Skip to main content

Featured

SE'ing Encyclopedia

Updated: 10/11/2021:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

Asking For Help With Methods

 



How To Request Assistance With Your SE'ing Methods.

Every social engineer differs to some degree, In how they absorb Information when researching and collecting data about the target they're planning to SE, as well as the way they formulate their method and execute their attack vector thereafter. Included In this, Is their capacity to handle and effectively manipulate the representative Into Issuing a refund or dispatching a replacement Item- some do It with Incredible ease, whilst others find It somewhat difficult to apply themselves. Irrespective of all that, there's one thing that each and every dedicated SE'er shares equally, and that Is to do whatever It takes to get the result they're after. Be It using the DNA method by keep Insisting that "the package wasn't personally received" or "perfectly calculating the amount of time It takes for dry Ice to sublimate" for the boxing method, they won't let anything or anyone stand In the way of achieving their goal.

Of course, all the above pertains to social engineering online stores  such as Amazon, John Lewis, Zalando etc, by tricking their reps/agents to reimburse funds Into your account, or have a replacement Item sent at no extra cost. In order to do that with minimal disruptions and significantly Increase the likelihood of a successful outcome, It's of the utmost Importance to be selective with the type of method you'll be using, by applying It against the nature of the Item that you're looking to SE. For example, If you're going to use the "missing Item method"  on something that weighs 1.5 Kg, unless the rep Is brain-dead, your SE will fail- for the reason that the company opened an Investigation and confirmed the weight that was recorded at the carrier's depot. The Item Is too heavy for the said method.

Advanced SE'ers don't have any major Issues with "method formulation", however those who've just started their career In "the art of company manipulation and exploitation" experience quite a number of difficulties- not only with choosing the most appropriate method, but also "asking for help with the method Itself"  when In the midst of preparing their SE In readiness for their attack. I've come across countless social engineers who cannot fathom what a given method entails, so how are they supposed to request assistance when they're clueless of Its usability? It's this that prompted me to write this article- to "explain the purpose of each commonly used method"  and on-topic of this tutorial, "the best approach when seeking the help of fellow SE'ers"

All the above, refers to creating threads and posting on Internet forums and If you're communicating on a messaging platform to the likes of Discord or IRC, they're also part of the equation. To put It simply, the objective of this guide Is to give you the tools and knowledge of "how to effectively ask for advice regarding the method you're currently using, or planning to use with your forthcoming SE". I will put an end to newbie SE'ers who post messages saying something along the lines of: "I'm going to use the partial method on some computer parts, what do you think?". Seriously? It's like me asking: "Why do some SEs work and others fail?". What computer parts Is It referring to? What's their weight? Who's the company? I'm sure you get the point.  

Now It's not my Intention to belittle beginner social engineers In any way, shape or form (I was also a beginner 30+ years ago!), but rather guide them In the right direction when requesting assistance with their method selection and preparation. If you're reading this from a novice/Inexperienced standpoint, I'd first like you to have a clear understanding of what defines a method and how It relates to SEing as a whole. As a result, It will build your foundation to the point of having a fairly good Idea about  how methods operate. On the other hand, If you're on an advanced level, It's your choice whether you'd like to continue with this article. Okay, so without further delay, let's get this started by checking out the Ins and outs of what a method Involves. 

What Are Social Engineering Methods? 

When you've decided on the company that you'll be social engineering and you've researched their terms & conditions thereafter, the very next step Is to create a "strategy" as to how you're going to execute your attack and manipulate their reps afterwards. That Is, you need a "plan" that will be used to guide your SE right from the get-go, and the "plan" Is the "method" and without the "method", your SE will not move forward. Allow me to provide an example that you can relate to. Let's say you've purchased a computer desk workstation from Walmart that comes with shelves, draws, cabinets etc In Its collapsed form. In order to put It together and complete your project, you'd need the "assembly Instructions" and If they happen to be missing, you cannot get the job done

The very same principle applies to SEing. In this case, the "assembly Instructions" Is the "method" that's used to support your attack vector and get what you're aiming to achieve- a refund or replacement Item. Makes sense? Good. Every method Is the backbone of the SE and for the most part, It must be compatible with the nature of the Item, therefore It's not as simple as selecting the first thing that comes to mind. For Instance, we'll pretend that you've chosen to use the "sealed box method", whereby you'll replace the original Item with something useless that you have lying around the house, and seal the box In perfect condition as per Its manufacturer's state. The objective Is to return the box (while It's still under warranty) and the company will scan It, place It back Into stock and Issue a refund Into your account.

Because the box did not have any signs of tampering, and the useless Item that you packed Inside was the same weight as the original one, there's no reason for the representative/storeperson to open and check your return. As such, he'll put It back In the warehouse shelving with the rest of the products and credit your account. That's how the sealed box method works, and Is the reason why It has a very high success rate. However, what you didn't notice Is that there was a bit of "clear film on the underside of the box" and when they received It, the rep/agent Immediately noticed that "It contained your useless Item", thus your claim was declined there and then. As you can see, "the method was not suited to the nature of the Item", namely Its packaging hence the Importance of "Item & method compatibility"

Okay, now that you're aware of how methods operate and why they play an Integral role In Item selection (and also determine where the SE Is heading), you're now well & truly ready to apply yourself with the best measures when "asking for help" with the method(s) you're planning to formulate and use. Given there are quite a few methods available, It's way beyond the scope of this article to detail the lot. Instead, I will discuss those that're very common and used by the majority of SE'ers, being the DNA, missing Item/partial, wrong Item received, boxing  and the sealed box method  respectively. In each of those methods, you'll find there's an "Asking For Help" subheading with most recommendations listed as a question. The reason for that, Is other SE'ers will be asking you those questions, so "It's your job to provide the answers In the form of requests for assistance". Confused? Rest assured, you won't be! So let's make a start with the DNA method.  


The DNA Method:

This Is an abbreviation of "Did Not Arrive" and as Its name Implies, you claim that the package that was delivered by the carrier, did not arrive to your home. Evidently It did, but you're stating otherwise for SEing purposes. The good thing about this method, Is that It's "carrier-based" and Is solely used to say that the driver neglected to drop off your package, therefore It's not tied to any particular Item. In other words, as long as you're not SEing a family home (so to speak!), you can choose anything of reasonable size & weight. You can read about the DNA In my In depth guide here. As mentioned, my recommendations (below) are questions that SE'ers will mostly likely be asking you, so when you request assistance, simply provide the answers

For Instance, the first two are: Who's the company you're SEing?  and Has the package already arrived?  When you ask for help, your message will be: "I'm SEing Amazon using the DNA and the package hasn't been delivered as yet", and you continue In the same manner with the other questions. Of course, this just an example- you'll be posting the real events of your SE. Now It's quite obvious that "you must first mention the method that you are (or will be) using", so I didn't bother to Include It. Also note that everything listed below may not apply to your circumstances, so select those of relevance.

Asking For Help

  • Who's the company you're SEing?
  • Has the package already arrived?
  • Name the carrier company.
  • Specify If It's the same driver.
  • Was a signature required on delivery?
  • Was an OTP (One-Time Password) given to the driver?
  • Were photos taken. If so, where?  
  • Was the package left at the doorstep?
  • If the SE Is In progress, has an Investigation been opened?
  • Have you been asked to file a police report?
  • Have you been asked to sign & return documents?
  • What type of documents are they? Affidavit, stat dec or otherwise?

The Missing Item & Partial Method:

Both the "missing Item" and "partial" method, are much of a muchness In the way they're formulated and applied. The only difference between the two, Is that the former (missing Item) Is used to SE a single Item that was purchased on Its own, and the latter (partial) Involves ordering multiple Items and claiming that one or more (of those Items) were missing  when you opened the box/package. For these methods to work, It's paramount to opt for something that's extremely light and will not register a weight on consignment, hence both the company & carrier cannot conclude whether your Item(s) were In the package when you received It. You can read my guide on the partial method here, and the same with the missing Item method here. As with the example In the topic above, ask for help by answering the questions below and of course, only choose the ones that relate to your SE.  

Asking For Help

  • Who's the company you're SEing?
  • What Is the Item In question?
  • If using the partial, how many Items will be SEd?
  • What's the exact weight of each Item you're SEing?
  • Does It come In a box?
  • Is the box fully enclosed In cardboard?
  • If It comes In a box, are you SEing only the Item? (manufacturer error).
  • Are you SEing the Item & box? (warehouse error).
  • If It's a warehouse error, what's the shipping weight?
  • Is an Investigation In progress?
  • Provide all details of the Investigation.

The Wrong Item Received Method:

If this Is the very first time you've heard of this method, It's safe to assume that judging by the topic's title, you'd have a pretty good Idea of what It entails. As Its name suggests, you'd say that when you opened the box/package, It contained a different Item to the one that you bought, thus "the wrong Item was received". Just like the DNA method, this can also be used with almost any Item you prefer, namely because every company who sells goods has an Inventory of stock and given human error Is Inevitable, the storeperson can easily make a mistake by picking & packing an Incorrect Item, but be realistic with the Item Itself. For example, If you're SEing a Samsung 75 Inch TV, It's not possible to pick, pack and dispatch a wrong Item of that size & weight. For further Information on how to use the method, refer to my tutorial here. You know what to do with the list below, so there's no point repeating myself.

Asking For Help

  • Who's the company you're SEing?
  • What's the Item you're SEing?
  • What's the weight of the Item?
  • Did you already purchase the wrong Item?
  • Was It purchased from the same company on another account?
  • Have they asked you to return It?
  • If you don't have the wrong Item, will you be boxing them?
  • Is the Item light enough to box, or will you use dry Ice? 

The Boxing Method:

Also referred to as "the box method" or "box" on Its own, the boxing method Is used to circumvent the representative's request to return your Item  or If you're using the serial number method, you'd do the same for an Item you don't have to begin with. Put simply, "you send a box with nothing Inside", and make It look as though It was tampered with during shipment, thereby someone (seemingly) stole your Item before the company received your package. To do this, tear the box on one side and seal It with different colored tape. Now there's two ways you can use the boxing method. The first Is If the Item Is extremely light and cannot be detected when weighed, send the box without anything In It

On the other hand, If your Item Is quite heavy, you need to substitute Its weight with "dry Ice"- which will turn to gas whilst In transit, hence when the rep/agent receives and opens your box, It will be empty with no evidence that the dry Ice ever existed. Whichever of the two options you use, the purpose of the method Is "to give the Impression" that you've complied with what the rep asked of you and sent back your Item  however at some stage, someone ripped open your box, stole your Item and to cover his actions, he Immediately sealed the box with tape. Naturally, the entire scenario didn't happen- "It's what you want the company to believe". If all goes well (which It definitely should), you'll get a refund or replacement. When It comes to asking for assistance, refer to the list below. 

Asking For Help

  • Who's the company you're SEing?
  • What's the Item you're SEing?
  • How heavy Is It?
  • Will you send only an empty box?
  • Will you be using dry Ice?
  • Have you prepared the box accordingly prior to returning It?
  • Did you cut It and use different colored tape?
  • Has an Investigation been opened?

The Sealed Box Method:

Ever since I named this method (yes, It was myself who gave It the title of "sealed box method") and Introduced It to the social engineering community almost a year ago, It's become Increasingly popular among SE'ers of all shapes & sizes and rightly so- Its success rate Is over 90% when applied accordingly. Now I've already briefly discussed the sealed box method towards the beginning of this article, In the second paragraph of the topic named "What Are Social Engineering Methods?" so I don't need to elaborate any further. Having said that, to give you a good Insight on how to formulate the method, I strongly suggest reading my tutorial here. Of equal Importance, Is a series of events that take place  which you should be well aware of, so be sure to thoroughly read my guide on that located here. As per below, you're now all set to request assistance from fellow SE'ers.

Asking For Help

  • Who's the company you're SEing?
  • What's the Item you're SEing?
  • Does the useless Item's weight match your purchased Item?
  • What excuse did you use to return your Item?
  • Is the box packaged fully with cardboard on every side?
  • Does the box have any signs of tampering?

In Conclusion:

After reading this entire article (If you haven't, go back and do It now!), you should be well Informed about the role and Impact that methods have on your SEing attack vector and why It's vital to select those suited to the Items you'll be social engineering. Furthermore, you're now equipped with what needs to be done when asking for help on Internet forums or messaging platforms, such as Discord. In closing, I'd like to reiterate that not every list In the "Ask For Help" section of each topic, will be related to your circumstances, so pick & choose those that apply to your SE at the time. 


Comments