Skip to main content

Featured

SE'ing Encyclopedia

Updated: 29/03/2022:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

Choosing A Suitable Chat

 



Choosing The Correct Gateway Of Communication.

Before I make a start on this tutorial, I'd like to point out that It solely relates to social engineering online stores to the likes of ASOS, SteelSeries, Amazon and so forth, by manipulating their reps/agents to Issue refunds and/or replacement Items. Of course, you can also use this article as a general guide when SEing anyone on a personal level for their username & password to compromise a given account, or perhaps their full name & date of birth to build their Identity from the ground up. In terms of the former which Is known as "company manipulation and exploitation", a lot of social engineers predominantly focus on researching their target, as well as the methods used  to prepare their SE and how to constructively execute their attack vector  to help ensure a successful result. Without question, all this plays an Integral role with every SE, and when used and applied against the nature of the company In question, It leaves very little chance of failure.

Each of the above elements, namely "research", "methods" and "execution" work hand In hand and they need each other to form the perfect Ingredients to allow the SE to run as smooth as possible from start to finish, but as an SE'er yourself, you'd be well aware that SEs can be problematic at the best of times. Investigations are opened, police reports requested, affidavits asked to be signed & returned and the list goes on. If you're not equipped to always be one step ahead of such matters, then your SE will result In an unfavorable outcome- there are no Ifs, ands, or buts about It! As a result, It's crucial to "effectively" tackle every obstacle that can potentially have a negative Impact on your SE, and whilst many social engineers do It by leaving nothing to chance, for no apparent reason, some of their SEs still fail- even though they've covered everything flawlessly on their end. Or have they? 

Let me tell you that for every unsuccessful SEing attempt, there's always a reason behind It and a significant contributor, Is "the way you communicate with representatives and the actions you take thereafter". For example, have you ever been Involved In a "Live Chat"  with a service rep and at some stage, you received a response that had you at a loss as to what to say next? I thought as much. Now If you replied with something that was contradictory to your claim, then panicked and Immediately terminated the chat session, then that most likely would have been the cause of your failed SE. The same applies when talking over the phone or sending an email- one wrong move can prematurely put an end to your SE. As such, It's Imperative to "select a suitable gateway of communication"  that's compatible with your skill set. 

So what's the best form of communication? Well, there Is no "best", but rather one that will allow you to handle the conversation In an "efficient", "comfortable""confident" and "successful" fashion, and I will show you exactly how to choose the correct gateway based on the above-quoted attributes. If you haven't worked It out already, what I'm referring to Is establishing a connection via "live chat", "shooting off an email" and stating the obvious, "contacting by phone"- all of which have their pros and cons (which I will cover the advantages & disadvantages), hence the Importance to make the correct decision right from the get-go. By the time you finish reading this entire article, and on the grounds that you know precisely how to research your target,  formulate your method and effectively execute your attack, you will not experience any major Issues when SEing a given company. So without further delay, let's begin.

Communicating Via Phone:

Evidently, speaking over the phone Is Instant- It happens there and then and whatever you've said, cannot be taken back. It Is all well and good If your reply was effective, but If you're the type of SE'er who's hesitant and somewhat nervous about how to respond In real time conversation, then It can work against you and give every reason for the representative to decline your claim. Because of that, opt for another gateway, namely via email or (where available) live chat. I've covered each one a little further down the page, so you can totally skip this topic and read either of the two or both. On the other hand, you may have the gift of the gab whereby you're able to address every question and concern with pinpoint accuracy, so manipulation during phone conversation Is what you excel at, therefore you'd prioritize this over the rest. 

The good thing about a phone call, Is that once you've reached the agent, you can Immediately SE him without having to wait for a response. This helps prevent reps from making up all sorts of fanciful stories to try and reject your claim. However, due to unforeseen circumstances, not every SE goes according to plan and as a result, you need to be well-prepared for the unexpected  particularly when communicating while the SE Is In motion. Here's what I mean. When talking with the rep, what If you've all of a sudden experienced a "mental block" and have no Idea what to say next? Irrespective of your level of expertise as an SE'er, I can assure you that It will happen at some stage and If you believe that It won't, then you're living In denial. It can and It will, so It's vital to end the call "without raising suspicion".

The best way to do It, Is to hang up the phone "when you are speaking!". Never do It whilst the person on the other end Is chatting away- this Is a dead giveaway that It's Intentional.  For example, I'm sure you've received a call from an annoying salesman temping you to purchase something, and you've hit the end button In the middle of "his end of the conversation". No doubt he would've realized why you did It- on purpose and to simply get rid of him  for the fact of being disinterested. The same principle applies when talking with the rep/agent. You must avoid showing signs of deliberate behavior and ending It "when you're speaking", gives the Impression that the connection was lost for no apparent reason.  

Using Live Chat:

Before I begin, I'd like to make you aware that whilst many companies such as John Lewis, Amazon and ASOS support customer service through live chat, there are some that don't, so you will need to make other arrangements by choosing another gateway. That aside, as with communicating over the phone, live chat Is also done In real time and although all responses are Instant the moment you "hit the Send button", there Is one particular advantage that allows you to gain a little bit of extra time - just to recollect your thoughts, and think of the most appropriate reply. Notice that I've quoted "hit the Send button?". That's because It's entirely up to you to make that decision, hence If you have a momentary lapse of concentration and cannot figure out what to say next, you can stall the session for around 20-30 seconds and then generate your message. It can be done quite a few times but don't abuse It - as It may look as If you're trying to hide something. 

As you can see, live chat definitely has Its advantages, and If your reaction time Is quick when It comes to translating your thoughts onto your computer's keyboard and addressing the rep's messages effectively, then this form of communication Is your strong point. Having said that, there will come a time where you'd be at a loss for words and the need to terminate your chat Is Inevitable. Believe me, there Is not one social engineer who doesn't mess up, but don't take It In a negative way. Instead, focus on the positive side of It by "always being one step ahead of your actions"- In this case, ending the chat without being suspicious. To do that, pause your response for a little while and then reply with "Are you still there?". No doubt, the rep will answer you, so pause It again but this time with a different message such as "Hello can you answer me please?", and then put an end to the conversation.

All the above, was enough to justify that you've experienced technical problems on your end, without raising any suspicion whatsoever. When you've had the chance to come up with a suitable reply, simply establish another chat session. Now there's one very Important fact that you must be aware of, and that Is to keep your SE consistent and to "never change your story" at any stage of your claim. "Why Is that", you ask? Well, logs are kept of every conversation and If you think that speaking to another representative at a later time and saying something to the contrary of what they have on record will go unnoticed, then you are totally mistaken! Sure, there are occasions when reps are half-asleep on the job and don't bother to check previous logs, but for the most part they do, thus the new rep will take over where the last conversation finished, so be sure to take this under advisement with every SE. 

Shooting Off Emails:

As opposed to what you've read so far pertaining to phone calls  and live chat  that both require an exceptional set of skills to keep the SE flowing In the right direction, generating email messages Is quite the opposite- which benefits all types of SE'ers, even those with very little to no experience. It doesn't matter If you've just started your career In the art of human hacking a few days ago, whereby you're attempting your very first SE by replying to a given email, It's not difficult at all to generate the appropriate reply and here's why. There's basically no sense of urgency nor the need to act promptly on your end, which essentially means that you have all the time In the world (so to speak) to think of "what to say and how to say It". But what If you're completely clueless about the context of the email message? Rest assured, help Is just around the corner!

If you're part of a social engineering community such as an Internet forum or a Discord server, then you'll understand exactly what you're about to read next. If you're not Involved In such an environment, get online now and make an account. For the purpose of this guide, I'll be referring to a "forum /board" and It's on the grounds that you're currently an active member without a negative reputation. Okay, provided the board Is well-established with a blend of Intermediate and advanced SE'ers who know their way around company manipulation and exploitation, you're In good hands. Begin by creating a thread and outline your questions and concerns, Inclusive of posting a screenshot of the email message- removing your Identifiable details. Not only will users clarify what your message relates to, but most will also recommend the next course of action- how to respond to the email.

When that's done, make sure you proofread It, just to be certain that everything that was suggested Is relevant to your concerns. When you're satisfied that It's fine, send off your email and If need be, repeat the process with subsequent emails by asking for assistance on the forum  but at the same time, don't be too demanding- the last thing you need Is to be perceived as a nuisance. Whilst all that Is an excellent approach and well within your comfort zone, communicating via email does have Its downside. In contrast to phone calls that allow you to speak a thousand words or more to manipulate your target and try and resolve your claim, there's only so much that can be said and done In an email message. Furthermore, reps purposely take their time to respond, with the Intention to add some degree of difficulty to your claim. Due to the limitations of email transmissions, It may not be the most convenient form of contact, but It doesn't mean that It's not as effective as the rest- you just need to be patient, well prepared and one step ahead of the representative/agent

In Conclusion:

Upon reading this entire article, you're now well and truly aware that In order to successfully social engineer a given company, It takes a lot more than having a perfect method and attack vector In place. If you're not able to translate your thoughts by effectively communicating via a certain gateway and manipulating your target thereafter, then don't expect the SE to work In your favor- It WILL fail more often than not. 

No doubt you will experience times when your claim Is approved with very little Involvement on your end, but what I'm referring to Is SEs that are rather complex, require lateral thinking and must be replied to In a flawless fashion. When selecting a gateway, there Is no right or wrong- It's just a matter of Identifying the type of communication channel that's your "strength", and not your weakness.




Comments