Skip to main content
Start a Conversation

Unsolved

D0

delluser.0720

1 Rookie

 • 

1 Message

2459

December 7th, 2022 22:00

Sophisticated phishing or bad security by Dell?

I've received a very likely phishing email from "Dell " claiming to be confirmation of my Dell Service Contract. It has a lot of information about my actual recent Dell purchase, and looks almost fully legitimate, except for some serious red flags..

I would really like to discuss this with someone in Dell's security team. 

 

For a number of strong reasons I believe this is NOT a legitimate Dell email, and is instead a sophisticated Phishing attempt.  If it truly is not legitimate, than it is highly concerning how anyone would be able to obtain the amount of information it displays regarding my recent purchase and the service contract included. 

Reasons I believe this message is not legitimate:

  • Every other message concerning my purchase has come from dell.com, not dellscp.com. I have no reason to trust dellscp.com, which I've never heard of and cannot confirm is owned by Dell. Dell expects me to open attachments, and trust login links in email from a domain they've never disclosed to me previously?
  • The email's SMTP headers show it arriving to my email provider from the "gold-group.com" domain and an IP address assigned not to gold-group.com, but to sendgrid.com, which appears to be an email marketing company.  Large companies do sometimes outsource their customer communication to mail providers like MailChimp, and this is probably such a company.  But that practice is BAD for customers who are rightly cautious of email security.  They are the very definition of spoofed email, and they ask customers to trust an inherently untrustworthy message.
  • I can't conclusively connect the dellscp.com website to Dell.  It looks like a Dell site. But that's what phishers do. they copy legitimate content and create a look-alike site, but with a slightly off URL. The site claims to be "Dell Service Card Portal", and wants me to login with my Dell credentials. But if I search for "Dell Service Card Portal" I get NO valid hits on that phrase.  Not from anywhere, much less from a dell.com site where it should be mentioned if it's valid. The SSL certificate for this site doesn't even claim to be the Dell Inc organization like Dell.com's certificate does - it only claims to be dellspc.com - whatever that is.. Worse, the certificate is issued from a dodgy CA (Sectigo aka Comodo) with a wikipedia-documented history of being badly hacked, and of issuing certificates to malware operators.  Not the same certificate issuer used by dell.com.

I'm not about to provide my credentials to that site, nor to open the attachments on the email.  Nor to even load the images in the email, which very likely contain tracking beacons that will confirm I opened the message.

If all this really is legitimately from Dell, then it would represent horrendous security practice by a company far too sophisticated to make such mistakes.  Dell support scams are rampant.  Dell should make it very easy to fully authenticate any communication coming from them.

If this is not legitimate, then Dell should be pursuing whoever is hosting this dellspc.com website and the email provider SendGrid whose IP address seems to have originated it.

6 people also have this problem

MadcapCasual

1 Rookie

 • 

2 Posts

November 1st, 2023 01:35

I chatted in and it sounds like this is an email that all customers receive:

"I can understand that but this is email every customer receives after they purchase the product. It is website only designed for service contracts"

Taking their word for it, the good news is that there's not a breach of customer order info, the bad news is that they have a lot of room for improvement to make it more clear that these are legitimate emails.

(edited)

Built13203

1 Rookie

 • 

1 Message

November 14th, 2024 04:03

It is November 2024, and I received the same content of email from dellspc.com from a sender "Dell", subject line as "Confirmation: Your Dell Service Contract" with my recently purchased laptop info as well as my personal info in the email body. 

If this is a legimate email and a normal and official email from Dell, why isn't Dell not answer and resolve this issue?

craig.huber18

1 Rookie

 • 

3 Posts

November 21st, 2024 06:53

Any resolution on this? I also just received a similar email, and even gmail is flagging it as suspicious.

TJ4295

1 Rookie

 • 

1 Message

January 9th, 2025 16:36

I just received the same email.

Is this a legit email?

tj-tj

1 Rookie

 • 

1 Message

February 13th, 2025 18:57

@Built13203​ Agreed!   Why is Dell not confirming or denying this to make this clear to customers.    I for one am very worried especially since the email has the "high importance" checked.   I opened the PDF's before noticing the weird address.  I dont think its real. 

Cam2

1 Rookie

 • 

1 Message

July 2nd, 2025 15:06

I too received an email from 'Dell' about the same time. It had lots of information about the end o my service contract. I followed up on this via the email and provided my details. When I finished, all the pages closed and no warranty extension had been submitted. Very strange. I didnt think too much about it, thinking it was just a blip at Dell's end. No money taken or warranty extension. Roll forwards 6 months, I have had 2 small transactions appear on my card. Its hard to pin it to this experience, but it didnt seem right at the time and now I'm pretty sure it was a very good phishing attack. Card cancelled. It was probably done with a 3rd party javascript library injecting the phishing code so that the popup was a phoney front end. Dell do you know if this has happened ?

(edited)

Rgarn

1 Rookie

 • 

1 Message

July 17th, 2025 10:45

This is disturbing. There's either an ongoing very poor 3rd party process or an ongoing security breach of Dell sales data with a successful phish, and they aren't addressing it. 

Was this post helpful?

View All

No Events found!

Top