Skip to main content

Featured

SE'ing Encyclopedia

Updated: 10/11/2021:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

Filing A Police Report



Everything You Need To Know About A Police Report.

If you're an Intermediate or advanced social engineer who's been there, done that with the old school type of SEing, whereby you'd get your victim's password to their Gmail account by sending a malicious link to their email address or remotely accessing their PC with an FUD keylogger to grab confidential Information, I'd say It's very safe to assume that you're Involved In the current generation of SEing that's discussed on just about every popular social engineering board and online chat such as Discord. What I'm referring to of course, Is hitting online stores to the likes of Amazon, Zalando, Logitech and so forth, by tricking their reps/agents to credit accounts with refunds or dispatch replacement Items at no extra cost. 

This Is commonly known as "company manipulation and exploitation" and If you've been In the scene for a number of years to date, you'd know precisely what It takes to get the job done In a timely manner and without raising suspicion. On the other hand, If you've just started your career In this capacity, then you have a lot to learn hence prior to moving forward with the rest of this article, I strongly suggest reading my tutorial named  Beginner's Guide to SE'ing. You can then make your return here and continue where you left off. Now you might be very familiar with the key elements to effectively exploit your target, namely "research", "method formulation", "executing the attack" and "ending on a good note", thereby you're aware of exactly what to do to ensure a successful outcome, but the same cannot be said with "how the company processes your claim".

In other words, once you've executed your attack vector, you have very little to no control of the actions reps decide to take when handling your claim. For example, If you've used the "box method", by manipulating the package to make It seem as though your Item was stolen In transit, unless the rep/agent has lost touch with reality (so to speak!) and approves It with no questions asked, they will follow company protocol by opening an Investigation and may also request some details from you, one of which Is to file a "PR" which Is an abbreviation of "police report". Due to the nature of the box method (and a few others), the report Is certainly warranted and as a result, many SE'ers are quite concerned when they find themselves In this predicament. 

That's what prompted me to write this articleto clarify precisely what a police report Is, how and why It's requested, the events that trigger It (from a social engineering standpoint) and what to expect when you've submitted It. To this day, I continue to come across SEers who have no Idea what a PR Is, let alone why they've been asked to file one and because of that, some tend to put an end to their SE there and then. If you happen to fall In that category, rest assured, I've got you covered. When you have finished reading everything from this point onward, you'll have a clear understanding of how a police report relates to SEing, Inclusive of the reason(s) why companies need It and what's required from you, as an SE'er, to make sure you remain compliant throughout the SE. So without further delay, let's begin by checking out exactly what a police report Is all about. 

What Is A Police Report?

If you've dealt with police reports on a number of occasions and you're fully confident with the steps you need to take In order to fulfill everything on your end, you can completely skip this topic. However, on the grounds that you're new to SEing or never experienced a PR, you'd be at a loss as to what It entails. Allow me to explain It as follows. It's human nature that when the term "police" Is mentioned, SEers automatically assume that they're In some sort of trouble with the law, or perhaps the Feds will bust their door down at 5:30 am. I can assure you, that nothing could be further from the truth. Law enforcement agencies have better things to do, than waste their time and valuable resources on a one-off Incident that (for example) suggests you did not receive your Item. So why do companies request a PR, and what do they do with It once It's received? I'll be more than happy to answer all your concerns and put your mind at ease. 

It's basically nothing more than a bit of paperwork to say that everything that you have said, Is true and correct to the best of your knowledge, hence Is simply required to move forward with your claim. To give you an Insight, here's an analogy that you can relate to. If you've been Involved In a minor motor vehicle accident, you'd contact the police and when they attend, they'll ask you a series of questions pertaining to the events that took place. To claim the cost on Insurance, you'd then file a police report and the cops will put It on record. Your Insurance company will then use It (with other bits & pieces) to process your claim, and approve to repair the damage on your car free of charge. All that Is no different to filing a police report when social engineering- as long as It appears legit, there's no cause for concern. Now there are certain methods that Inevitably trigger a PR, so let's check It out now. 

Methods That Trigger A Police Report:

As mentioned In the third paragraph above, you cannot predict how your claim Is (and will be) handled by the company you're SEing, nor can you forecast precisely the steps taken by their representatives from one stage to the next, thus you may be asked to provide a police report when you least expect It. Whilst you have no control of their actions, you can certainly make changes on your end and minimize the likelihood of having to give a PR, by being well-Informed of the methods that do In fact trigger It- of which the "DNA" (Did Not Arrive) and the "box method" are both part of the equation. What differentiates both of those over the rest of the traditional methods such as the "wrong Item received", "missing Item", "partial", "sealed box" and many more, Is that there's (seemingly) a crime Involved when using the "DNA & box methods".  

For Instance, the "DNA" Implies that you did not personally receive your package and as a result, It was stolen from where the carrier driver left It, being at your doorstep. In terms of the "box method", the same principle applies, whereby someone stole your Item at some point during shipment. Can you see the association with each method and why they warrant a police report? That's right, "a crime was (apparently) committed" and when those types of Incidents happen, It's not unusual to get the police Involved by filing a report. To this day, SE'ers of all shapes and sizes continue to ask me ways to avoid the need to file a PR and If you're reading this from the same perspective, my answer Is plain and simple- "you can't!"

The moment the rep/agent sends you the request, It Immediately takes effect and remains firm. If you do not comply with what Is asked of you, your claim will not go any further and will eventually be declined and closed. Now you may be thinking to contact another rep In a few days time to make a fresh start with your claim, and try to bypass the police report. However companies keep record of every form of communication, and unless the rep Is half-asleep and finalizes your claim without asking for the report, the new representative will continue where the previous one left off. So If you're not comfortable with the whole situation that a police report entails, do not use the "DNA" or "box method". There are many alternatives available- It's just a matter of choosing a method that's suited to your skill set and the nature of the Item you're planning to SE.

Unusual Request For A Police Report:

As you're aware, when there's evidence to suggest that a crime has taken place, a company requires a police report to support their Investigation, thereby It allows them to continue assessing your claim until a decision Is made to finalize It- one way or another. It Is all well and good when their request Is justified (as stated In the topic above), but some reps totally lack common sense and good judgement and will ask you to file a PR when It's not needed In any way, shape or form. What I'm referring to Is when you use the "missing Item method", by saying that upon opening the box/package, your Item was not enclosed. From a legit viewpoint, there's a couple of ways that this method works. The first Is a "company error", meaning their warehouse made a mistake and did not pick & pack your Item. The second Is a "manufacturer error", whereby the factory didn't put the Item In the box, hence only the box Itself was dispatched to the company/supplier.

Both of those Incidents are not theft-related, nor Is there anything to suggest that It Is, so what relevance does a police report have to a "storeman making a mistake with your order", or "the manufacturer sending an empty box?". I'll answer It for you: "Nothing!". I've lost count as to how many SEers (myself Included) have come across such ridiculous demands for a PR and regardless of the number of times the rep/agent was told of the Irrelevance of the matter, It fell on deaf ears- the request to file the report remained active. As silly as It Is, you must comply with their stupidity, but be prepared for one very Important thing that may cause your SE to fail through no fault of your own. 

Because your Item was not stolen, a crime was obviously not committed so based on that, the police officer can refuse to put pen to paper and deny giving you a PR. I'm not saying that It will happen, but rather It "may happen" and the unfortunate part Is, you'd have to do everything In your power to try and convince the brain-dead representative as to why you cannot provide the report. In my experience and depending If the rep has any brain cells left to think for himself, It can be a difficult process to make him see reason but the key to getting your point across, Is to be adamant and persevere with your claim by not taking "no" for an answer. Eventually, he'll give In and accept that what you're saying Is true and correct.  

What Does The Police Do With The Report?

Given that legislation and regulations differ between many countries, I cannot speak for each and every region so what you're about to read, Is based on general principles of law  and not bound to any specific police department and the like. Okay, now that you understand that, the main concern that social engineers have when the company asks a police report be signed & returned, Is whether further action will be taken by the officer who authorized It, particularly If he unexpectedly pays the SE'er a visit at his home or calls his cell phone asking all sorts of questions. What further adds to the SE'ers worries, Is If their PR will be used against him at a later period and possibly result In some type of conviction. There's no definitive answer to all that but what I can confidently say, Is that If you've SEd within reason, then you have nothing to worry about.

What I mean by "SEing within reason", Is to be smart (not greedy) with your social engineering behavior, by applying a combination of low & high value Items, also perform legit purchases In between SEs, as well as allowing a sufficient gap from one SE to the next. It's also good practice to not use the same methods In succession, and to also take a break from SEing every so often. Can you see the Importance of Implementing such measures? If you haven't worked It out, the objective Is "to not raise suspicion", thereby your social engineering activities will be under control and the probability of your actions being questioned by representatives will be kept to a minimum

As a result, your account will be In pretty good standing, thus the company you're SEing at the time, will most likely not pursue further action and refrain from getting In touch with the police during an Investigation - even for a high value Item. In short, the rep/agent will use the report along with other documents related to your claim, and process It thereafter.  Under those circumstances, "there's absolutely no reason why the police will get Involved after you've filed the report"  and will simply archive It for record keeping purposes and nothing more. Just remember this: "be In control of your SEing" and do NOT allow "greed" to take over your behavior. Okay, prior to concluding this article, we'll see how a PR can be filed as per the topic below.   

How To File A Police Report:

This Is pretty much a straightforward procedure, so I've limited It to a couple of paragraphs. Before I begin, I'd like to make one thing perfectly clear and that Is to "never falsify a police report by creating a fake document", regardless of whether other advanced SE'ers have told you to do so. Believe It or not, If the police can prove beyond a reasonable doubt that you're the one who's solely responsible for faking the document, then It can carry a hefty fine or In the worst-case scenario, a penalty of Imprisonment. If you've forged a report In the past and have got away with It, don't think for a minute that It (fine or Imprisonment) cannot happen when you try It again In future- It can at any point In time, hence for the sake of SEing a single Item, It's just not worth the risk. It's Imperative that you understand this In Its entirety. 

Now that you're fully aware of the consequences of the above, In terms of filing a PR without manipulating It, there are a couple of ways that you can do It. The first Is stating the obvious, by grabbing the company's request for the report (that they emailed you or otherwise) and "physically attending your local police station" and explaining the nature of the Incident. Keep In mind that as far as you're concerned, your SE Is legit, so there's no need to feel anxious about speaking with the officer In charge of handling the report. The second way, Is to "do It online"  by simply completing the form with the relevant details, but do note that depending on where you reside and If you're required to file the report locally, not every police station will allow you to do It on the Internet. Whatever option you choose, rest assured, there's no reason to panic, so remain calm throughout the entire process.      

In Conclusion:

Although there are a few bits & pieces that I've purposely omitted from this article (due to not having a significant Impact on the SE), my Intention Is to give you all the Information you need pertaining to the Ins and outs of what a police report entails, Inclusive of how It's handled and processed by both the company and the police department Itself. To help ensure that you SE on a safe level, do make a mental note of  "the methods that trigger a PR", and be sure you don't abuse It by hitting many SEs In succession that will Inevitably raise suspicion. In closing, you're now well-Informed of what needs to be done when you're asked to file a police report, so there should be no cause for concern.   


Comments