Solved

Dell Support connects and finds different threats and hacks

Posted on 2013-01-29
7
331 Views
Last Modified: 2016-11-23
Last week I installed a new computer for a client, configured for use and transferred old data.
He had trouble with sound and before he called me he went to Dell's website, found this number 888.466.7063, called it, and before you know it the technician on the other end connected to his computer, said he had a compromised audio driver, and did something to show him that he had many threats, including that 4 different countries were hacking into his system as they spoke and that if something were'nt done it would be a matter of hours, days or weeks before his whole system crashed.

He advised that they should perform a $199 service to clean everything up. At that point he ended the phone call and called me.

Turns out his speaker wire was unplugged and sound was muted.
I ran a scan with his Trend Micro antivirus and there were 4 threats discovered. They were from old emails that got imported into live mail (he came from OE) They were .zip attachments and were removed by Trend Micro.

I'm not sure what to think about this. He says he got the phone number from dell.com but I don't see it on that site anywhere and when I google the phone number it brings up all kinds of listings for what appears to be consulting companies all over the US. Maybe they partner with dell.

Has anyone had similiar experiences?
Is this something to disregard or be concerned about?
0
Comment
Question by:bwierzbicki
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 38833407
There is scam going around where you supposedly get help by calling a toll-free number.  They get you to allow remote access, fix non-existent problems, and then lock-up your computer until you send them more money.  We've had several question here about this.  Supposed AOL tech support was the source of one version.  Of course, AOL knows nothing about it.  And I think in another case, the tech support was supposed to be from Microsoft.

I tell my customers, do nothing before you call me.
0
 
LVL 12

Accepted Solution

by:
TomRScott earned 300 total points
ID: 38833469
This demonstrates multiple issues:

1. Employee Training or Discipline Shortcomings

Training and human resources policies need to be in place to avoid employees acting as described. This employee opened up his computer and the company as a whole to an intrusion.

If the appropriate training and policies are in place, then this illustrates a discipline issue. If this is the first incident of this employee it should be noted and the employee should be notified of the mistakes made and the policies broken.
If proper training and/or policies are not in place, this is your second priority!

2. Firewall Security Should be Reviewed

I recently dealt with a similar but not nearly so sever an incident.

That client site now uses their firewall to block nearly all services associated with remote assistance.

This, by no means, is a perfect solution. Further, your firewall may not have be able to do this (most corporate firewalls can).

3. Users OFTEN Give Incorrect Information

The number you were given appears to be a sham. As you note it is nowhere on any of Dell's web sites. Rather it appears on a number of sites with either peripheral connection to Dell or no connection at all except the desire to penetrate one of the most dominant market shares in the PC marketplace.

Your user most likely performed a web search for Dell Support and paid zero attention to what link or links that they followed.

Not only does this demonstrate a common problem getting accurate information from a user, it demonstrates another training issue for this user. Users need to be trained an retrained regarding their web and e-mail activities. Skepticism is an essential tool that this person may be sorely lacking. Only when your user was asked for money, did they think there might be something amiss.

Your user had already taken the bait and was just seconds of away from having the hook set by the con artist on the other end of the line.You may not from my response that most of the problem is non-technical in nature. While some technical response may be in order, it is never perfect and can even lead to a false sense of security. However, the MOST important lessons to take from this are needs for the following in order of importance:

1. Proper Management

Responsibility and accountability are the chief aspects here. However, stated responsibility and accountability without training beforehand and follow through after an incident is worse than meaningless.

2. Training

Training without proper policies is still better than policies without training. Training "common sense" is more important the the minutia that may come with policies.  Start with training common sense ("stranger danger", "look before you leap", "when in doubt...", Call IT, etc.). Note: IT is a good location for training as well. Having the appropriate technical response is paramount but so is having the appropriate intercommunications response. If users are afraid to deal with IT because they are grouchy, rude or insulting then they will do what your employee did. The same is true if they think they will get in trouble for contacting IT because they made a mistake.

3. Policies

Again, this starts with common sense policies THEN gets into the more specific technical and legal aspects.Hope This Helps,



Tom
0
 
LVL 92

Assisted Solution

by:John Hurst
John Hurst earned 100 total points
ID: 38833481
People do not think before they listen to complete strangers. I also tell my clients to call us for assistance.

Yes, this is something you should be concerned about, especially since you cannot find the number on the DELL site.

... Thinkpads_User
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:bwierzbicki
ID: 38847130
After remoting in to the client I saw that he was typing in a search bar instead of an address bar.
You were dead on Tom
When he typed dell the search bar made the suggestion "dell support". He went there and got to the website of ITechline, not dell.com/support like he told me.

From what I see there is no damage done. I can't say that ITechline is a 100% scam, but I do believe there was a bit of scare tactics going on since he had just began to use the new machine and since I found no issues on it except for some dormant zip files in old emails from years ago. Also since his sound worked fine.

The reason I say I don't think they are recently another client found someone in a similiar way, spent the $199 and was very pleased with some things that company did for him. That one was my fault, I was very busy and unable to get with him quick enough so he did the same search I'm guessing and got some assistance from someone. I'm going to check in with who he used. It was the same thing though, "you are being hacked in from **** , and you have x amount of virus, blah blah
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 100 total points
ID: 38847141
A lot of people think ITechline is a scam.  https://www.google.com/search?q=ITechline
0
 
LVL 12

Expert Comment

by:TomRScott
ID: 38847201
Sounds like your employee that got good service after being "hacked from..." is happy because he was "serviced" by a better con artist than the poster child of this discussion.

Lots of folks continue to speak glowingly about how nice and polite the con artist was even after they lost a considerable sum or their entire life savings. Good cons make you feel good while they steel from you.

Bottom line: I don't know about this specific company, but anybody that uses scare tactics to extort a couple hundred dollars is still a thief, even if the victim feels good about it.

 - Tom
0
 

Author Comment

by:bwierzbicki
ID: 38847216
Good point Tom
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now