Scammers are contacting Dell customers and are able to provide detailed information about the customers' accounts, including, in some situations, the model number of multiple computers purchased by Dell, support ticket numbers, service tags, and other information.
The first incidents surfaced in July. Dell has so far remained tight-lipped about these reports and has not provided detail to customers about how the scammers gained access to user account details.
A Dell representative told SCMagazine.com, “We have absolutely no information that these phone scams are the result of an external computer hack of Dell's systems.” When asked whether the information may have been leaked by Dell's former employees or third-party vendors, the representative declined to comment. He said the company is investigating the issue.
“Our investigation is ongoing based on the customer information that we receive,” the representative said.
These customer experiences continue following reports in November that the company shipped laptops containing a security certificate that granted hackers full access to the system, and reports that Dell PCs could expose customers' service tags.
In a blog posted last week, one customer said scammers called in November and “identified the model number for both my Dell computers, and knew every problem that I'd ever called Dell about.” The customer wrote, “Even my e-mail account is secured with ‘two-step verification.'” When the customer reached out to Dell, a support representative said, “Dell has detected hackers.”
“These phishing scams are increasingly more sophisticated and we have devoted considerable resources to address them,” the company wrote, in an email obtained by SCMagazine.com. “We continuously evaluate our internal physical and technical security measures to determine if there are additional efforts that would further ensure this customer data is secure.”
In July, a frustrated Dell customer wrote about his experience on the company forum. “Dell has an obvious security breach and has done NOTHING that I know of to inform their customers of a problem,” the user wrote. “These bad guys have Dell proprietary information (support ticket number, service tag, hardware model and configuration).”
At the time, a Dell employee responded decisively, “Dell is aware of this and other complaints and is investigating. No, there will not be a public post/blog. We consider this closed from a Forum perspective.”
Another user noted a similar experience and wrote on the forum, “Was DELL hacked?” The scammer identified the device model and referenced a technical issue that was opened six months earlier with Dell.
In August, Dell added on a page on the Customer Care forum that directed customers to a link for customer to report calls from scammers. “Protection of your data is a top priority for Dell,” the webpage noted. “Unfortunately, technology phone scams have become prevalent across our industry.”
In an October blog post, Dell's chief blogger Laura P. Thomas noted that “cybercriminals are tricky” and warned that scammers try to learn about their targets to in order gain their trust. “They may even tell you things about your computer that you think only a legitimate vendor would know,” she wrote. The post did not, however, provide any clues about how this user information may have been leaked from a legitimate vendor.
Six months later, the company has yet to deliver answers, as customers continue to wait.