Computer Information Science

Cyberheist News

Cyberheist News - January 2016

Cyberheist News - January 2016

Scam Of The Week: Dell Tech
Support Service Tag Hack

This is a real one. A number of people using Dell PCs have been contacted by scammers claiming to be Dell Tech Support who actually had specific data that only Dell could have had. We're talking the customer service tag number, a support number printed on a sticker on every Dell computer. I have used Dell machines for 20 years and am very familiar with that sticker.

This is a variant on the Microsoft tech support scam where they call PC users and claim they have detected a problem with the person's computer and need to fix it. End-users gullible enough to give access to their workstations (usually via remote software), are billed hundreds of dollars on their credit card but the scammers of course don't fix anything — and in some cases their PCs are infected with ransomware until they pay up.

Last week, there was a story in Ars Technica where a man said he called Dell about a problem with his optical drive, and soon after he got a call from a scammer who knew about his specific problem and had his service tag number and other customer information.

In October the company posted a warning about this type of telephone scam on its website, but it doesn't mention a service tag number hack. Dell does not seem to know what exactly is going on and is investigating. To me it seems that one or more of their servers have been compromised and support data has been exfiltrated and used by scammers. Dell needs to fix the leak.

In the meantime I suggest you send this to your employees, friends and family:

"There is a new tech support scam doing the rounds. This time it is cyber criminals with foreign accents calling you, claiming they are from Dell and they even have the correct service tag of your Dell PC. They will try to manipulate you into giving them access to your computer so that they can "fix the problem" and charge your credit card or worse, infect your computer with ransomware.

"If you get called by unknown people claiming to be tech support (any company) and need to get access to your computer, hang up the phone immediately and delete any email they might send you with similar claims.

"ONLY give out personal information if you have initiated the call and properly looked up the main company number yourself on the company’s main website you want to reach. Do not rely on a popup, ads, or general web search on another website or forum unless you can verify it is a valid source and verify it is a valid phone number for that company."

Train Your Users To Beat Phone Scams

"'Press 1 to hand us the family jewels' works more often than you might think. A little training can stop this sort of social engineering."

That was the first line of an excellent InfoWorld article by IT Security Guru Roger Grimes. He started out with: "As I landed in Dallas returning from my recent visit to China, I picked up my cellphone voicemails. One of them was from my bank, telling me my personal debit card was frozen and would have to be unlocked.

I knew I should’ve let my bank and credit card companies know I was traveling, but I hadn’t, mostly because I use a dedicated business card when traveling overseas on business. Still, I wondered why this particular credit card was locked. Not only had I not used it on the trip, I hadn’t used it in more than a year, and I have multiple credit card security monitoring services that inform me about unusual activity."

I suggest you read the rest of his story, how he almost fell victim to this scam and what you can do to prevent it:

Ransomware A Threat To Cloud Services, Too

Think your users don't need security awareness training because all of your files are in the cloud? Think again. Investigative Reporter Brian Krebs has a blog post that proves it can easily happen. He started with:

"Ransomware — malicious software that encrypts the victim’s files and holds them hostage unless and until the victim pays a ransom in Bitcoin — has emerged as a potent and increasingly common threat online. But many Internet users are unaware that ransomware also can just as easily seize control over files stored on cloud services.

Toni Casala found this out the hard way. Casala’s firm — Children in Film — works as an advocate for young actors and their families. The company’s entire operations run off of application hosting services at a managed cloud solutions firm in California, from QuickBooks to Microsoft Office and Outlook. Employees use Citrix to connect to the cloud, and the hosting firm’s application maps the cloud drive as a local disk on the user’s hard drive.

“We were loving that situation,” Casala said. “We can keep the computers here at work empty, and the service is very inexpensive when you compare it the cost of having more IT people on staff. Also, when we need support, they are very responsive. We don’t get farmed out to some call center in India.”

They were loving it, that is, until just before New Year’s Eve, when an employee opened an email attachment that appeared to be an invoice. Thirty minutes later, nobody in Casala’s firm could access any of the company’s 4,000+ files stored on the cloud drive." Read how much time it took to get back online, yikes:

Regarding Ransomware, the police probably can’t help you. This is an article in Fortune Magazine that I was interviewed for. Good ammo to send to management. Short and understandable:

Give Your Employees A Safe Way To Report Phishing Attacks - Complimentary.

Do your users know what to do when they receive a suspicious email?

Should they call the help desk, or forward it? Should they forward to IT including all headers? Delete and not report it, forfeiting a possible early warning?

KnowBe4’s new Phish Alert button for Outlook gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click!

  • Reinforces your organization's security culture
  • Incident Response gets early phishing alerts from users,
    creating a network of “sensors”
  • Email is deleted from the user's inbox to prevent future exposure
  • Easy deployment via MSI file
  • Supports Outlook 2007, 2010, 2013, 2016 & Outlook for Office 365

Here is where you download your Complimentary Phish Alert Button. This is a great way to better manage the problem of social engineering. Compliments of KnowBe4!

Warm Regards,
Stu Sjouwerman