techbeck Posted February 15, 2018 Share Posted February 15, 2018 (edited) 3 hours ago, Howard Davis said: I got a call from Dell. I traced the source phone number and found it really was them by calling it; they were even able to tell me when I bought my computer, the ID number, etc. - so it is genuine. They cleaned out the worm and fixed or installed security software (theirs; not McAfee). My computer now has never run faster or better. I think they may have installed beta security software, as the guy I deal with at Dell calls about once a week to check it by linking to my computer. I keep no financial or otherwise sensitive information usable to hackers on my computer; only on removable USB memory. Ummm, did you log a call with them and they called you back? Because Dell would not just call you out of the blue. And scammers know a lot of info about people. Tried to order 80k worth of equipment from a supplier at work. PO looked legit and they used employees names, phone numbers, and addresses. You can literally type in any service tag on Dell's site and get the warranty/order info. And service tags are not hard to figure out. A lot of time, you just need one service tag number and another can just be one character different. goretsky 1 Share Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted February 16, 2018 MVC Share Posted February 16, 2018 The reason the computer probably ran so fast after is because they removed Mcafee!! LOL DConnell 1 Share Link to comment Share on other sites More sharing options...
DConnell Member Posted February 16, 2018 Member Share Posted February 16, 2018 14 hours ago, nekrosoft13 said: its called common sense You'd be amazed at how many people for whom that seems to shut off when they sit in front of a computer. Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted February 16, 2018 MVC Share Posted February 16, 2018 21 minutes ago, DConnell said: You'd be amazed at how many people for whom that seems to shut off when they sit in front of a computer. To be fair, take an unsophisticated user and put scary writing in front of them. "Don't turn off your computer, or you will lose everything" "Your computer has been infected" ... I don't blame them for freaking out. DConnell 1 Share Link to comment Share on other sites More sharing options...
DConnell Member Posted February 16, 2018 Member Share Posted February 16, 2018 1 minute ago, warwagon said: To be fair, take an unsophisticated user and put scary writing in front of them. "Don't turn off your computer, or you will lose everything" "Your computer has been infected" ... I don't blame them for freaking out. That's reasonable, actually. Of course the users I support (at work and on my own time) generally know to call me for stuff like that. But too many will just do a Google search for the program they want and click the first link without checking if it's legit. That's what I'm talking about. That's what directing people to the Store, and encouraging developers to put their software in the Store, would cut down on. Link to comment Share on other sites More sharing options...
Howard Davis Posted March 5, 2018 Author Share Posted March 5, 2018 (edited) It turns out I WAS scammed! Here is a copy of text from a report I filed today with the FBI. I also filed with the FTC last week, but without the information below implicating DELL employees as behind this scam: I was initially contacted on Feb 5, 2018 by a “Steve Thomas” from 877-790-3355, which checked out to be the number for Dell Support. He told me the identifying and technical information for my computer, service tag number, etc. and convinced me the call was genuine. He told me they had detected that my computer had corrupted security files and spyware, specifically the KOOBFACE worm, and that data had been stolen from it. He proceeded to connect remotely to my computer to fix the issue, and eventually appeared to succeed in doing so, but told me I must pay $120 by purchasing an itunes gift card at a local store and sending him the card number to redeem it. I did this at Walgreens on 2/6/18; I have the purchase receipt and the gift card itself as proof. I was then told by “Steve” that Microsoft/Dell could not accept the $120 card – though they had the information to redeem it, and I found out later that they did. I went to Walgreens, and they would not allow a cancellation and refund of the $120 to my bank account. “Steve” then told me he would contact itunes and get me the $120 refund. I never received it. Steve then told me that itunes would only refund a sum of $200 or more, and that I should get another $100 itunes gift card and send him the redemption information. He assured me he would then have the full total of $220 refunded to my bank account by itunes. I bought this $100 card at Rite-Aid on 2/7/18 and forwarded the information to Steve. I have the purchase receipt and the gift card as proof. So far I was out $220. “Steve” then told me the full $220 refund was in the works, and when I emailed itunes to check, they confirmed it was in process. Itunes however never issued any refund. Meanwhile, “Steve” told me that as I would be getting a refund of the full $220 already submitted, his company would still have to be paid $100 (he allowed a $20 cost reduction for my trouble) for restoring my computer. I bought another card for $100 on Amazon.com, and when I sent him the information to redeem it, it very quickly thereafter came up as having been redeemed. He claimed NOT to have redeemed it, but that it was done by a third party using spyware! I have a copy of the email proving this $100 purchase. Amazon of course would not refund the $100 and told me I must dispute this through my bank. All three purchases were done on my Bank VISA card, and at no time was my account or card number information given to “Steve.” It was not in my computer either, so these criminals do not have this banking information. These purchases appear on my bank account statement dated 2/10/18. Of course I never heard back from “Steve.” I have thus been defrauded out a total of $320. I HAVE STRONG EVIDENCE THAT THIS CYBERCRIME AND OTHERS LIKE IT ARE BEING PERPETRATED BY EMPLOYEES OF DELL COMPUTER CO. LOCATED OUTSIDE OF THE USA. * The scam caller ("Steve Thomas") contacted me from the Dell Support service number, 877-790-3355. I was given this number by him, and tracing it using *69 verified it as the source of his call. * If you call this number, the people there speak with the same foreign accent as did "Steve." The background noise heard is the same as I heard every time he called me. * He gave me specific information (my computer service tag number, etc.) that convinced me the call was genuine. Only Dell has this information, and to my knowledge has reported no data breach. Failing to report such a breach is at the very least CRIMINAL NEGLIGENCE that enables the cybercriminals. Employees of course have easy access to such information. * Some improvements in my computer's performance were achieved, but upon later scanning with Malwarebytes I found and quarantined many malware/spyware files probably placed by "Steve." If desired, I can send you the specifics of these files. * "Steve" was no novice; he demonstrated a level of expertise and training that is required of such computer support service personnel. * These personnel are paid relatively little by their employer, though highly skilled. They are located outside of the USA, so have considerable immunity from American law and enforcement. They are in a position to easily run this high-profit scam using Dell's facilities and customer data. Edited March 5, 2018 by Howard Davis updating Link to comment Share on other sites More sharing options...
fintechfooty Posted March 5, 2018 Share Posted March 5, 2018 40 minutes ago, Howard Davis said: It turns out I WAS scammed! Here is a copy of text from a report I filed today with the FBI. I also filed with the FTC last week, but without the information below implicating DELL employees as behind this scam: I was initially contacted on Feb 5, 2018 by a “Steve Thomas” from 877-790-3355, which checked out to be the number for Dell Support. He told me the identifying and technical information for my computer, service tag number, etc. and convinced me the call was genuine. He told me they had detected that my computer had corrupted security files and spyware, specifically the KOOBFACE worm, and that data had been stolen from it. He proceeded to connect remotely to my computer to fix the issue, and eventually appeared to succeed in doing so, but told me I must pay $120 by purchasing an itunes gift card at a local store and sending him the card number to redeem it. I did this at Walgreens on 2/6/18; I have the purchase receipt and the gift card itself as proof. I was then told by “Steve” that Microsoft/Dell could not accept the $120 card – though they had the information to redeem it, and I found out later that they did. I went to Walgreens, and they would not allow a cancellation and refund of the $120 to my bank account. “Steve” then told me he would contact itunes and get me the $120 refund. I never received it. Steve then told me that itunes would only refund a sum of $200 or more, and that I should get another $100 itunes gift card and send him the redemption information. He assured me he would then have the full total of $220 refunded to my bank account by itunes. I bought this $100 card at Rite-Aid on 2/7/18 and forwarded the information to Steve. I have the purchase receipt and the gift card as proof. So far I was out $220. “Steve” then told me the full $220 refund was in the works, and when I emailed itunes to check, they confirmed it was in process. Itunes however never issued any refund. Meanwhile, “Steve” told me that as I would be getting a refund of the full $220 already submitted, his company would still have to be paid $100 (he allowed a $20 cost reduction for my trouble) for restoring my computer. I bought another card for $100 on Amazon.com, and when I sent him the information to redeem it, it very quickly thereafter came up as having been redeemed. He claimed NOT to have redeemed it, but that it was done by a third party using spyware! I have a copy of the email proving this $100 purchase. Amazon of course would not refund the $100 and told me I must dispute this through my bank. All three purchases were done on my Bank VISA card, and at no time was my account or card number information given to “Steve.” It was not in my computer either, so these criminals do not have this banking information. These purchases appear on my bank account statement dated 2/10/18. Of course I never heard back from “Steve.” I have thus been defrauded out a total of $320. I HAVE STRONG EVIDENCE THAT THIS CYBERCRIME AND OTHERS LIKE IT ARE BEING PERPETRATED BY EMPLOYEES OF DELL COMPUTER CO. LOCATED OUTSIDE OF THE USA. * The scam caller ("Steve Thomas") contacted me from the Dell Support service number, 877-790-3355. I was given this number by him, and tracing it using *69 verified it as the source of his call. * If you call this number, the people there speak with the same foreign accent as did "Steve." The background noise heard is the same as I heard every time he called me. * He gave me specific information (my computer service tag number, etc.) that convinced me the call was genuine. Only Dell has this information, and to my knowledge has reported no data breach. Failing to report such a breach is at the very least CRIMINAL NEGLIGENCE that enables the cybercriminals. Employees of course have easy access to such information. * Some improvements in my computer's performance were achieved, but upon later scanning with Malwarebytes I found and quarantined many malware/spyware files probably placed by "Steve." If desired, I can send you the specifics of these files. * "Steve" was no novice; he demonstrated a level of expertise and training that is required of such computer support service personnel. * These personnel are paid relatively little by their employer, though highly skilled. They are located outside of the USA, so have considerable immunity from American law and enforcement. They are in a position to easily run this high-profit scam using Dell's facilities and customer data. Okay before all the Tech guys get in here, I really feel for you, and I'm sorry for all this ###### you've been through. Hopefully this will be a lesson learned, albiet a difficult one. Your lucky you didn't have any super private or humiliating things on there. All good though, we live and we learn. Link to comment Share on other sites More sharing options...
goretsky Supervisor Posted March 5, 2018 Supervisor Share Posted March 5, 2018 Hello, I was wondering how this played out. Thanks for the update. I've always speculated that Dell must have outsourced support to a company involved in the scam, or that there was a data breach somewhere, but have never heard anything to confirm these types of scenarios. Regards, Aryeh Goretsky Link to comment Share on other sites More sharing options...
Jim K Global Moderator Posted March 5, 2018 Global Moderator Share Posted March 5, 2018 1 hour ago, goretsky said: Hello, I was wondering how this played out. Thanks for the update. I've always speculated that Dell must have outsourced support to a company involved in the scam, or that there was a data breach somewhere, but have never heard anything to confirm these types of scenarios. Regards, Aryeh Goretsky Well ... I might be misreading your post. -However, 87*-790-3355 is not a Dell Support number ... a quick Google search will indicate that it's a scammer. The caller ID or whatever may be spoofed to show it is from Dell ... it is not Dell or any of their support numbers (3rd party or otherwise). -Dell did post a blog in 2016 about the rising tech support scams which involved specific details (to include service tags). People on the Dell forums have also stated they've been contacted by "Dell Support" with specific information (like service tags, owners name, etc.) I'm not sure how transparent they have been about how scammers have gotten a hold of such information (did they have a data breach, did they have rogue employees, etc?). However, the big STOP in this particular situation (as it is with most scammers) should have been ... iTunes gift cards. I just do not understand how victims, when asked to provide an iTunes gift card as payment, think "yea, that sounds legit". Truly baffles me (please, no offense to the OP). Live and learn I guess ... +E.Worm Jimmy, DConnell, jasondefaoite and 5 others 8 Share Link to comment Share on other sites More sharing options...
Shiranui Posted March 5, 2018 Share Posted March 5, 2018 2 hours ago, goretsky said: Hello, Regards, Aryeh Goretsky I would have liked to have seen you as Bartholomew. goretsky, CrashG and +E.Worm Jimmy 3 Share Link to comment Share on other sites More sharing options...
CrashG Posted March 5, 2018 Share Posted March 5, 2018 It wasn't Dell that called you. That number has been listed as scammers for quite some time. https://800notes.com/Phone.aspx/1-877-790-3355 Link to comment Share on other sites More sharing options...
Howard Davis Posted March 5, 2018 Author Share Posted March 5, 2018 18 hours ago, goretsky said: Hello, I was wondering how this played out. Thanks for the update. I've always speculated that Dell must have outsourced support to a company involved in the scam, or that there was a data breach somewhere, but have never heard anything to confirm these types of scenarios. Regards, Aryeh Goretsky I have presented strong evidence that Dell support personnel are involved here - they have easy access to customer information. If this was hacked from Dell, Dell should have put out a statement to that effect. Their support personnel are paid relatively little though highly skilled. They are located outside of the USA, so have considerable immunity from American law and enforcement. They are in a position to easily run this high-profit scam using Dell's facilities and customer data, and thus I consider Dell culpable. 18 hours ago, goretsky said: goretsky 1 Share Link to comment Share on other sites More sharing options...
nekrosoft13 Posted March 6, 2018 Share Posted March 6, 2018 On 3/4/2018 at 8:08 PM, Howard Davis said: It turns out I WAS scammed! Here is a copy of text from a report I filed today with the FBI. I also filed with the FTC last week, but without the information below implicating DELL employees as behind this scam: I was initially contacted on Feb 5, 2018 by a “Steve Thomas” from 877-790-3355, which checked out to be the number for Dell Support. He told me the identifying and technical information for my computer, service tag number, etc. and convinced me the call was genuine. He told me they had detected that my computer had corrupted security files and spyware, specifically the KOOBFACE worm, and that data had been stolen from it. He proceeded to connect remotely to my computer to fix the issue, and eventually appeared to succeed in doing so, but told me I must pay $120 by purchasing an itunes gift card at a local store and sending him the card number to redeem it. I did this at Walgreens on 2/6/18; I have the purchase receipt and the gift card itself as proof. I was then told by “Steve” that Microsoft/Dell could not accept the $120 card – though they had the information to redeem it, and I found out later that they did. I went to Walgreens, and they would not allow a cancellation and refund of the $120 to my bank account. “Steve” then told me he would contact itunes and get me the $120 refund. I never received it. Steve then told me that itunes would only refund a sum of $200 or more, and that I should get another $100 itunes gift card and send him the redemption information. He assured me he would then have the full total of $220 refunded to my bank account by itunes. I bought this $100 card at Rite-Aid on 2/7/18 and forwarded the information to Steve. I have the purchase receipt and the gift card as proof. So far I was out $220. “Steve” then told me the full $220 refund was in the works, and when I emailed itunes to check, they confirmed it was in process. Itunes however never issued any refund. Meanwhile, “Steve” told me that as I would be getting a refund of the full $220 already submitted, his company would still have to be paid $100 (he allowed a $20 cost reduction for my trouble) for restoring my computer. I bought another card for $100 on Amazon.com, and when I sent him the information to redeem it, it very quickly thereafter came up as having been redeemed. He claimed NOT to have redeemed it, but that it was done by a third party using spyware! I have a copy of the email proving this $100 purchase. Amazon of course would not refund the $100 and told me I must dispute this through my bank. All three purchases were done on my Bank VISA card, and at no time was my account or card number information given to “Steve.” It was not in my computer either, so these criminals do not have this banking information. These purchases appear on my bank account statement dated 2/10/18. Of course I never heard back from “Steve.” I have thus been defrauded out a total of $320. I HAVE STRONG EVIDENCE THAT THIS CYBERCRIME AND OTHERS LIKE IT ARE BEING PERPETRATED BY EMPLOYEES OF DELL COMPUTER CO. LOCATED OUTSIDE OF THE USA. * The scam caller ("Steve Thomas") contacted me from the Dell Support service number, 877-790-3355. I was given this number by him, and tracing it using *69 verified it as the source of his call. * If you call this number, the people there speak with the same foreign accent as did "Steve." The background noise heard is the same as I heard every time he called me. * He gave me specific information (my computer service tag number, etc.) that convinced me the call was genuine. Only Dell has this information, and to my knowledge has reported no data breach. Failing to report such a breach is at the very least CRIMINAL NEGLIGENCE that enables the cybercriminals. Employees of course have easy access to such information. * Some improvements in my computer's performance were achieved, but upon later scanning with Malwarebytes I found and quarantined many malware/spyware files probably placed by "Steve." If desired, I can send you the specifics of these files. * "Steve" was no novice; he demonstrated a level of expertise and training that is required of such computer support service personnel. * These personnel are paid relatively little by their employer, though highly skilled. They are located outside of the USA, so have considerable immunity from American law and enforcement. They are in a position to easily run this high-profit scam using Dell's facilities and customer data. i'm completely speechless.... i can't believe anyone would fall for that... DConnell and +E.Worm Jimmy 2 Share Link to comment Share on other sites More sharing options...
Shiranui Posted March 6, 2018 Share Posted March 6, 2018 On 2018/3/5 at 11:08 AM, Howard Davis said: [He] told me I must pay $120 by purchasing an itunes gift card at a local store and sending him the card number to redeem it. And at no point did this trigger alarm bells? DConnell 1 Share Link to comment Share on other sites More sharing options...
goretsky Supervisor Posted March 6, 2018 Supervisor Share Posted March 6, 2018 Hello, Here is one video of me, and here is another of me discussing IT security in real life. Best I can offer. Sorry if the production values aren't up to the same standards as that other video. Regards, Aryeh Goretsky On 3/4/2018 at 9:39 PM, Shiranui said: I would have liked to have seen you as Bartholomew. Shiranui and PatC 2 Share Link to comment Share on other sites More sharing options...
Ve7878 Posted March 6, 2018 Share Posted March 6, 2018 So after slating both McAfee & Dell - Nothing to do with either. Being duped into a very obvious scam (iTunes Vouchers) you still seem to come across as if you think that this is really Dell. DConnell 1 Share Link to comment Share on other sites More sharing options...
nekrosoft13 Posted March 6, 2018 Share Posted March 6, 2018 On 3/4/2018 at 8:08 PM, Howard Davis said: I HAVE STRONG EVIDENCE THAT THIS CYBERCRIME AND OTHERS LIKE IT ARE BEING PERPETRATED BY EMPLOYEES OF DELL COMPUTER CO. LOCATED OUTSIDE OF THE USA. BTW, you have ZERO evidence. Spoofing a phone number isn't difficult, its illegal yes, but its not difficult. DConnell 1 Share Link to comment Share on other sites More sharing options...
Howard Davis Posted March 6, 2018 Author Share Posted March 6, 2018 14 hours ago, nekrosoft13 said: i'm completely speechless.... i can't believe anyone would fall for that... This happens to people all the time, which is why they do it. If you are speechless and have nothing constructive to say, then DON'T. Link to comment Share on other sites More sharing options...
Mando Posted March 6, 2018 Share Posted March 6, 2018 @Howard Davis sorry to hear this is what actually panned out for you, i suspected it from the start. not having a go at all but didnt the itunes angle not make you go wtf?? Why would "Dell" ask for payment in itunes credit? DConnell 1 Share Link to comment Share on other sites More sharing options...
Howard Davis Posted March 6, 2018 Author Share Posted March 6, 2018 13 hours ago, Shiranui said: And at no point did this trigger alarm bells? In retrospect, it should have. At that time however they had greatly improved the performance of my computer and I felt deserved payment. Also in retrospect, they may have been the cause of the problems - Malwarebytes found spyware they may have installed. Mando and Shiranui 2 Share Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted March 6, 2018 MVC Share Posted March 6, 2018 I would also change any and all passwords that you have. It's very easy for them to run an application such as identity protector which shows in plain text all of the saved passwords in the browsers. If you use the same email address and password for everything they can see that and if you use special modifications of the same password per site they can see that too. I'd recommend a reinstall or at the very least roll that system back before you were scammed. Also check the programs and feature list for any remote assistance apps still installed on your computer, these may include.. Screenconnect (connectwise) Gotoassist Customer Logmein Team viewer Anydesk If you have any of these uninstall them. Also check next to your clock to make sure an unattended session is not actively running. Mando and Jim K 2 Share Link to comment Share on other sites More sharing options...
Mando Posted March 6, 2018 Share Posted March 6, 2018 2 minutes ago, Howard Davis said: Also in retrospect, they may have been the cause of the problems - Malwarebytes found spyware they may have installed. thats exactly whats happened mate, they get into the system, "fix it" while dropping the real backdoor payload and your now a dormant bot machine for them to C&C whenever they need. if it was me personally or professionally, id be nuking that system from orbit, low level format the drive and do a clean install and use good paid for AV mate. Also add Warwagons advice to what else to do. Jim K and DConnell 2 Share Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted March 6, 2018 MVC Share Posted March 6, 2018 4 minutes ago, Mando said: good paid for AV mate. 1 I don't think a AV's do much to prevent this type of thing, it's social engineering at it's best. When I hear these types of stories it always makes me think i'm not charging enough if people will drop $320 at a drop of a hat. DConnell 1 Share Link to comment Share on other sites More sharing options...
Mando Posted March 6, 2018 Share Posted March 6, 2018 3 minutes ago, warwagon said: I don't think a AV's do much to prevent this type of thing, it's social engineering at it's best. When I hear these types of stories it always makes me think i'm not charging enough if people will drop $320 at a drop of a hat. no, but if its password protected the scammers cant remove it simple padlock security mate. it would stop any backdoor payload being dropped in the scam . ofc dont leave it as the vendors default password. Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted March 6, 2018 MVC Share Posted March 6, 2018 3 minutes ago, Mando said: no, but if its password protected the scammers cant remove it simple padlock security mate. it would stop any backdoor payload What user going to password protect their AV? Link to comment Share on other sites More sharing options...
Recommended Posts