and try to sell the computer owners expensive software to "fix" the problem. But the detailed knowledge about the PCs the scammers present makes it more likely that targets will fall for the scam.

We've reached out to Dell for comment and will update this story when we receive it.

MORE: How to Protect Yourself from Tech-Support Scams

Ars Technica cited complaints posted Dell comments sections and forums, where customers have been reporting highly personalized scam calls from as early as June 2015.

"I just got a call from 'Dell' who knew EVERYTHING about my computer, and my full name," wrote one commenter on a Dell support forum in February 2018.  This is much worse than a typical scammer."

"This guy had my phone number, email address, model number, customer number and service tag and possibly also my name," a targeted Dell user told Ars Technica, descrbing a scam attempt that took place on July 10, earlier this week.

"They identified the model number for both my Dell computers, and knew every problem that I'd ever called Dell about," detailed a personal blog posting from January 2016. "None of this information was ever posted online, so it's not available anywhere except Dell's own customer service records."

One customer wrote in a comment to Dell's own tech-support-scam page in April 2018 that a caller had their name, phone number, service tags, and express service codes. The commenter also noted that the calls began only after they called Dell's customer service. Another commenter, also in April 2018, wrote that their caller knew they'd been downloading files from Dell's website.

A Dell spokesperson told Ars Technica that "We're taking proactive measures to shut down these scammers and make our customers aware of the scam, including direct communication, a blog posting with tips on how to deal with scammers, and an alert on our Support website.

"From our work with other leaders in tech, it's clear that scams of this nature are industry-wide, and we're all taking them very seriously. Our customers can be assured that Dell will continue to work with our peers in the IT industry, as well as law enforcement, to focus on putting an end to these scammers."

It's true that tech-support-scams are an industry-wide problem, but we've never heard of another company's customers being targeted by scammers who already knew exactly what kind of machines the call recipients owned.

"At some point Dell has either had a data breach (hacked) or someone at their support center is leaking information," speculated one forum commenter in September 2017.

If you're a Dell customer who's received such calls, you can report them to Dell online or by calling 1-866-453-1742 during Eastern business hours.

We also recommend that you hang up immediately if you receive a suspicious call from someone who claims to know your personal information, and that you block that number. If you're not sure, play it safe: Dell (or any computer manufacturer) will never pressure you to reveal personal information unsolicited. 

Create a new thread in the Antivirus / Security / Privacy forum about this subject
This thread is closed for comments
1 comment
Comment from the forums
    Your comment
  • stronski76
    Is there a question here or a statement of some kind? Just a “the more you know” message? It would be nice to have some context to the point of taking two sentences from a news article and just posting it with nothing else.

    I would say before reading the article that if I possess one of any of the following than obtaining the other information is incredibly easy. A phone number, email address, actual house address, actual name, or even information about someone you’re related to. It’s free, quick, and easy to get those sorts of details. Sickeningly easy. So the people who claim the scammer has information that couldn’t possibly be known is not true at all. I’m actually more surprised there are scammers and con artists who aren’t smart enough in their own field to get easily found, basic information on people they are about to call. They have the number, you can find out so much more information than you’d ever need to make a scam succeed or fail. Even the computer information could be gathered by going through someone’s garbage. You would be surprised how much you can learn about anyone if you collected and sorted through their garbage each week. Put on latex or heavy rubber gloves and clothes you don’t care about. Get through the more disgusting garbage and you’ll find documents with a lot of info or just objects that can say things about a person. Being that it’s only Dell customers though in this case I’m inclined to not think it’s random. Unless it’s happening just as often to people with other computers but simply not being reported. Hell I could add a link (but I don’t know if that’s allowed do google it) that shows an article where a person was given 5 (or 6) DNA results from “23 and me” or one of those DNA companies. Without knowing anything else he somehow eventually was able to piece together who those belonged to. The probability of doing that randomly is zero. There’s no need to try and calculate any other number since it would take longer than the universe has existed to randomly guess that. It was done to forewarn people what entities like insurance companies could obtain about them if they willingly give this information up. It also gives a good indication of family members health risks so people who have kept their life private and haven’t told their life story on Facebook are still affected. The point is simply that finding out about people is not as hard as one would hope in the digital era. We live in an age where it’s almost impossible to start a new life because so much is permanently recorded and stored on servers. It’s only a matter of how well secure or how scrupulous the people operating those servers are. So I’ll give my take on this and maybe it addresses the OPs reasons for the post.

    My second observation is simpler. Mind you this is me personally or anecdotal evidence from people in my life but I have to think that based on this (and yes I’m a statistician/actuary so if I’m good at anything it’s probabilities and statistics) but based on my experiences the probabilities are that most if not all people experience are the same in this regard. Unless you specifically sign up for a service like identity theft protection or a house defense network system. And this simple observation is no company has ever personally called me to alert me about any defects in any products I’ve bought. Even defects that could be fatal or risk my limbs like flaws in car safety systems when they are recalled. A general recall is broadcast and a letter with an official letterhead and business information that is easily verifiable contained within it get sent out to warn people. Because it’s a lot harder to fake people with a released statement in the news and official documentation than it is to fool someone with an email or by calling them and claiming to be from “Company ABC”. So it’s incredibly disconcerting for anyone who has bought a dell computer directly from dell to know that either their network has or had been compromised (and the company kept it secret) or someone who works for Dell decided to be greedy and misuse their access to information (and dell isn’t yet aware or kept it secret). I mean support techs deal with very unspeakably crass customers and I could see an employee snapping and deciding to sell those customers information.

    But the point behind my simple observation is whenever getting an email or phone call from a “company representative” for something besides solicitation I don’t know how 20+ years of the internet being mainstream that people still don’t think to do a couple of things right from the start.

    Ask for the employees name, the company they work for, then get even trickier and ask for things like what department they work for, who is their supervisor’s name, how many employees does he/she work woth, what are their names, how did you come across my information, how would you know anything about my computer’s contents without actually accessing it, and a thousand questions that will quickly the person to sound like a fool (which I just do to make fun of them) or they will just hang up because they are scams, not very sophisticated, so rely on fairly low brow people to do the leg work and they aren’t fast on their feet (they certainly don’t prepare a lavishly detailed backstory).

    Or even easier ask for their name and number. Ask to speak with their supervisor if they won’t give either. If by some miracle the phone is paaaed on to someone else ask for the same information. Then regardless of what you are told never give out any information nor should you even say anything that would confirm any information they state is true. Even though they have your number and name if they did their homework properly, play coy about things and never actually confirm anything with them. Hang up the phone (or in the case of emails don’t download anything or hit any links). Call the company in question. Or send a letter or email to a known address for the company. And explain what happened and why you are contacting them. If at that point by some miracle it turns out not to be a scam you’ve done no damage, any defect in a product likely hasn’t ruined you in the time it took to confirm your story with the real company, and you have peace of mind knowing you weren’t scammed and your product (in this case a computer) is up to date as it can be.

    It should be noted that no company should be actively monitoring your computer usage and software simply because you purchased it from them. If you buy an antivirus software program the it monitors and scans your computer but even those services don’t keep track of every detail that happened with that computer. Those companies lkely don’t even know what computer a problem would be on since you can install something like norton on at least 5 devices. PC, MAC, iPhobe, iPad, Android, tablets, chrome books, laptops if you don’t consider them to be PCs and those are just off the top of my head. I only own a self built PC (it’s so much more fun to look through the pieces yourself and put together the best combination so each piece isn’t brought down by a bottleneck) , iPhone, and Ipad personally.

    This being said I don’t actually know what responses you were hoping for. Overall I think Dell is a fine computer company, especially for the average consumer and their computing needs. They aren’t horribly overpriced unless you try to build a true custom designed gaming computer with them. In fact the premanufactured models are really inexpensive and perform perfectly well for things like school, internet surfing, watching shows, using for whatever business someone works for, etc. I’m a statistician and could take a dell laptop from 5 years ago, install R or python on it, and have it perform complex data mining and analysis in reasonable amounts of time. Virtually instantaneous for controlled experiments or simple studies where data mining is not really an issue as it’s usually just questionnaires sent out “supposed to be sent using one of several accepted random methods if it’s repitable”.

    Which I have a pet peeve about so just a small rant not related at all to the article I read concerning the dell tech scams. It is that studies are not the same as experiments and should in most circumstances only be used to see if there’s any correlation but in no way causation. If there’s a strong correlation (which is a calculable number) then an experiment may be warranted. This is where people start complaining that coffee and eggs are good for you one week but not the next. Based on studies which dont give much valuable information and are usually funded by a company or Super PAC that wants it to statistically go their way.

    Example: I can create a 2D x/y plane graph that shows the more police in a town or city then the more crime increases as well. That’s a valid study and has a strong correlation. But adding more officers to a police department is not what causes an increase in crime. If one did additional studies or an experiment you would find the larger a city population of the more criminal activity occurs. You would also find the larger the population the larger the police force tends to be. So the best conclusion to base a real experiment of cause and effect here would be that the population size is the cause and crime, number of officers, etc are effects of that. Edit this out or keep it in. It’s just a pet peeve of mine and it’s something I think more people should keep in mind when reading or watching the news or some type of article. Before forming an opinion consider whether it is based on a study, a real experiment, or theoretical simulations on super computers (but those are usually experiments to process how a supernova works, the state of a country’s nuclear stockpile, or the likely outcome of a trade war, conventional war, pseudo conventional war, and a completely unconventional war; usually this means the use of strategic large yield nuclear weapons).