The DNAs That Work On Almost Every Occasion.
Without a shadow of a doubt, the calibre of your attack vector, Is only as good as "the method that's used to support It" throughout the entire social engineering session. You may have researched your target to perfection by gathering every detail pertaining to the carriers they use to service their deliveries, as well as how they operate when processing claims, right through to when they finalize their assessment but If you haven't paid much attention to "the suitability and effectiveness of your method", then your SE Is destined to fail. You see, almost each and every method used In the art of "company manipulation and exploitation", must be compatible with the nature of the Item you're looking to SE.
For Instance, If you're using the "partial method", whereby you order multiple Items and plan to social engineer one of them that "weighs around 900 grams" by saying It was missing when you opened your package, don't expect the outcome to work In your favor. How so, you ask? Well, ultimately, It's way too heavy for the following reason. All It takes Is for the company to "open an Investigation" by contacting the carrier to cross-check what was recorded at their depot's weighing facilities, and given "the package was NOT 900 grams lighter", your Item could not have been missing. Instead, you should have chosen something that will not register a weight on consignment. "120 grams" Is the maximum, and that's pushing It to Its limit, hence It will not be detected during shipment.
That was just one example of why It's crucial to apply "method & Item compatibility" when hitting your attack against online stores such as Zalando, Amazon, John Lewis and so forth. However, as an Intermediate or advanced SE'er yourself, you should be well aware that one particular method Is not Item-specific, namely the "DNA" which Is an abbreviation of "Did Not Arrive". As Its name Implies, this Is used to say that the package that was delivered by the carrier driver, did not arrive at your premises or any other location (such as a drop house) that's used as a point of delivery. Naturally, you did receive It, but you're stating otherwise for SEing purposes. The thing that differentiates the DNA from the other methods, Is that It's a "universal method" that can be used with any Item of reasonable size & weight.
In other words, as long as you're not social engineering a sports car (so to speak!), weights & dimensions are Irrelevant. And that's because your package Is simply being dropped off by the carrier and "nothing else Is Involved", thus It makes no difference whether It weights 1 kg or 100 kg - the fact Is, "you did not receive It", regardless of how heavy It Is. Due to the DNA's flexibility and ease of use, It can be used by SE'ers of all shapes & sizes, but there's one thing that complicates It, which Is an "Investigation"- that's almost a certainty with every SE.
And If you have very little to no Idea of how to effectively tackle and respond to all questions thrown at you by the representatives, then your SE has a very high chance of failing. That's where I come In, by showing you "how to use the DNA method with certain types of events to ensure a successful outcome on almost every occasion". In simple terms, If you follow my guides further down this page, the DNA method will work In over 95% of your SEs. But before I make a start on that, It's Imperative to familiarize yourself with what an "Investigation" Is by definition, Inclusive of the Ins and outs of how It's used when your claim Is being assessed. So without further delay, let's begin.
What Is An Investigation?
Every time you social engineer with the Intention to get a refund or replacement Item, provided you haven't raised any suspicion, each company Is under the Impression that It's a legit claim, therefore It will be processed with minimal disruptions. However, If things don't quite add up with what you've told the company compared to what they actually have on record, that's the main reason why they'll "open an Investigation" - to see why your story doesn't match theirs. It's basically an official Inquiry Into your claim, by gathering and piecing together every bit of detail prior to finalizing It. For example and on-topic of this article, If you've used the "DNA method", you'd know that It not only triggers and Investigation more often than not, but a "police report" may also be requested to verify that everything you've said Is true and correct.
Many SE'ers, particularly those who're new to the scene, are somewhat clueless about how to handle an Investigation and whether It's safe to file a police report and as such, they prematurely put an end to their SE. If you're part of this equation, I can confidently say and assure you, that there's no cause for concern whatsoever. As a matter of fact, It's a good sign when It happens, namely because the rep/agent has no evidence (as yet) to decline your claim. If he did, he would've already done It and not waste time going back & forth collecting and assessing Information. So make a mental note, that "an Investigation Is nothing more than complying with company protocol to move forward with your claim".
The same can be said about a "police report" - It's just a bit of paperwork that's required for administration purposes, so It's perfectly fine to go ahead and file one either at your local police station or (where applicable), you can do It online. Rest assured, the cops won't bust down your door at 5:30 am to arrest you because your package didn't arrive! Now due to "an Investigation" being the root of the problem with the DNA method, "It must be deemed Inconclusive" to give the method the best chance of success. And to do that, It's paramount to have a clear understanding of the events that are almost guaranteed to work with every claim related to the DNA method. There are "three events" In total that will cause an Investigation to come to a standstill, hence render It useless so without further ado, let's check out the first one as follows.
Event One - The Package Left At The Doorstep:
Although It's blatantly obvious that this particular event has an extremely high success rate, for one reason or another, SE'ers of all types (advanced Included) are still Indecisive as to whether the DNA method will work when "the package Is left at the doorstep by the carrier driver". Personally, I cannot fathom why common sense does not prevail with something that's so simplistic to the point of being very much self-explanatory. Think about It logically for a minute by reading a scenario as follows. You've placed an order with Zalando, and your package Is scheduled to arrive at a given time and date - as confirmed via tracking. Your plan of attack Is to use the DNA method, by attempting to avoid signing for the delivery and as a result, you're hoping that the carrier will drop It off at your premises and leave thereafter.
Your approach worked as expected, whereby the driver knocked on your door and you deliberately gave the Impression that no one was home, so he signed the delivery himself and left the package "unattended at your front doorstep", then exited your property and continued his delivery run. See what just happened? Your package was dumped without any form of verification to conclude that "you personally received It". Sure, tracking has shown that It made Its way to the correct destination, but by no means can It be used as evidence to deem that yourself (or a household member) "accepted the package from the carrier driver". If you look at It from a legitimate standpoint, your package could've been stolen before you had the chance to check Its arrival, so what's the difference when using the same principle with social engineering? I'll answer It for you: "Nothing".
Believe It or not, your SE Is over 75% complete at this stage - for the fact that the carrier and company you're SEing, has basically DNA'd themselves! Here's why they cannot justify their actions. The moment you say that you've yet to receive your goods, the representative will Immediately refer to the tracking Information and use that to tell you that It was successfully delivered, thus will try to put an end to your claim there and then.
Don't be fooled by the ridiculous approach by the rep. You need to understand that tracking ONLY marks a package delivered to an "Address", and NOT to a "Person", therefore It cannot be used to confirm deliveries. Based on that and given the driver left your order at your doorstep, a passerby (seemingly) grabbed It and walked away. All In all, there's absolutely no way the company can prove that you have your package In your possession - which Is why this particular event Is by far the most effective of the lot.
Event Two - A Signature Required On Delivery:
Be It signing a contract to finalize the purchase of your new home or perhaps closing a deal with a major client at work for a 5 year business arrangement, the need to put pen to paper has been (and still Is) the most common course of action to secure an agreement, thereby making It legally binding "where applicable". Notice how I've used "where applicable" as the operative words? That's because It does not apply to social engineering In any way, shape or form - namely when using the DNA method and scribbling some random text on the carrier's hand-held device. A lot of SE'ers are under the assumption that If they sign for their package when the driver hands It to them, they're accountable and responsible for the events that take place thereafter, but nothing could be further from the truth.
Unlike a contract that's bound by law to stick with an agreement made between two or more parties, I can assure you that SEing Is quite the opposite - a signature holds no ground whatsoever, hence Is completely useless to verify that It was "you who signed and accepted your goods". For Instance, If you use a fake name that has no association to your real Identity, how can the company "conclusively say that It belongs to you?". Were there any witnesses at the time of signing? Was It done on a document In the presence of a Justice of the Peace? Of course not. The only person who was around at the time of delivery, was the carrier driver and regardless of what he tells the company, at the end of the day It's his word against yours - which renders shipping confirmation Inconclusive.
I've been SEing for a very long time, over 35 years to be exact, and I've experienced countless drivers signing It themselves, predominantly those who were running late for their scheduled delivery run - and It still happens as I'm writing this article. So when you're asked for a signature, do so with a totally different name, "but be sure It's legible". As such, the rep/agent who's looking after your claim, will see that "the name does not correspond with yours" and cannot decline It based on that alone. As a result, and provided there are no Inconsistencies with your claim to suggest a negative output, do expect the DNA to work In your favor.
Event Three - Photos Taken Of The External Property:
The last but certainly not the least of workable DNA events, Is when photos are taken of the external property of your home to verify that the shipment made Its way to the correct address, but as with a signature, It cannot be used to confirm the delivery. You'll see why In just a few minutes. Firstly, you need to understand how and why photos are utilized by carriers as follows. In the absence of a signature and an "OTP" (One-Time Password), a few carrier companies have Implemented other measures to verify consignments - In this case, taking a snapshot of the package left at the exterior part of your premises. At the time of writing, "DPD" who services the deliveries of many major retailers such as "Amazon" and "ASOS", Is one carrier who does It, so keep this In mind with future SEs.
They sometimes ask you to open your front door and they'll take a photo of your package placed In the entryway and although It can be circumvented, It's not relative to this topic, so I won't be discussing It. The way the DNA method will definitely work In this situation, Is when "the driver leaves the package at your doorstep and takes a photo of your home, with the package In full view". He'll also make sure your house number Is visible - just to conclude It belongs to yourself. Pretty difficult to bypass, yes? Not at all! Even though your house Is Identified In the photo, did you actually "personally accept your goods?". Evidently not.
The carrier can take a thousand photos of every angle of your home, but It still CANNOT be used to verify the delivery - namely because It was "your house" that received the package and NOT "yourself". Anyone could've stolen It - your neighbor, a passerby or perhaps the driver himself. So when you're In this type of scenario with the DNA method and the rep tries to decline your claim purely based on the photos of your property, use what you've just read to your advantage by being adamant that "you did not personally receive It". If he attempts to put an end to your claim with all the nonsense about the photos, keep saying that you're still waiting for your package to arrive. Believe me, the representative cannot justify his assessment on the appearance of your home!
In Conclusion:
With regard to the topic pertaining to "A Signature Required On Delivery", I'd like to reiterate the point of signing a fake name that's "legible", yet consistent with what typically represents a signature. Its objective Is to show that the name recorded at the time of delivery, Is not associated to yours and the only way It can be done, Is If the rep/agent can clearly read and Identify what you scribbled on the driver's device. In closing, you've now learned every DNA event that will work In over 95% of cases, so be sure to apply your SE accordingly.
Comments
Post a Comment