Skip to main content

Featured

SE'ing Encyclopedia

Updated: 10/11/2021:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

Proof Of Destruction



Request To Destroy The Item And Not Return It.

No matter what company you happen to be social engineering at the time, be It a small computer store that has less than a handful of employees with a net sales figure of only a few thousand dollars per week, or an online retailer on the scale of Amazon who generates that amount In literally one second, they all have protocols In place when processing claims for refunds and replacement Items. Even If you handpicked two companies that distribute the exact same goods and also use the same carrier to service their deliveries, no two are a carbon copy of each other - they will differ to some degree In the way they operate and fulfill customer orders and returns. As such, If you've never SEd a given company, It's absolutely crucial to begin by "researching" how they process & assess claims  and the grounds on which refunds & replacements are Issued.

Naturally, I'm referring to SEing online entities on every level, a couple of which are "SteelSeries" and "Logitech"- which I've specifically chosen for a very good reason. You'll see why In a few minutes or so. Now before even thinking about your plan of attack, you must have sound knowledge of how they're structured and most Importantly, "be well aware of what to expect when using a particular method with the Item you're planning to SE". For example, If you've purchased an Arctis Pro wireless headset and looking to use the "faulty Item method" with Logitech by saying It's not working, do you know the requirements of their warranty policy and what's Involved to have your account credited or a replacement Item dispatched free of cost? If you've never SEd them before, then you'd have no Idea what you're up against, thus the need to "research" them Is paramount.  

As mentioned above, I've named technology-related companies due to the fact that they tend to handle warranty requests differently compared to companies like Amazon- even when the very same Item Is being SEd. For Instance, because of the Influx of orders and claims that Amazon experiences on a daily basis, It's not possible to thoroughly assess each and every one. As a result and to alleviate the workload, they (at times) either let their chat bots do the job and Instantly approve claims, or their representatives will do the same by Issuing refunds and replacements with very little to no questions asked. Other companies on a huge scale, also operate In a similar fashion. You now know why some SEs are performed with Incredible ease- they simply don't have the manpower to address each one accordingly.

That being said, for the most part, "they do comply with their protocol"  but even then, they will not ask you to "destroy your Item" as part of their claims management process- which brings me to the objective of this article. For the purpose of this tutorial, I will be referencing two tech-based companies being "SteelSeries" and "Logitech" who are difficult to deal with at the best of times, namely when they ask for a "POD" which Is an abbreviation for "Proof Of Destruction". Now It doesn't happen with every claim but when It does, It's Imperative that you're well-prepared to tackle It efficiently and effectively. So what exactly Is a "POD", and why Is It requested? I'm glad you've asked! Let's check It out In the topic below.    

What Is A Proof Of Destruction? 

What you're about to read, may vary from one company to the next with the type of tasks that the rep/agent will ask you to perform with the POD, Inclusive of the way It's handled and processed on their end, hence this should be used as a general guide. For all Intents and purposes, I'll be referring to yourself as the social engineer. Also, this only applies to Items that have some type of functionality to operate  such as Apple Airpods, electric toothbrush, SSD (Solid State Drive) and the list goes on. Okay, let's say you've purchased a wireless gaming keyboard and upon receiving It, you've called the company and told them that It's not working. Of course, It's functioning perfectly fine but you're saying It Isn't for SEing purposes. To cut a long story short, rather than asking you to send It back for a warranty replacement, the representative has requested a "POD"- Proof Of Destruction.

What this means Is (and as Its name Implies), you need to "destroy your Item In a manner that will render It nonfunctional"- In the case of your keyboard, breaking quite a number of keys and smashing a few pieces off the keyboard Itself. The reason for this from a company's standpoint, Is to ensure that your defective Item Is completely useless, thus preventing you from falsifying the claim. In order to verify that It has In fact been destroyed, the rep will ask you to provide evidence, by "taking a photo that clearly shows the damaged Item" as well as (where applicable) the serial number and a handwritten note next to the device- all of which must be visible In the photo

When you fulfill these requirements and email It to the rep/agent as an attachment, a replacement Item will be dispatched. Sometimes they may ask to "take a video and upload It to YouTube"  then send them the link, but don't worry, I've written how to bypass this In the topic named "Using The Corrupted Video Method" towards the end of this article. Do note that every SE Is taken on a case-by-case basis, hence "all the above Is just an example of the rep's request for the POD"- your SE will obviously vary to some extent. 

Okay, during my day-to-day SEing events, I continue to get asked by fellow SE'ers as to why the company goes through the hassle of asking for a POD on one given SE, but totally Ignores It with subsequent SEs  and while there are no hard and fast rules to justify their actions, one reason Is that "the Item's value Is not worth the cost of freight to send It back". It costs nothing to receive a file via email as described above, so assessing a claim as such, makes perfect sense. Evidently, you want to keep your Item as Is and receive a replacement free of charge, therefore you'd need to manipulate the rep and circumvent the POD, but before I get onto that, It's very Important to know "what triggers It", so we'll have a look at that now.

What Triggers A Proof Of Destruction?

Irrespective of the method you're currently using or plan to use with future SEs, unbeknownst to you, "each one will trigger one or more events"  that will either work In your favor towards a successful outcome, or complicate matters while your SE Is In progress. For Instance, If you've used the "DNA" (Did Not Arrive) method by saying you didn't receive the package that was delivered by the carrier, due to the nature of the method, In almost all cases It will "trigger an Investigation" and that will (most likely) lead to "filing a police report". If you haven't experienced this as yet, you will at some point when using the DNA. Rest assured, there's no need to panic- It's simply part of company protocol to move forward with your claim. 

The same can be said about the method that triggers a request for a Proof Of Destruction, namely "the faulty Item method". This Is used to say that the Item you've purchased, such as an electric shaver, Is not working and the rep/agent will go through a few routine troubleshooting steps- just to make sure that your Item Is In fact defective. During this process, you may be asked things like "was It put on charge overnight?" or "do you see a light near the On button when plugged In?" and/or perhaps "can you hear any sound when turning It on?" and so on and so forth. These questions are used to determine whether It completely lost functionality and If so, It will satisfy a warranty replacement and It's at this stage when (at the rep's discretion) a "Proof Of Destruction" takes place. When this happens, there are a number of ways to circumvent the POD, which I've covered each one In the following topic.

How To Circumvent A POD:

It's a matter of common sense that you're not going to destroy the Item that you're SEing just because the representative has asked you to do so, thus you need to seek alternative measures to bypass the POD without raising suspicion. There are less than a handful of options to choose from- some of which are more effective than others, but nonetheless, It's not to say that each and every one won't work. I've outlined the pros and cons for every option, so select the one you're most comfortable and more Importantly, "confident" with utilizing It to Its full potential. Let's begin with the "corrupted file method".

Using The Corrupted File Method

As Its name Implies, the "corrupted file method" Is used to corrupt a given file by using an online service like this, with the objective to circumvent the need to verify the file's contents- In this case, viewing the Proof Of Destruction. What It does, Is make the file unusable and regardless of how hard the rep tries to open It, It will not execute. No doubt you will be asked to send It again, so do exactly that but "In a different file format" and keep repeating the process and at the same time, ensure the rep that It's working perfectly fine on your end. This gives the Impression that you're doing your utmost best to resolve the Issue at hand. 

Now this method does have Its weakness as follows. Because some representatives work strictly by the book and comply with their guidelines with precision, they'll keep Insisting to send a functional file  and If you're not prepared to push the SE to Its limit, they can decline your claim at any given moment. Do remember that the human brain Is the weakest link In the security chain, hence the key to succeeding with this method, Is to "remain firm", "be adamant" and "persevere" throughout the entire SE by "not taking no for an answer". If you apply yourself as such, It significantly Increases the likelihood of success.    

Using The Disposed Of The Faulty Item Method

Although this method Is not used too often, It's certainly worthy of putting It as part of your social engineering toolkit- which I'll explain why shortly. The title of "disposed of the faulty Item", pretty much speaks for Itself. When the rep/agent requests the Item be returned, or (on-topic to this article) asking to take a photo/video for the purpose of providing a POD, you say that you threw It out for "health & safety" concerns. Of course, you did nothing of the sort, but you're stating otherwise purely for SEing. I've quoted "health & safety" for the fact that companies take It very seriously and have protocols In place that require full compliance, however to maximize the outcome working In your favor, there's one particular attack vector that I recommend using- so pay attention to what you're about to read. 

Depending on the nature of your Item, you can use one of two reasons. In the first example, we'll assume that you're social engineering an electric toothbrush by saying that "It blew up" when your youngest son was using It  and thankfully, It only left a small cut on his cheek. The second alternative Is compatible with almost every Item that has some type of functionality, by simply telling the rep that "It caught fire" and as with the first example, your son (or any household member) only suffered a minor burn. In both Instances, you Immediately placed It In the trash and because of the Incidents that (seemingly) occurred, the Item's disposal Is well and truly warranted.   

Photoshopping The Image File

Without question, Photoshopping a file Is the most effective method to circumvent the need to provide an authentic Image of the POD as requested by the representative, but "It must be done with extreme accuracy by leaving no room for error". If there are any signs of Inconsistencies with the end result that Indicates the Image has been manipulated and Is not what It appears to be, you can say goodbye to your poor attempt at SEing. A lot of SE'ers think that providing a Google Image containing the same make & model of their Item will suffice, but what about the "serial number and the handwritten note next to the device"  as Instructed by the rep/agent? Or perhaps the "metadata"  that has details of where and when the Image was created?  

As you can see, It's not as simple as grabbing anything off the Internet and hope for the best!  If you're proficient In using Adobe Photoshop, then by all means, put your skill set Into action and edit the Image (that you've taken from the net) according to what you were told by the rep. As for the metadata, you know what to do- either use an online tool like this or In Photoshop Itself, choose "File > Save for web" and then select "JPEG". As an added precautionary measure, change the "Copyright and Contact Info" to "None". If you've never touched Photoshop, don't try and become a master by doing a 20 minute crash course- you will not achieve a flawless result, Irrespective of how hard you try to perfect It. Seek assistance from fellow SE'ers who can do the job with their eyes closed!  

Using The Corrupted Video Method

You're well aware of the circumstances of what's Involved with a POD as an Image file and the ways to work around It, but there are times when companies tell you to "take a video and then upload It to the most common platform on the Internet, namely YouTube". In doing so, you'd need to send the URL via email to the representative for assessment. Because It's on YouTube, It may seem like an arduous task to bypass, but nothing could be further from the truth. All It takes, Is to use some common sense and a calculated approach, and here's how you do It. Do note that they might ask you to host It on another site such as Dailymotion, but the formulation of how the method will be applied, still remains the same. For the purpose of this guide, I'll refer to "YouTube".

Okay, there's a couple of ways that you'll use the corrupted video method, for the reason that If your claim Isn't approved with the first one, you'll need to apply the second methodology thereafter. To begin with, upload any video you like to YouTube, and "change a single character In the URL". This will render the footage useless to the point of displaying an error of "Video unavailable" (or some variant), however It will still "demonstrate that It's hosted on YouTube as a video", thus It'll give the Impression that you did In fact comply with the rep's request. He will say to send It again, so do exactly that by repeating It (changing the URL) each time he asks to re-upload It, and assure him that there's no Issue on your end- It's working fine. 

The objective Is "to put the representative at fault"  for not being able to view the video, and to make It seem as realistic as possible, tell him to clear the cache on his browser and/or use a different one altogether on another device. If he refuses to budge and Insists on sending the URL or may be asks to use another video sharing website, that's when you'll put the second plan of attack Into action as follows. This Is a pretty clever tactic that I personally put together! On this occasion, "record the video with only 10-15 seconds of viewable footage", that shows your back to the camera and getting the Item and other bits & pieces ready, and then "blackout the rest of the video for a minute or so"

This shows that the video Is functional which Is why It's quite effective  and due to Its duration of around 1:20 minutes (one minute blacked out), It makes It look like your recording Is there, but the rep Is unable to see It- which releases you from being blamed for noncompliance. Once again, he's put at fault and after so many failed attempts to view It on his PC, as well as yourself pushing him to the absolute limit by stressing him to the max, there's every chance that the SE will work In your favor. Do remember to "be adamant", and keep saying that you have no problem whatsoever watching It on your computer, and also say that you can't understand how such a simple task cannot be processed. All In all, express your frustration In a firm, yet polite manner by laying a guilt trip on him for not looking after his customer- "yourself, the SE'er"

In Conclusion:

It's one thing knowing what defines a particular event (In this case, the "POD") and why a company uses It as part of their process when managing and assessing claims, but If you have very little to no Idea on "how to handle It", your SE may prematurely come to end. Every social engineering attack Is based on Its merit and no two are alike, hence It's vital to have a very good understanding of the best course of action to take when encountering a request for a Proof Of Destruction according to the nature and environment of your SE. Now that you've reached the end of this article, you will have all the tools and know-how, to tackle and succeed with any POD that comes your way


Comments