Solved

Dell Support connects and finds different threats and hacks

Posted on 2013-01-29
7
326 Views
Last Modified: 2016-11-23
Last week I installed a new computer for a client, configured for use and transferred old data.
He had trouble with sound and before he called me he went to Dell's website, found this number 888.466.7063, called it, and before you know it the technician on the other end connected to his computer, said he had a compromised audio driver, and did something to show him that he had many threats, including that 4 different countries were hacking into his system as they spoke and that if something were'nt done it would be a matter of hours, days or weeks before his whole system crashed.

He advised that they should perform a $199 service to clean everything up. At that point he ended the phone call and called me.

Turns out his speaker wire was unplugged and sound was muted.
I ran a scan with his Trend Micro antivirus and there were 4 threats discovered. They were from old emails that got imported into live mail (he came from OE) They were .zip attachments and were removed by Trend Micro.

I'm not sure what to think about this. He says he got the phone number from dell.com but I don't see it on that site anywhere and when I google the phone number it brings up all kinds of listings for what appears to be consulting companies all over the US. Maybe they partner with dell.

Has anyone had similiar experiences?
Is this something to disregard or be concerned about?
0
Comment
Question by:bwierzbicki
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
There is scam going around where you supposedly get help by calling a toll-free number.  They get you to allow remote access, fix non-existent problems, and then lock-up your computer until you send them more money.  We've had several question here about this.  Supposed AOL tech support was the source of one version.  Of course, AOL knows nothing about it.  And I think in another case, the tech support was supposed to be from Microsoft.

I tell my customers, do nothing before you call me.
0
 
LVL 12

Accepted Solution

by:
TomRScott earned 300 total points
Comment Utility
This demonstrates multiple issues:

1. Employee Training or Discipline Shortcomings

Training and human resources policies need to be in place to avoid employees acting as described. This employee opened up his computer and the company as a whole to an intrusion.

If the appropriate training and policies are in place, then this illustrates a discipline issue. If this is the first incident of this employee it should be noted and the employee should be notified of the mistakes made and the policies broken.
If proper training and/or policies are not in place, this is your second priority!

2. Firewall Security Should be Reviewed

I recently dealt with a similar but not nearly so sever an incident.

That client site now uses their firewall to block nearly all services associated with remote assistance.

This, by no means, is a perfect solution. Further, your firewall may not have be able to do this (most corporate firewalls can).

3. Users OFTEN Give Incorrect Information

The number you were given appears to be a sham. As you note it is nowhere on any of Dell's web sites. Rather it appears on a number of sites with either peripheral connection to Dell or no connection at all except the desire to penetrate one of the most dominant market shares in the PC marketplace.

Your user most likely performed a web search for Dell Support and paid zero attention to what link or links that they followed.

Not only does this demonstrate a common problem getting accurate information from a user, it demonstrates another training issue for this user. Users need to be trained an retrained regarding their web and e-mail activities. Skepticism is an essential tool that this person may be sorely lacking. Only when your user was asked for money, did they think there might be something amiss.

Your user had already taken the bait and was just seconds of away from having the hook set by the con artist on the other end of the line.You may not from my response that most of the problem is non-technical in nature. While some technical response may be in order, it is never perfect and can even lead to a false sense of security. However, the MOST important lessons to take from this are needs for the following in order of importance:

1. Proper Management

Responsibility and accountability are the chief aspects here. However, stated responsibility and accountability without training beforehand and follow through after an incident is worse than meaningless.

2. Training

Training without proper policies is still better than policies without training. Training "common sense" is more important the the minutia that may come with policies.  Start with training common sense ("stranger danger", "look before you leap", "when in doubt...", Call IT, etc.). Note: IT is a good location for training as well. Having the appropriate technical response is paramount but so is having the appropriate intercommunications response. If users are afraid to deal with IT because they are grouchy, rude or insulting then they will do what your employee did. The same is true if they think they will get in trouble for contacting IT because they made a mistake.

3. Policies

Again, this starts with common sense policies THEN gets into the more specific technical and legal aspects.Hope This Helps,



Tom
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 100 total points
Comment Utility
People do not think before they listen to complete strangers. I also tell my clients to call us for assistance.

Yes, this is something you should be concerned about, especially since you cannot find the number on the DELL site.

... Thinkpads_User
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:bwierzbicki
Comment Utility
After remoting in to the client I saw that he was typing in a search bar instead of an address bar.
You were dead on Tom
When he typed dell the search bar made the suggestion "dell support". He went there and got to the website of ITechline, not dell.com/support like he told me.

From what I see there is no damage done. I can't say that ITechline is a 100% scam, but I do believe there was a bit of scare tactics going on since he had just began to use the new machine and since I found no issues on it except for some dormant zip files in old emails from years ago. Also since his sound worked fine.

The reason I say I don't think they are recently another client found someone in a similiar way, spent the $199 and was very pleased with some things that company did for him. That one was my fault, I was very busy and unable to get with him quick enough so he did the same search I'm guessing and got some assistance from someone. I'm going to check in with who he used. It was the same thing though, "you are being hacked in from **** , and you have x amount of virus, blah blah
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 100 total points
Comment Utility
A lot of people think ITechline is a scam.  https://www.google.com/search?q=ITechline
0
 
LVL 12

Expert Comment

by:TomRScott
Comment Utility
Sounds like your employee that got good service after being "hacked from..." is happy because he was "serviced" by a better con artist than the poster child of this discussion.

Lots of folks continue to speak glowingly about how nice and polite the con artist was even after they lost a considerable sum or their entire life savings. Good cons make you feel good while they steel from you.

Bottom line: I don't know about this specific company, but anybody that uses scare tactics to extort a couple hundred dollars is still a thief, even if the victim feels good about it.

 - Tom
0
 

Author Comment

by:bwierzbicki
Comment Utility
Good point Tom
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

The month of August was another action packed month for hackers and a security nightmare for many retailers and restaurant establishments. Some of the more notable data breach victims this past month included supermarket giants SUPERVALU and Alberts…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now