CyberheistNews Vol 6 #3 Scam Of The Week: Dell Tech Support Service Tag Hack

This is a real one. A number of people using Dell PCs have been contacted by scammers claiming to be Dell Tech Support who actually had specific data that only Dell could have had. We're talking the customer service tag number, a support number printed on a sticker on every Dell computer. I have used Dell machines for 20 years and am very familiar with that sticker.

CyberHeist News CyberheistNews Vol #6 #03 Jan 19, 2016
Scam Of The Week: Dell Tech
Support Service Tag Hack
Stu Sjouwerman

This is a real one. A number of people using Dell PCs have been contacted by scammers claiming to be Dell Tech Support who actually had specific data that only Dell could have had. We're talking the customer service tag number, a support number printed on a sticker on every Dell computer. I have used Dell machines for 20 years and am very familiar with that sticker.

This is a variant on the Microsoft tech support scam where they call PC users and claim they have detected a problem with the person's computer and need to fix it. End-users gullible enough to give access to their workstations (usually via remote software), are billed hundreds of dollars on their credit card but the scammers of course don't fix anything — and in some cases their PCs are infected with ransomware until they pay up.

Last week, there was a story in Ars Technica where a man said he called Dell about a problem with his optical drive, and soon after he got a call from a scammer who knew about his specific problem and had his service tag number and other customer information.

In October the company posted a warning about this type of telephone scam on its website, but it doesn't mention a service tag number hack. Dell does not seem to know what exactly is going on and is investigating. To me it seems that one or more of their servers have been compromised and support data has been exfiltrated and used by scammers. Dell needs to fix the leak.

In the meantime I suggest you send this to your employees, friends and family:

"There is a new tech support scam doing the rounds. This time it is cyber criminals with foreign accents calling you, claiming they are from Dell and they even have the correct service tag of your Dell PC. They will try to manipulate you into giving them access to your computer so that they can "fix the problem" and charge your credit card or worse, infect your computer with ransomware.

"If you get called by unknown people claiming to be tech support (any company) and need to get access to your computer, hang up the phone immediately and delete any email they might send you with similar claims.

"ONLY give out personal information if you have initiated the call and properly looked up the main company number yourself on the company’s main website you want to reach. Do not rely on a popup, advertisement, or general web search on another website or forum unless you can verify it is a valid source and verify it is a valid phone number for that company."

Train Your Users To Beat Phone Scams

"'Press 1 to hand us the family jewels' works more often than you might think. A little training can stop this sort of social engineering."

That was the first line of an excellent InfoWorld article by IT Security Guru Roger Grimes. He started out with: "As I landed in Dallas returning from my recent visit to China, I picked up my cellphone voicemails. One of them was from my bank, telling me my personal debit card was frozen and would have to be unlocked.

I knew I should’ve let my bank and credit card companies know I was traveling, but I hadn’t, mostly because I use a dedicated business card when traveling overseas on business. Still, I wondered why this particular credit card was locked. Not only had I not used it on the trip, I hadn’t used it in more than a year, and I have multiple credit card security monitoring services that inform me about unusual activity."

I suggest you read the rest of his story, how he almost fell victim to this scam and what you can do to prevent it:

Ransomware A Threat To Cloud Services, Too

Think your users don't need security awareness training because all of your files are in the cloud? Think again. Investigative Reporter Brian Krebs has a blog post that proves it can easily happen. He started with:

"Ransomware — malicious software that encrypts the victim’s files and holds them hostage unless and until the victim pays a ransom in Bitcoin — has emerged as a potent and increasingly common threat online. But many Internet users are unaware that ransomware also can just as easily seize control over files stored on cloud services.

Toni Casala found this out the hard way. Casala’s firm — Children in Film — works as an advocate for young actors and their families. The company’s entire operations run off of application hosting services at a managed cloud solutions firm in California, from QuickBooks to Microsoft Office and Outlook. Employees use Citrix to connect to the cloud, and the hosting firm’s application maps the cloud drive as a local disk on the user’s hard drive.

“We were loving that situation,” Casala said. “We can keep the computers here at work empty, and the service is very inexpensive when you compare it the cost of having more IT people on staff. Also, when we need support, they are very responsive. We don’t get farmed out to some call center in India.”

They were loving it, that is, until just before New Year’s Eve, when an employee opened an email attachment that appeared to be an invoice. Thirty minutes later, nobody in Casala’s firm could access any of the company’s 4,000+ files stored on the cloud drive." Read how much time it took to get back online, yikes:

Regarding Ransomware, the police probably can’t help you. This is an article in Fortune Magazine that I was interviewed for. Good ammo to send to management. Short and understandable:

Give Your Employees A Safe Way To Report Phishing Attacks - Complimentary.

Do your users know what to do when they receive a suspicious email?

Should they call the help desk, or forward it? Should they forward to IT including all headers? Delete and not report it, forfeiting a possible early warning?

KnowBe4’s new Phish Alert button for Outlook gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click!

  • Reinforces your organization's security culture
  • Incident Response gets early phishing alerts from users,
    creating a network of “sensors”
  • Email is deleted from the user's inbox to prevent future exposure
  • Easy deployment via MSI file
  • Supports Outlook 2007, 2010, 2013, 2016 & Outlook for Office 365

Here is where you download your Complimentary Phish Alert Button. This is a great way to better manage the problem of social engineering. Compliments of KnowBe4!

Warm Regards,
Stu Sjouwerman

Quotes Of The Week

"Great spirits have always encountered violent opposition from mediocre minds."
- Albert Einstein - Physicist (1879 - 1955)

"A certain amount of opposition is a great help to a man. Kites rise against, not with, the wind."- Lewis Mumford (1895 - 1990)

Thanks for reading CyberheistNews

Security News
Survey Says: IT Pros Need Security Reinforcements!

Spiceworks ran a survey, polling hundreds of system administrators about their biggest headaches:

"According to a recent Spiceworks survey, IT pros are hopeful 2016 will be the year they land some major blows against an ever-increasing onslaught of security threats. As we pored over all of the juicy details in our recent report, Battling The Big Hack, we wondered… how can tech brands help beat the breaches?

"In a nutshell, IT pros reported they are well aware of a wide variety of security risks, they’re taking them seriously, and they’re continuing to put the onus on themselves to protect the home front. But with few organizations planning to increase investments in security solutions, and in a time when the opposing army of independent hackers and rogue employees is constantly creating newer and scarier threats, it’s going to be challenging for IT Pros to fight on the front lines without reinforcements.

Here are four ideas for how tech brands can join IT Pros
in battle as allied forces.

#1) Help train the troops (and civilians): Create engaging training for end-users that inspires them to stand up and fight alongside the IT pro.

"Limited end-user knowledge and end-user resistance are the two biggest challenges IT pros face in keeping their networks secure. In fact, IT pros are even more concerned about threats from rogue employees than they are about organized crime. As such, the most common battle plan organizations adopt is to educate end-users and enforce end-user policies."

Find out what the other three are here:

Russian Hackers Shut Down Ukrainian Power Company

The SANS Internet Storm Center said: "The attack against systems at Ukrainian power companies comprised "multiple elements," according to a blog post from SANS Industrial Control Systems (ICS) director Michael Assante. "The attackers demonstrated planning, coordination, and the ability to use malware and possible direct remote access to blind system dispatchers," hindering system restoration. More here:

Checked Into The Hyatt late 2015? Hackers Were, Too

If you stayed, ate or played at a Hyatt hotel between Aug. 13 and Dec. 8, 2015, there's a good chance your credit or debit card data was stolen by unknown cyber thieves who infiltrated many of the hotel chain's payment systems. Its its first disclosure about the scope of a breach acknowledged last month, Hyatt Hotels Corp. says the intrusion likely affected guests at 250 hotels in roughly 50 countries. More at:

This story was also covered in the Wall Street Journal, but is behind a paywall:

Panel Video On Spearphishing With Kevin Mitnick

Don’t miss this video: a top notch briefing on spear phishing with celebrated cybersecurity guru Kevin Mitnick and other experts. Learn how hackers are getting into companies and what your company can do to defend against these attacks. This is a 24 minute video - great for a lunch break:

Cyberheist 'FAVE' LINKS:
This Week's Links We Like, Tips, Hints And Fun Stuff

Subscribe To Our Blog

Weak Password Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews