Skip to main content

Featured

SE'ing Encyclopedia

Updated: 10/11/2021:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

The Faulty Item Method

 



Claim An Item Is Faulty And Receive A Refund Or Replacement.

Unlike the usual forms of social engineering that are defined In the majority of security websites and the like, whereby they state that It Involves grabbing confidential Information from unsuspected users or Infecting their PC with malware to gain remote access and compromise sensitive data, there's another form of SEing that's seldom referenced via a simple Google search, which Is known as  "company manipulation and exploitation". This Is used to hit online stores, such as the biggest eCommerce website being Amazon, by fooling their reps/agents to reimburse funds Into the SE'ers account, or dispatch a replacement Item at no extra cost. What differentiates this type of social engineering from the rest, Is that the process to get the job done Is not (predominantly) straightforward and depending on the complexity of the SE, It can take up to a few months before It's finalized In favor of the SE'er.

Sure, there are Instances when a given representative does not follow company protocol or has lost touch with reality (so to speak) and approves the claim with very little to no questions asked, but for the most part, It's time-consuming and can be rather frustrating until a decision Is made by the rep In charge of the claim. If you're reading this from an Intermediate or advanced SEing standpoint, you'll know exactly what I'm referring to and why It can be a lengthy procedure. Things like Investigations opened, "police reports asked to be filed and returned"  and dealing with requests like a "POP" (Proof Of Purchase) or a "POD" (Proof Of Destruction), are all part of the equation. What also complicates matters, Is the "Incorrect choice of method & Item" and depending on the nature of Its Incompatibility, your SE can come to an end before It had the chance to begin.

For example, given packages are weighed when dispatched as well as at the carrier's depot, If you were to use the "missing Item method" on something that's around 900 grams and the company decides to cross-check the details with their own records and the carrier's manifest, say goodbye to your poor attempt at SEing. The same applies to the method that's the objective of this article named "The faulty Item method". To give It the best chance of success, not only Is It paramount to prepare It correctly but of equal Importance, Is to "select a compatible Item" and execute It In a very effective manner thereafter. 

That's where I come In. I will show you how to choose your Item, formulate the method, manipulate the representative at the time of your attack vector and ultimately get the result you're after- a successful outcome. All that will be done towards the end of this guide, namely because there are a few elements that you first need to familiarize yourself with before even thinking about starting the SE. Moreover, If you've just began your career In the art of human hacking, I'd say It's very safe to assume that you've never heard of the "faulty Item method", thus how are you supposed to use It when you have no Idea what It entails? I'm sure you get the point, so without further delay, let's begin with the method's definition. 

What Is The Faulty Item Method?

Have you ever purchased something such as a hair straightener or an electric shaver on the Internet or perhaps physically at your local mall, and upon your arrival home and plugging In your product, It had no functionality whatsoever?  I'd say your answer Is "Yes" on at least one occasion. Although goods are tested and Inspected by the manufacturer prior to shipping them to their suppliers, they're not always In faultless condition- factory defects are Inevitable and companies are well aware of It, but don't like to disclose It. Social engineers also have knowledge of this, and use It to their advantage with the "faulty Item method", by saying that the Item they've purchased either stopped working sometime later, or It didn't function right from the get-go. They'll then contact the rep/agent Informing him of the Issue. 

Of course, there's nothing wrong with It but the SE'er Is just saying It for SEing purposes. Now It's standard procedure for the representative to try and Identify why the Item Is not operating as per Its original state and as a result, he'll go through a few routine troubleshooting steps. This Is usually done over the phone or (where available) live chat, with the Intention to resolve the matter In a timely manner. As a social engineer yourself, everything that the rep asks you to do to see whether your Item Is working, you'll obviously respond by claiming that It Isn't. If you're SEing Amazon and communicating with their "Chatbot", you may be lucky enough to have your Issue resolved with no hassle at all. But that's a different story altogether- this guide Is based on human Interaction. 

Don't be Intimidated by the questions thrown at you by the representative- every company has protocols In place to handle requests of this nature, so they're well and truly obligated to prioritize and look after their customer's needs. When he's satisfied that your Item Is defective, he'll approve your claim but ONLY when you send back your (seemingly) broken one. Evidently, you don't want to do It, hence you'll need to put your SEing skill set Into action and bypass the return. Don't worry, I've got you covered- I will outline the best ways to avoid sending It back  but before I do that, I'd like you to have a clear understanding of the "Items that you can use with the faulty Item method", so let's check It out next.

Items Suited To The Faulty Item Method:

Despite the fact that this Is stating the absolute obvious, for one reason or another, some SE'ers tend to Initially overlook that the faulty Item method can only be used with products that have "some type of functionality to operate". For Instance, let's say you've bought an office chair In Its collapsed form that comes with an Instruction manual on how to assemble It with screws, brackets and so forth. Once It's put together, other than sitting on It at your desk at work, It doesn't serve any other purpose, meaning there's no "functionality". As such, If you're going to use the faulty Item method on this, the rep/agent cannot troubleshoot It- because there's nothing to "troubleshoot!", so you'd need to opt for another method like the DNA. Makes sense? Good! To help you make an Informed decision when the time comes to perform your very own SE, I've listed a few Items just below, that're commonly used by SE'ers and have a very good success rate.  

  • Speakers (example: Bose Home Speaker 300)
  • Headphones (example: Bose Quiet Comfort)
  • Nintendo Switch Console
  • SSD (Solid State Drive)
  • Computer Monitors
  • Electric Toothbrush
  • Computer (laptop)
  • Electric Shavers
  • Apple AirPods
  • Cell Phones

By no means Is the above an exhaustive list, there are hundreds of other Items to choose from but as said, they're typically handpicked by social engineers (myself Included) due to being very well-suited to the faulty Item method, as well as the high probability of a successful outcome. Do note that In order to be eligible for a refund or replacement, the claim must be made as per the company's refund/ replacement policy- you can check It by navigating to their website's terms & conditions. If luck Is on your side, a brain-dead representative may give you a refund within a few minutes however In over 90% of cases, "you will be asked to return the Item and your claim will not be finalized until they receive It". Obviously, you're not going to send It back, but rather bypass their request and there's a few ways this can be done, so we'll have a look at that now.

How To Circumvent Sending The Item Back:

The first thing I'd like to point out, Is that reps are not as naive as many SE'ers think. They all have certain guidelines to follow when processing claims and those who take their job seriously by complying with company protocol and making sure that they complete every task as required, are the most difficult to deal with. For example, when SEing a particular online store, have you ever experienced a rep that did not budge and no matter how hard you tried to manipulate his requests & responses, he remained firm throughout the entire SE? If your answer Is "No", then you're not being truthful. Unless of course, you've just started social engineering only a few days ago, or the rep was half-asleep and approved your claim on the spot. 

The key to penetrating the defense of stubborn reps/agents Is to be "confident In your abilities as an SE'er", be "assertive and direct" and "take control" of all communications. By using those three attributes, the roles will be reversed- the rep will comply with your requests and not the other way around. On the grounds you've applied yourself with all the above-mentioned attributes, you're ready to circumvent the need to send back your (seemingly) faulty Item. There's a number of methods that you can use  and to avoid congestion, I've limited each one to a single paragraph as follows. 

Box The Company

In SEing parlance, this Is known as the "Box Method" or "Boxing" and sometimes simply used as "Box". The purpose of this, Is to make It seem as though the Item you're returning was stolen during shipment, by cutting the box and sealing It with different colored tape. This will demonstrate signs of tampering, so when the company receives your "empty package", they'll think that your Item was taken at some point during the delivery. The box method can be used In two ways. The first, Is If your Item Is light enough (under 120 grams) to not register a weight on consignment, then you'll send the box on Its own with nothing Inside. The second way Is a little more complicated and suited to heavy goods, by substituting your Item with "dry Ice" that's of equal weight. By the time your package Is delivered, the dry Ice would have sublimated (turned from Its solid form to gas) and once again, the company will receive an empty box. Be It the first or second option you decide to use, you get to keep your Item and the rep will give you a refund or replacement.

Using A Drop House

This Is yet another very effective method which Is often referred to as a "Drop House", "Drop Address" or just "Drop" on Its own, which Is a vacant property not belonging to the SE'er and used to accept deliveries from the carrier. It's basically used for anonymity purposes by not disclosing the social engineer's real residential address and In the case of "not returning the faulty Item", It only applies to "ARs" (Advanced Replacements). Here's how an AR works. Some companies (like "HP") will send you a replacement Item BEFORE you send back the defective one but If you don't return It, they'll bill your account for the cost of your purchased Item. Your address Is already anonymized with the "drop house"  so to avoid your bank account being debited, create a fake online account (with the company) and also use a "VCC"  (Virtual Credit Card) and then "cancel the VCC" after your transaction/purchase has been made. As such, funds cannot be withdrawn from your account. All In all, you've received a replacement Item In advance, and bypassed sending back your purchased Item

Disposed Of The Faulty Item

Upon reading the title of this topic, the method pretty much speaks for Itself but to give It the best chance of success, It's vital to execute It In a very calculated and strategic fashion against the nature of the Item you're SEing. I'll elaborate on this with a straightforward example as follows. You've bought an "electric toothbrush" and after It was delivered by the carrier, you contacted the company's representative the next morning and said something along the lines of: "As my youngest son was using the toothbrush, It exploded and for his safety, I Immediately thew It out. Thankfully It wasn't anything too serious, he only received a minor burn to his face". Can you see how this very simple approach, Is almost guaranteed to succeed? There's a few elements Involved- "your youngest son" (minors are sympathized more than adults), "safety concerns"  and "he sustained an Injury to his face". Moreover, as with the recall of Colgate Motion Electric Toothbrushes many years ago, any electric/battery operated toothbrush can explode! The result of your SE Is clear.

Leaking Battery Method

As opposed to the methods you've read thus far, this has Its limitations with the "type of Items that can be SEd" namely (and obviously) those that contain batteries to function, but It's not to say that It's less effective compared to other traditional methods. It works by saying that the Item you've ordered, was delivered with Its battery(s) leaking and because It could've happened anytime from when the company dispatched It to when you received It, they cannot prove otherwise. The rep will ask you to return It for a refund/replacement, and your claim will not move forward until you do. There's a few ways you can manipulate the rep to not send It back, with the first being similar to the above topic- "you threw It out for health & safety purposes". Companies tend to take this quite seriously, so It's more likely to work than not. The second way, requires a little research on your part to "find a carrier who does not accept dangerous goods", hence they'll refuse to transport It. As long as you've applied your method correctly, both the above reasons are equally effective.  

The SE In Action:

Given there are an array of Items that all operate differently to each other, as well as the process representatives use to handle claims and the questions they ask when troubleshooting a faulty Item, It's not possible to provide a dedicated social engineering example. In other words, you don't know (for sure) what will be asked of you when contacting the company claiming your Item Is defective, but what you can do to have some Indication of what to expect, Is familiarize yourself with the basics of your Item's functionality. Now I'm not suggesting to go through all the mechanics of what's required for your Item to work, but rather have a basic understanding of what's needed to power It up and start using It and most Importantly, "what you would personally do to troubleshoot It In the event It fails to operate". As such, you'll have a rough Idea of what the rep with throw at you during your conversation. For the purpose of this example and to keep things simple, I'll use the "Electric Toothbrush" as the faulty Item and "yourself as the SE'er"  done via phone or live chat, so let's begin.

  • You: Hi, I just bought an electric toothbrush and It's not working.
  • Rep: Oh that's not good. I first need to go through a few steps with you, Is that okay?
  • You: Yes It Is.
  • Rep: Is your home's power supply on when you plug In the charger Into the electrical outlet?
  • You: Yes of course It Is.
  • Rep: Great. Did you put the toothbrush on charge overnight?
  • You: Yes I did.
  • Rep: Right, so what happens when you press the On button?
  • You: Nothing.
  • Rep: Okay, do you see a light next to the On button or anywhere else?
  • You: Nope.
  • Rep: Do you hear any sound, like the motor whirring?
  • You: Nothing at all.
  • Rep: Please plug In the charger Into another outlet and tell me when you're done.
  • You: I'm doing that now. (You deliberately pause for around 30 seconds or so)
  • You: It's plugged In now.
  • Rep: Do you see a flashing or solid light anywhere on the toothbrush?
  • You: No It's completely dead.
  • Rep: Thank you for all that. I'm sorry that you have received a defective product. Please provide your order details and when you return your Item, I'm happy to give you a refund.
  • You: Oh good can you arrange the paperwork now? 
  • Rep: I certainly can, just hold the line for a minute....

That was an example not based on any type of specifics, and although a few bits & pieces of the troubleshooting process were omitted, It's a pretty accurate representation of what can be expected when getting In contact with the rep/agent. Apart from yourself (the SE'er) being adamant about the toothbrush not working, what also contributed to the successful outcome, was that "you did not reply with any more Information than what was required to answer all questions". You can see that next to your replies, namely: "You"- each one Is straightforward and without going Into detail. It's easy to slip up under those circumstances, thus being very brief with all replies ensures that nothing can be used against you. Evidently, a "replacement" could have been generated Instead of the refund, but that's entirely your choice.

In Conclusion:

After reading this entire article (If you haven't, go back and do It now!), you can see that there's a lot Involved when using the faulty Item method and It's not simply a matter of choosing your Item and hitting your SE thereafter. Sure, some SEs run extremely smooth and claims get approved without hardly any effort from the SE'er, particularly when It's the busiest time of year- Black Friday deals or Christmas, but I've based this guide on complexities and (where applicable) worst-case scenarios. Don't be fooled by the length of this article- there are many things that will not apply to your SEing environment, so pick those suited to the nature of the SE you're performing at the time.



Comments