DELL WON’T TELL IF IT’S BEEN HACKED
Dell is refusing to say whether it was hacked, despite an ongoing scam that appears to rely on data only the PC company would hold.
The scam is e ectively a technical support call racket, where criminals phone customers posing as Dell representatives. Whereas the common Microsoft scam is speculative, the fake Dell sta er is equipped with enough personal details to make it convincing.
“I am so getting tired of scammers calling me saying they are from Dell and want to look at some alerts on my PC,” reads a typical tweet from Charles Waddell. “Dell what are you doing about my data that was stolen from you?”
Call recipients claim the scammer know their PC serial numbers as well as the names, phone numbers and email addresses given at the time of purchase.
The access to such details suggests a security breach, but Dell has steadfastly refused to admit any problem and in a statement continues to claim that the scam is industry-wide.
“We’re aware that some scammers claiming to work for Dell have contacted our customers using basic information about their Dell service history. Being aware of the issue, we’re taking proactive measures to shut down these scammers and make our customers aware of the scam,” the company said.
The issue dates back to at least 2016, but security experts speculate Dell could have an ongoing problem. “If it’s not a hack in the traditional sense, it may have been an ‘inside job’ by someone who had access to the information,” said Graham Cluley, an independent security expert.
“For instance, sta at a call centre may have access to sensitive information. Other possibilities include data being stored in an unsecured cloud bucket.”
Cluley said that the company should come clean if it has been specifically targeted. “It doesn’t matter if a company has been hacked or not,” said Cluley. “What matters is if customer data may have been breached, they deserve to know if there is a chance that their details may be in the hands of criminals.”
Dell says that the scam is industrywide – not a specific attack