Skip to main content

Featured

SE'ing Encyclopedia

Updated: 10/11/2021:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

Serial Number Method


Get A Refund Or Replacement By Only Using A Serial Number.


If you're somewhat new to the social engineering sector, perhaps only familiar with the old-school type of SEing consisting of (but not limited to) pretexting, tailgating, spear phishing, quid pro quo and few others, I'd say It's very safe to assume that you'd be at a loss as to what the title of this post refers to, Correct? I thought as much. And If you're not part of an active SEing community to the likes of an Internet forum or a Discord server, don't even bother hitting a Google search to try and "get Information from a reliable source"- It'll be a complete waste of time. The reason for that, Is because articles on the net pertaining to "the new breed of human hacking" that I've personally defined as "company manipulation and exploitation" are few and far between or Inaccurate to a large extent.

For Instance, checkout this article that's written from an Individual who's titled himself as a Senior Data Analyst. In a nutshell, he's attempted to describe the latter part of the aforementioned social engineering as "eCommerce refund fraud Is about getting a refund for goods that you purchased without needing to return the goods". Further to that and In contradiction to his statement, he's written "Such Is the case for empty box (EB) or partially empty box (PEB)". Really? What relevance does the EB (empty box) known as the missing Item method and the PEB (partially empty box) which SE'ers label It as the partial method, have with "without needing to return the goods?". I'll answer It for you- "nothing".

In both circumstances, you're saying that upon opening the package/box as delivered by the carrier driver, your Item was not enclosed, so It's got nothing to do with a return- "you're claiming It's missing", hence you can't circumvent a return for a product that you don't have! Moreover, he's stated "getting a refund". Has he ever heard of manipulating the representative to dispatch a "replacement Item" Instead of a refund? Evidently not. If all that doesn't convince you of his lack of knowledge, he's also mentioned "goods that you purchased" which furthermore Is misleading due to the fact that (and on-topic of this article), "the serial number method" does NOT require to buy goods upfront. More about this In a minute or so.

In all honesty, It's embarrassing that a Senior Data Analyst who's employed with a company on a large scale, has discussed social engineering (In the capacity of exploiting companies such as Amazon), with Information that Is Immaterial to the said methods. After I read his web page and noticed all the Inconsistencies, I decided to document this guide, with the objective to provide you with all there Is to know about SEing by using the "serial number method", Inclusive of the events that are most likely to take place during the course of your SE. Unlike the details stated by the so-called Senior Data Analyst (what a joke!), rest assured, you're In good hands with what you're about to read from this point onwards. So let's get cracking by first checking out what the serial number method entails.


What Is The Serial Number Method?

The most common way to social engineer online retailers by deceiving their reps to credit your bank account for the cost of the purchased Item, or replace It at their expense, Is to "buy the Item first" and then use any of the traditional methods like the DNA, the wrong Item received, the sealed box method and many others that're utilized by SE'ers of all shapes & sizes. The main advantage of this approach, Is that you have (where applicable) more than on suitable method to use with your product, but not every SE'er has funds readily available and that's when the "serial number method" comes Into action. Naturally, this relates to Items that contain serials such as a computer keyboard & mouse, Apple AirPods, speakers and the list goes on.

Here's how the serial number method generally works. First and foremost, In order to receive a refund or replacement, the serial number of the product you're Intending to social engineer must be under warranty, otherwise your SE will fail before It has the chance to begin. Don't worry, I've outlined a few ways on how to obtain a valid serial In the next topic. Okay, on the grounds you have one at your disposal, contact the customer service rep and tell him that your Item (that's associated with the serial number), Is not working. Now unless he's brain-dead and approves the claim with very little to no questions asked, he will go through a few troubleshooting steps to try and determine why your product Is not functioning.

This Is simply part of company protocol, so there's no cause for concern however depending on the representative you're dealing with, he can make things very difficult for you by going through just about every troubleshooting procedure he can think of, but don't be Intimidated by his behavior. The key to success, Is to "take control of all communications" and "remain adamant" that your Item Is not working with every task he asks you to perform. When he's satisfied that your Item Is defective, a refund/replacement will be arranged, but ONLY when you either return It, or comply with his request for a POD- which Is short for "Proof Of Destruction". You can read all about that, by clicking on the link and checking out my In depth tutorial. If all goes well with the rep/agent (which It should), expect your claim to be approved. I'd say you're wondering how and where to get a serial number, so we'll have a look at that now.


How To Obtain A Valid Serial Number:

As said In the above topic, this method will only work when "a "valid serial number that's still covered by warranty" Is used, so It's of the utmost Importance to establish this prior moving forward with your attack vector. Many SE'ers have a difficult time trying to locate the one they're after, particularly one that's compatible with the product they're planning to SE and that's where I come In. I will show you the most effective methodologies to find the one that fulfills your needs. Now there's one entity that I personally do not recommend grabbing a serial number, which Is "eBay", for the fact that they're Individual sellers who have bills to pay and mouths to feed- much the same as you and I so excluding that, I've created a list of where serials can be found and (where relevant) how to get one without raising suspicion.

Using YouTube

In terms of YouTube Itself, you'd be surprised at how many users upload their videos, and completely disregard to edit/mask Identifiable details that are associated with the device that they're showing In the footage. This Is certainly welcomed by every social engineer wishing to get a valid serial number that's within the manufacturer's warranty period, and because of the step-by-step demonstration by the uploader, you are guaranteed to get one that's covered by warranty. Firstly, be sure "to look at the date of when the video was uploaded". If It's current, then you're most likely good to go, but to confirm It In Its entirety, "check the make & model of the Item". If It's a recent/latest release, then that pretty much speaks for Itself.       

Do note that your search results are only as good as the keywords you enter, hence If you type something that's somewhat Irrelevant/Inaccurate to what you're looking for, It'll be a waste of your valuable time and resources. Allow me to explain why "keywords" play an Integral role In returning effective results. In this case, you're obviously In need of a serial number so you must locate videos that display It and one of the best ways to do It, Is to type the description of your Item, followed by the word "unboxing". What this does, Is show how the Item Is packaged by the manufacturer and the process used to take the contents out of the box.

For example, just to put this to the test, I've entered "Samsung SSD unboxing", and It returned countless pages of users demonstrating procedures of what to expect when taking the drive and Its accessories out of the box. Believe It or not, It literally took me 45 seconds to locate a serial number and after testing It again with another product, I found one In around 2 minutes. I'm not suggesting It will be this easy each and every time you're In search of a serial, but rather the fact that you will find one a lot sooner than later. So to reiterate what I've already mentioned, all that you should be focusing on, Is "the date" of when the video was uploaded and the "Item's make and model". Using these combinations, you'll know for sure whether the Item Is still covered by warranty. 

Physically Visiting The Store

This Is my favorite method, for the reason that there's absolutely no risk whatsoever. As a matter of fact, there's very little to no social engineering Involved which makes your job as an SE'er, Incredibly simple however for this to work, "the serial number on the box, must be the same as the one on the Item". You'll see what I mean shortly. So how do you know If the serial on the exterior of the box, Is the same as the one on the Item? Well, I suggest to exercise common sense by hitting a Google Image search, and enter something along the lines of: "where Is the serial number on (your Item name)". Obviously replace "your Item name" with the one you're SEing. 

I've just performed a search for Apple AirPods with wireless charging case, and although the Image was edited with "serial number protected" on the underside of the box, It actually confirmed that It's located exactly there. That Is, It was masked for the purpose of not revealing It to anyone viewing the video, so It's evident why the user decided to hide It. Okay, assuming you've established that the serial on the Item & box Is the same, "find a store that sells the exact make & model" and walk In as though you're a normal customer looking to buy something. Do note that you're a shopper just like everyone else, so make sure to be cool, calm and relaxed whilst walking around In search of your Item.

Some serial numbers are lengthy and difficult to remember so when you've found the Item, hold the box In one hand and your cell phone In the other, and then act as though you're shooting off a text message. Instead, navigate to your phone's camera and take a picture of the serial (that's located on the outside of the box), and put It back on the shelf. For security purposes, particularly high value Items, some are placed behind the service counter which requires a sales assistant to make the purchase, so just pretend that you want to be certain that It's the correct Item and ask If you can have a look at It. You'll find that It will simply be handed to you, so use the same procedure as above (take a photo with your cell phone), then hand It back and say It's not the one you're after. It doesn't get any easier than that!

Purchase The Item & Immediately Return It

For one reason or another, In the event you cannot perform In-store SEing by physically attending the retailer nor use any of the other aforementioned methods, what I'm going to Introduce now Is just as effective and the upside Is, there Is no pressure on the social engineer- In this case, yourself. The only prerequisite, Is that you must have funds on hand to buy the Item that you're planning to SE, but don't worry, your account will be credited 100%, thus you won't be left out of pocket. If you haven't worked It out by the title of this topic, you'll purchase the Item and when you receive It, write down the serial number and then return It for a full refund, by saying that you received the same one as a gift. Naturally, you can use any excuse that warrants the return- I've simply given my example just to help you along the way.

When you think about It, there's hardly any SEing Involved. The only thing that you must execute correctly, Is the excuse that you're going to use to return It, which Is not too difficult at all. If you're still Indecisive, head over to the company's website and have a read of their "return policy" to establish the grounds on which Items are eligible for a full refund. For Instance, a store named John Lewis, provides a refund or exchange for a "change of mind", hence you will not experience any Issues whatsoever when using this reason. I'd also like to point out, that return policies differ from one company to another- some have 15 days, others at 30 days and so forth, so be sure to check that you don't exceed the time frame. Moving back to the SE, the moment the company reimburses your funds Into your credit card, you can social engineer any store that stocks the same Item by using the serial number that you acquired via your returned product.  

Using Google Images

This gateway Is stating the absolute obvious, however to this day, I'm at a loss as to why many SEers (some of whom operate on an advanced level) completely overlook It, thereby fail to put It Into practice. As with "YouTube", whereby a lot of users upload their videos and forget to hide Identifiable details, the same applies when "sharing Images online". In fact, I've just hit a quick search on Google Images with the keywords of: "Samsung SSD serial number", and pages of results were returned- with most displaying serial numbers clearly In plain text. Now the question you're probably going to ask Is: "how do I know If the serial Is valid and still under warranty?". If you've been In the SEing scene for years on end, you should well and truly already know this, but If you've just started out, then your question Is justified.

Ill explain a couple of ways that're so obvious, that you'd wonder how and why you didn't think of them yourself. The first, Is to navigate to the manufacturer's website and and so a "serial number check" (or some variant), which will check Its warranty state and whether the serial Is valid. For example, I've browsed on "Dell's website", and there's an option to search for the service tag or serial number. I then tested It by entering some random numbers and sure enough, It returned an Invalid message, which confirms that It does check for valid serials. This Is a conclusive methodology that you can utilize with the serials you obtain from the sources mentioned In this article, Inclusive of other entities that come to mind.

The second way, Is to give the company a call and act as though you're a concerned customer wanting to know If your product (that the serial relates to), Is still covered by factory warranty. The good thing about using this approach, Is because your enquiry appears legit, they'll have no hesitation In serving your request, thus you'll get a response there and then. Pretty simple Isn't It? I think so too. Now the only downside to using Google, Is that It can (at times) take a while to sift through Images until you find the one you're after- especially If the model of the product Is not In demand. But It's not as though you're working to meet some sort of deadline, so make yourself a cup of coffee, and take all the time you need.   

 
How To Circumvent Returning The Item:

When you have a valid serial number at your disposal and execute a warranty claim, not every company handles and processes It In the exact same fashion. For Instance, If It's a low value Item and the cost of sending It back outweighs the cost of the Item Itself, companies to the likes of Logitech and SteelSeries will Instead ask for a POD and Instruct you to send the proof of destruction as an email attachment- which they don't pay a single dime to receive It In their Inbox. If there's no signs of Inconsistencies with what you've provided, your claim will be approved thereafter. On the other hand, you will Inevitably be told to "return the product" at some stage when using the serial number method, which you obviously cannot comply with such a request- you can't return what you don't have! As a result, your only alternative Is to "circumvent the Item's return" by using any one of the following methods.

The Disposed Of The Faulty Item Method

This works on the same principle as faulty Item method, with the only difference being that you'll be using the excuse that you "disposed of the faulty Item" (which Is why It's named as such) to avoid sending It back, so I'll only be focusing on that and not how the SE Is handled on the company's end. Okay, In order to significantly Increase the likelihood of a successful outcome, It's not about "how" you disposed of your Item, but "why" you decided to take that course of action. Just remember that you're not doing anything of the sort- It's all an act for social engineering purposes. Here's my recommendation of how to apply the method. Feel free to change the events according to your needs.    

When you contact the rep/agent and say that your Item (that the serial belongs to) Is broken, he'll begin with some troubleshooting steps to try and Identify why It's defective but the moment It gets to this stage, tell him that "your Item blew up when your youngest son was using It" and as a very distressed parent, you Immediately disposed of It for "health & safety concerns" but It doesn't stop here. To help solidify your SE, also say that the Impact of the faulty Item, left a small cut on your son's hand or cheek, and you're thankful that he didn't sustain further Injuries. Alternatively, you can say that It "caught fire" and use the same (or similar) reason as why you threw It out. Companies take "health & safety" very seriously and must act In accordance with the application regulations, hence If you remain adamant and push the rep to his limit, expect the SE to work In your favor.      

The Leaking Battery Method

Although this Is limited with the type of Items It can be used against, namely those that evidently contain batteries, by no means does It Indicate that It's not as effective as other traditional methods that have been discussed towards the start of this article. If the serial number of your Item pertains to a product that requires batteries to function, then you can use the "leaking battery method" to circumvent Its return as requested by the rep/agent.  Here's how this method works In very simple terms. When social engineering an Item that has batteries, you'd claim that It was either "delivered with Its batteries leaking" or they "started leaking within the serial's warranty period"

If you opt for the former (delivered with leaking batteries), "the warranty of Its respective product must be In Its very early stages"- such as only a couple/a few days old, or a week at the maximum. Why Is that, you ask? Well, If (for example) It's 6 months old, It essentially means that the Item was purchased and received half a year ago, therefore you would've claimed the batteries were leaking back then and not wait until now. If you use the other approach by launching a claim before the warranty expires, It's pretty self-explanatory, so there's no point going Into detail. Do you agree? Good!  

Moving forward with the method, after contacting the representative and telling him of the (seemingly) leaking battery, If It's a high value Item worth In the thousands of dollars, It's almost a certainty that you will be asked to return It, and a refund/replacement will ONLY be Issued when they receive It. No doubt you'll need to manipulate the return, which can be done by using the "disposed of the faulty Item method" that you've had the pleasure of reading In the above topic. Now rather than saying you threw out your Item because It blew up or caught fire, you'd use the excuse that "the battery(s) leaked" and for "health & safety reasons", you Instantly placed It In the trash outside. As you're aware, the key to success, Is to take control and not give In under any circumstances!     

The Boxing Method

The "boxing method", also referred to as the "box method" or "box" on Its own, Is defined as returning the box/package with nothing Inside or If the Item (that the serial number relates to) Is rather heavy, a weight substitute Is used such as "dry Ice"- to give the appearance as though It does contain the Item during shipment. The objective of this method, Is to give the Impression that your package was tampered with and your Item was stolen In transit, thus when the company receives your return, they'll see that It's been altered from Its original condition and believe that someone stole Its contents before It made Its way to their Inwards goods/receiving department. 

As simple as this may sound, It's Imperative to prepare the return In a calculated manner by leaving nothing to chance, and here's how to do It. If the Item Is heavy enough to register a weight on consignment, add "dry Ice" (which Is frozen carbon dioxide that turns to gas) and cut the box/package on one side, and seal It with different colored tape. On the other hand, If the Item Is extremely light (anything under 120 grams), use the same procedure with the tape, but don't place anything Inside- only send an empty box. Either way, the purpose of the boxing method remains the same- to deceive the company Into thinking that someone ripped open the box, took your Item, and tapped It thereafter- just to avoid raising suspicion at the time of the event. All In all, you've circumvented the need to return the Item (that you don't have to begin with!) with relative ease. 
   
    
In Conclusion:

Apart from locating a serial number that's still under the manufacturer's warranty, the method Itself, Is not too difficult to formulate and execute- "provided the advice you've been given, Is accurate and precise". The ramifications of being misinformed with any method, such as the details given by the so-called expert as mentioned at the start of this article, can lead to huge complications when not only preparing your method, but also communicating with the rep/agent- as one wrong move can result In the rep declining your claim during the very early stages of your SE. That's what prompted me to write this entire tutorial, to give you first-hand knowledge (directly from myself) based on 30+ years In the social engineering scene, and not something that I've collected by hitting a Google search, which Is most likely what the self-proclaimed data analyst has done.     




Comments