Skip to main content

Featured

SE'ing Encyclopedia

Updated: 10/11/2021:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

The Best Time To SE



The Best Time To Social Engineer Your Target.

Regardless of how similar each social engineering attack vector may seem, no two are the same, hence each and every one will differ to some degree  and as such, there's a lot to take Into consideration when deciding who you plan to SE and how you're going to achieve your objective. Things like researching your target  to Identify how they operate and the nature of their vulnerabilities, as well as selecting the most suitable method to effectively support your attack and ensure It runs as smooth as possible from start to finish, all play an Integral role to get the job done with minimal disruptions. It makes no difference whether you're SEing someone on a personal level In the next building of your office to grab their credit card 4 digit PIN number, or the biggest eCommerce company being Amazon to send a replacement Item that you don't even have to begin with.- you will NOT succeed without knowing exactly what you're up against

Put simply, It's Imperative to perform your "research", "formulate your method" based on your findings, and then "execute your attack" In a very calculated and methodical fashion. As a result, the likelihood of a successful outcome Is almost a certainty with the majority of SEs. If you haven't already guessed, what I'm referring to Is "company manipulation and exploitation", by SEing online stores/retailers on every scale, by penetrating their representative's defense and tricking them Into Issuing refunds and replacement Items for just about anything that comes to mind. Advanced SE'ers have been doing this for years, many of whom offer a "refunding service"  to have their client's accounts credited at a fraction of the cost of the Item's retail price. 

That being said, social engineering Isn't all sunshine and rainbows. Even when methods are prepared flawlessly and every angle Is covered on the SE'ers end by leaving nothing to chance, It does fail at the best of times and one of many reasons for this, Is that there Is very little to no control over "how reps/agents process claims and the decisions they make when finalizing each one". Sure, some reps are half-asleep on the job or simply couldn't care less and approve claims with no questions asked, but for the most part, they do follow company protocol and If suspicion Is raised by the SE'er, they'll do everything they can to decline It. In such cases, one of the best ways to help avoid all that and have them "rush your claim"  towards finalizing It In your favor, Is to perform your SE at the busiest time of year such as "Easter", "Black Friday deals", "Christmas" and a few others that I've documented further down this page.

As I've mentioned quite a number of times on this blog, the "timing of your SE"  Is just as (If not more) Important as having every element of your attack vector covered to perfection. So why Is It crucial to be selective with your timing? Well, human error Is Inevitable and no matter how focused you are with the tasks you set to achieve, you will make mistakes no matter what type of employment you're engaged In. Moreover, If your working In a fast-paced environment, whereby you have ex-amount of clients to process and deadlines to meet, you'd work as fast as possible to try and get the job done In a timely manner. When you calculate all that from a "social engineering standpoint", hitting your target during (for example) the Christmas period, will multiply their workload tenfold, hence the probability of your claim being approved due to the Influx of orders and customer requests, significantly Increases

In short, they will not have the manpower to thoroughly check each and every claim. Now In order to make It as difficult as possible for the company (and Its associates) to do their job In an orderly fashion, It's good practice to choose methods and other bits & pieces that will add to their duties. In a nutshell, "your objective Is to SE your target when they're absolutely Inundated with tasks" for the reasons already mentioned above  and I will show you exactly how and when It should be done by providing a few very effective scenarios. Before I begin, do note that "I'm NOT suggesting that you should only perform your SEs as per the guides In this article"- that would be unwise and a pretty silly approach. What I am saying, Is If you're planning to SE a high value Item In thousands of dollars (such as a gaming laptop) don't do It during the quiet period, but rather hit It In "the busiest time of year". Makes sense? Good! To avoid congestion, I've limited each topic to a single paragraph, so let's begin. 

The Festive Season:

Rather than dedicated solely to Christmas, the title of this topic reads "the festive season"  for a very good reason, namely because the season begins late November and finishes sometime after January In the following year. Essentially, you have around 4 weeks to social engineer by moving from one company to the next  but In this time frame, there are a couple of extremely busy periods that you should be mostly focusing on- the first Is "a day or two before Christmas Day", and the second Is on "Boxing Day Itself". Here's why. In terms of the first one, there's always last-minute shoppers who buy gifts on Christmas Eve or a day prior to that. In regard to Boxing Day, retailers want to get rid of their leftover Christmas stock, and I can tell you that stores are absolutely packed with customers who actually wait at the entrance a few hours before It opens. Whether you do It In-store or online, SEing during these times has a significant chance of success.    

The Easter Period:  

Although this cannot be compared to the amount of sales generated as per the festive season above, by no means Is It excluded from being one of the best times to perform your SEs, however you need to be selective with the days you decide to execute your attack. For example, depending on what part of the globe you're located, "Easter holidays" are scheduled each year, which means that people take a break from their everyday life of work and stress by going on vacation for a few days or so. As a result, stores are quieter than usual and the same with online shopping, thus you'd need to completely avoid SEing during those periods. What I recommend Is a week or so before Good Friday and If school holidays coincide with Easter In your locality, go ahead with your SE. Kids get bored easily and tend to nag their mum to go to the local mall, and along with their parents purchasing for themselves as well as family & friends, their children are also Included. Buying on the net Is also part of the equation, so all In all, Easter SEing pretty much speaks for Itself.  

Black Friday:

Without a shadow of a doubt, Black Friday should always be part of your social engineering routine each and every year, and although It's traditionally recognized In the United States as the busiest shopping day of the year (the Friday after Thanksgiving), It's spread to other countries such as the UK, Italy, Australia, Sweden, Brazil, Ireland, Germany and more. Going by personal experience over the past decade, I can confidently say that online and In-store Black Friday deals & bargains attract an extreme amount of traffic  from consumers wanting to snatch the best deals as quick as possible. As such, warehouse, administration departments and sales teams struggle to keep up with demands- which makes It an Ideal opportunity for every SE'er to make the most of the store's Incapacity to process claims accordingly. I suggest to SE "high value Items" during this time of year, as companies are prone to overlooking and taking shortcuts with claims.  

In-Store SEing:

The concept of this type of social engineering, Is very similar to ordering something online, having It delivered by the carrier and SEing the company thereafter. The difference with "In-store SEing", Is that you do It In person by returning the Item to the store. As opposed to the events that you've read thus far, you don't have to wait for specific times of the year to perform In-store SEing (though, you can If you want!), but you must be selective with "the time of the day"  you Intend to hit your SE. Allow me to elaborate on this. It's a commonality with almost every store to be rather busy late on a Thursday or Friday just before close of business. Employees are exhausted from the working week and not as alert and due to the Influx of shoppers, they tend to rush returns at the customer service desk- some workers completely neglect to follow store protocol and process refunds with no questions asked. I'm sure you can see the benefits, so I don't need to explain any further.

Same Day Delivery:

Prior to delving Into this, do note that It does not apply to all companies and locations, so be sure to first research your target with what you're about to read. Okay, moving forward, some retailers offer what's called a "same day delivery" or "express delivery"  which Is pretty much self-explanatory. Here's how It generally works. Customers who are In a hurry to receive their goods, can opt for a same day delivery service, by placing their order before a certain cut-off time and the carrier will "drop off their package on the day the order was placed". Whilst this Is great from a legit standpoint, It's even better for social engineering purposes, namely because It puts pressure on the company's administration department, their pickers & packers and the carrier service to meet the "same day deadline!". And If you place your order "a few minutes before the cut-off period", they'd be pushed to their limits to try and manage your delivery. As a result of the rush and If you also execute this during the festive season, the company & carrier will not have the time, resources and manpower to "thoroughly check your order". It's suited to any method you like, so take your pick. 

The Most Appropriate Method:

Even though almost any method can be used when SEing during the above-mentioned time frames, there's one In particular that's (predominantly) more effective than the rest, which Is the "DNA" (Did not Arrive). This Is considered a "carrier-based method" for a very good reason, which Is due to the fact that once the package has been dispatched by the company, the carrier Is solely responsible for ensuring that It makes Its way to the correct destination In Its original state. What makes the DNA the choice of method, Is that drivers are busy enough to fulfill their delivery run under normal circumstances. Now when you hit the DNA method especially on "Black Friday", they'll have so many packages to deliver on the day, hence there's a very high chance that the driver will take a few shortcuts by either leaving the package at the doorstep or not request for a signature. I'm not saying that this will happen, but rather there's every possibility that It "can happen".  

In Conclusion:

As you can see, you have quite a few options at your disposal when selecting the appropriate time to plan and execute your attack vector. To help maximize a successful outcome, where possible, I recommend to Incorporate/combine one particular busy period (Easter, Black Friday or the Festive Season) with at least the "same day delivery service". It's even better If you Include the "DNA method"  as part of the equation. Do remember that the objective Is to Inundate your target with an Influx of extra duties, as well as put as much pressure as possible on their workload, thereby they'll be prone to making errors and their time to thoroughly check & process claims, will be limited. In closing, you have plenty of time to effectively research the company and formulate your method In readiness for the attack, so be sure to utilize your time wisely.  



Comments