Dell Support connects and finds different threats and hacks

Last week I installed a new computer for a client, configured for use and transferred old data.
He had trouble with sound and before he called me he went to Dell's website, found this number 888.466.7063, called it, and before you know it the technician on the other end connected to his computer, said he had a compromised audio driver, and did something to show him that he had many threats, including that 4 different countries were hacking into his system as they spoke and that if something were'nt done it would be a matter of hours, days or weeks before his whole system crashed.

He advised that they should perform a $199 service to clean everything up. At that point he ended the phone call and called me.

Turns out his speaker wire was unplugged and sound was muted.
I ran a scan with his Trend Micro antivirus and there were 4 threats discovered. They were from old emails that got imported into live mail (he came from OE) They were .zip attachments and were removed by Trend Micro.

I'm not sure what to think about this. He says he got the phone number from dell.com but I don't see it on that site anywhere and when I google the phone number it brings up all kinds of listings for what appears to be consulting companies all over the US. Maybe they partner with dell.

Has anyone had similiar experiences?
Is this something to disregard or be concerned about?
bwierzbickiAsked:
Who is Participating?
 
TomRScottConnect With a Mentor Commented:
This demonstrates multiple issues:

1. Employee Training or Discipline Shortcomings

Training and human resources policies need to be in place to avoid employees acting as described. This employee opened up his computer and the company as a whole to an intrusion.

If the appropriate training and policies are in place, then this illustrates a discipline issue. If this is the first incident of this employee it should be noted and the employee should be notified of the mistakes made and the policies broken.
If proper training and/or policies are not in place, this is your second priority!

2. Firewall Security Should be Reviewed

I recently dealt with a similar but not nearly so sever an incident.

That client site now uses their firewall to block nearly all services associated with remote assistance.

This, by no means, is a perfect solution. Further, your firewall may not have be able to do this (most corporate firewalls can).

3. Users OFTEN Give Incorrect Information

The number you were given appears to be a sham. As you note it is nowhere on any of Dell's web sites. Rather it appears on a number of sites with either peripheral connection to Dell or no connection at all except the desire to penetrate one of the most dominant market shares in the PC marketplace.

Your user most likely performed a web search for Dell Support and paid zero attention to what link or links that they followed.

Not only does this demonstrate a common problem getting accurate information from a user, it demonstrates another training issue for this user. Users need to be trained an retrained regarding their web and e-mail activities. Skepticism is an essential tool that this person may be sorely lacking. Only when your user was asked for money, did they think there might be something amiss.

Your user had already taken the bait and was just seconds of away from having the hook set by the con artist on the other end of the line.You may not from my response that most of the problem is non-technical in nature. While some technical response may be in order, it is never perfect and can even lead to a false sense of security. However, the MOST important lessons to take from this are needs for the following in order of importance:

1. Proper Management

Responsibility and accountability are the chief aspects here. However, stated responsibility and accountability without training beforehand and follow through after an incident is worse than meaningless.

2. Training

Training without proper policies is still better than policies without training. Training "common sense" is more important the the minutia that may come with policies.  Start with training common sense ("stranger danger", "look before you leap", "when in doubt...", Call IT, etc.). Note: IT is a good location for training as well. Having the appropriate technical response is paramount but so is having the appropriate intercommunications response. If users are afraid to deal with IT because they are grouchy, rude or insulting then they will do what your employee did. The same is true if they think they will get in trouble for contacting IT because they made a mistake.

3. Policies

Again, this starts with common sense policies THEN gets into the more specific technical and legal aspects.Hope This Helps,



Tom
0
 
Dave BaldwinFixer of ProblemsCommented:
There is scam going around where you supposedly get help by calling a toll-free number.  They get you to allow remote access, fix non-existent problems, and then lock-up your computer until you send them more money.  We've had several question here about this.  Supposed AOL tech support was the source of one version.  Of course, AOL knows nothing about it.  And I think in another case, the tech support was supposed to be from Microsoft.

I tell my customers, do nothing before you call me.
0
 
JohnConnect With a Mentor Business Consultant (Owner)Commented:
People do not think before they listen to complete strangers. I also tell my clients to call us for assistance.

Yes, this is something you should be concerned about, especially since you cannot find the number on the DELL site.

... Thinkpads_User
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
bwierzbickiAuthor Commented:
After remoting in to the client I saw that he was typing in a search bar instead of an address bar.
You were dead on Tom
When he typed dell the search bar made the suggestion "dell support". He went there and got to the website of ITechline, not dell.com/support like he told me.

From what I see there is no damage done. I can't say that ITechline is a 100% scam, but I do believe there was a bit of scare tactics going on since he had just began to use the new machine and since I found no issues on it except for some dormant zip files in old emails from years ago. Also since his sound worked fine.

The reason I say I don't think they are recently another client found someone in a similiar way, spent the $199 and was very pleased with some things that company did for him. That one was my fault, I was very busy and unable to get with him quick enough so he did the same search I'm guessing and got some assistance from someone. I'm going to check in with who he used. It was the same thing though, "you are being hacked in from **** , and you have x amount of virus, blah blah
0
 
Dave BaldwinConnect With a Mentor Fixer of ProblemsCommented:
A lot of people think ITechline is a scam.  https://www.google.com/search?q=ITechline
0
 
TomRScottCommented:
Sounds like your employee that got good service after being "hacked from..." is happy because he was "serviced" by a better con artist than the poster child of this discussion.

Lots of folks continue to speak glowingly about how nice and polite the con artist was even after they lost a considerable sum or their entire life savings. Good cons make you feel good while they steel from you.

Bottom line: I don't know about this specific company, but anybody that uses scare tactics to extort a couple hundred dollars is still a thief, even if the victim feels good about it.

 - Tom
0
 
bwierzbickiAuthor Commented:
Good point Tom
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.