Skip to main content

Featured

SE'ing Encyclopedia

Updated: 10/11/2021:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

SE's With High Success Rates



Items, Methods And Events With A Very High Success Rate.

In terms of social engineering stores (via an online gateway) to the likes of Amazon, Zalando, Nike and many others, there are a lot of complexities that you'll Inevitably face during the assessment of your claim. Things like "Investigations opened", "police reports" requested to be filed and returned and also the need to "sign documents" stating that everything you've said pertaining to your claim Is true and correct, are commonalities that you'll definitely experience many times throughout your SEing events. Now you're probably thinking of the time when your SE was approved with very little to no questions asked, thereby your account was Immediately credited for a full refund, hence you somewhat disagree with what you've just read. 

Let me tell you, that there's a perfectly good explanation for It as follows. One reason Is when companies are Inundated with orders and claims, particularly during the busy time of year such as Black Friday deals and the Christmas period, they do not have the manpower to thoroughly check claims and as a result, they finalize It In your favor. Another cause Is reps/agents being brain-dead and can't be bothered doing their job as per company guidelines, thus Issue a refund and/or replacement there and then. That being said, for the most part "they do follow company protocol" and when this happens, you'll be hit with an array of questions and requests and If you're not In a position to deal with It accordingly, you may find that your SE will prematurely come to an end. 

The fact Is, you have very little to no control of the way reps handle your claim and the steps they take when assessing It, but you can significantly Increase the likelihood of a successful outcome by applying a flawless "method formulation & Item compatibility" - which Is precisely the objective of this article. Put simply, I will use a few common traditional methods, namely the "DNA" (Did Not Arrive), the "missing Item & partial method" and the "sealed box method" respectively, In a very calculated fashion that will ensure a success rate of over 95%  with all SEs performed. By the time you've finished reading this entire article, you will have the tools and know-how to use the said methods to their full potential and leave no room for error. Before I make a start, I'd like you to have a clear understanding of "what defines a method and how It's used", so let's check It out now.

What Is A Social Engineering Method?

Every attack vector that's executed against your target (In this case being the company that will be SEd), must have what's called a "method" to support It and without one In place, the SE will NOT move forward. If you're an Intermediate or advanced SE'er who's been In the scene for many years to date, you'd know exactly what I'm referring to but even so, I'm very confident that there are a few bits & pieces that you're not familiar with, hence I strongly suggest to read every word In this topic. In simple terms, "methods are the backbone of every SEing attack" and play an Integral role In getting the job done. If you haven't prepared your method according to the nature of your Item as well as the structure of the company's terms, conditions and guidelines, then your SE Is destined to fail. 

For example, let's say you've used the "DNA method" by claiming that the carrier driver failed to deliver the package to your premises, however you did not research the company's terms beforehand. You were then told that your claim has been declined- due to the company not being responsible for loss of goods during transit, thereby they've released themselves from liability and your SE was a complete waste of time. If you researched their terms In advance, you would've "selected and formulated a suitable method"  that's not carrier-based, such as the wrong Item received or the sealed box method- both of which are compatible with an extensive range of products. To give you an Insight Into the way methods are used, here's an analogy that you can relate to. 

We'll say that you've purchased a computer desk workstation from Best Buy, that comes with shelves, draws, cabinets etc In Its collapsed form. In order to put It together and complete your project, you'd need the "assembly Instructions" and If they happen to be missing or they "belong to another product", you cannot get the job done. The same principle applies social engineering. The "assembly Instructions" Is the "method" and It must "belong to the product you're SEing", which will be used to support your attack vector and get what you're aiming to achieve- a refund or replacement Item. Makes sense? Good. Okay, now that you know how methods operate, I'll show you how to apply a few of them to the "Item(s) and their respective events"  In a very effective manner, that (as mentioned) has a success rate of over 95%. So without further delay, let's rip Into It. 

The DNA Method With A High Success Rate:

As you're aware, the DNA method Is used to say that the goods you've ordered from an online retailer, did not arrive to your home, or a drop address (a house not belonging to you) or another property that's used as a point of delivery. Of course, you did receive It, but you're stating otherwise for SEing purposes. Now there are a number of ways how companies verify that consignments are delivered to the "correct address", such as (but not limited to) asking for a signature, the carrier driver taking photos  of the package at the premises and obviously tracking confirmation

Notice how I've quoted "correct address" just above? That's because each and every delivery verification (signature, photos & tracking) ONLY confirms the package made Its way to the "address" and NOT the "person". That Is, they cannot be used to conclusively deem that yourself, or a household member, "personally accepted the package"- It only marks It delivered to the "address". This Is a huge vulnerability that you can easily exploit using the DNA method, and I'll demonstrate how It's done using three different types of events starting with the good old "the package left at the doorstep". So strap yourself In and enjoy the ride.

Event One - The Package Left At The Doorstep

Although It's blatantly obvious that this particular event has an extremely high success rate, for one reason or another, SE'ers of all types are still Indecisive as to whether the DNA will work when "the package Is left at the doorstep by the carrier driver". Think about It logically for a minute by reading a scenario as follows. You've placed an order with Zalando, and your package Is scheduled to arrive on a given day. Your plan of attack Is to avoid signing for the delivery and as a result, you're hoping that "the carrier will drop It off at your front door and leave thereafter". Your approach worked as expected, whereby the driver knocked on your door and you deliberately gave the Impression that no one was home, so "he left the package unattended at your doorstep"

See what just happened? Your package was just dumped without any form of verification that "you personally received It". Sure, tracking has shown that It arrived to the correct destination, but by no means can It be used as evidence to say that "It was handed to you by the driver". Anything could've happened to It when It was sitting at your doorstep- a passerby stole It, or perhaps your neighbor decided to take It. Whatever the possibilities are, the fact of the matter Is yourself or anyone living with you at the time of delivery, "does not have possession of the package", so how can your SE possibly fail? They've basically DNA'd themselves, which Is why this event will work on just about every occasion.   

Event Two - A Signature Required On Delivery

This Is the most widely used option by carrier companies to confirm deliveries, but as with the one above pertaining to the package left at the doorstep, this Is just as useless. You see, unlike a contract that's bound by law to stick with an agreement made by two or more parties, a signature for SEing purposes Is quite the opposite. It holds no ground whatsoever, hence Is completely futile to verify that "It was you who signed and accepted your goods". For Instance, If you used a fake name that has no association to your real Identity, how can the company "conclusively say It belongs to you?". Were there any witnesses at the time of signing? Was It done on a document In the presence of a Justice of the Peace? Of course not. 

The only person who was around at the time of the delivery, was the carrier driver and regardless of what he tells the company, at the end of the day, "It's his word against yours"- which renders your shipping confirmation Inconclusive. I've been SEing for a very long time, over 30 years to be exact and to this day, I continue to see drivers who sign for consignments themselves, predominantly those who're running late for their scheduled delivery run. So when you're asked for a signature, do so with a totally different name but "be sure It's legible (readable)", yet consistent with what typically represents a signature- somewhat messy. Because It can be read, the rep/agent will see that "the name does not correspond with yours", thus your claim cannot be declined solely based on that alone.    

Event Three - The Carrier Taking Photos

Even though this type of delivery confirmation Is no where near as common as a signature, It's still utilized every so often by carrier companies of all shapes and sizes. At the time of this guide, "DPD" who services many retailers that Includes Amazon and ASOS, (for the most part) takes photos Instead of asking you to sign their hand-hand device. They do It In one of two ways. The first Is "leaving the package at the exterior of your home" and placing It at (or near) the front doorstep and when they take the photo, they'll also make sure that your "house number" Is clearly visible. They'll then use It as evidence to prove you did receive It, but just like everything you've read so far, It's useless! The package was left unattended, therefore anyone could've simply walked Into your property and taken It- Irrespective of the details contained In the photos.

The second way, Is when the driver asks you to open the front door and "he'll place the package In the entryway and take a photo thereafter". This covers both the company & driver by using the Image as proof of receipt of goods, thereby If you try and deny that your order arrived, "they'll use the layout of your entryway"  to show that your package was In fact delivered to your house. Seems Impossible to circumvent, yes? Not at all, and here's how you bypass It. Around 20-30 minutes before the driver Is due to arrive, "rearrange your entryway" by removing every bit of furniture and replacing It with tables, chairs, rugs etc from another room. 

What you've just done Is "give the appearance that It's not your home", and when the driver arrives, allow him to go ahead and take photos. Upon his departure, "put everything back as per Its original state". If the company decides to open an Investigation and cross-checks their photos against the current (and original/normal) layout of your entryway, "they will not match"- which means they have no evidence to conclude that your package made Its way to the right address, namely  "your home". As you can see, what was once thought to be an arduous task to manipulate, has turned Into a very clever and effective form of social engineering. All In all and based on the above events, "photos cannot (and do not) mark packages as delivered to the correct destination".             

The Missing Item & Partial Method High Success Rate:

Of every method and event that you have the pleasure of reading In this article, the "missing Item & partial methods" are the easiest to formulate, and also have the best success rate- but ONLY If you apply your SE by following my recommendations from this point onwards. In terms of the methods themselves, they're very similar In the way they're prepared and executed, hence the reason why I've combined them In the one topic. If you're not familiar with either or both, allow me to elaborate on what they entail beginning with "the missing Item method". As Its name Implies, It's used to say that the Item you purchased from an online store was missing when you opened the package/box  as delivered by the carrier.

Generally speaking, there's a couple of ways that you can use the missing Item method. The first relates to opening the "package" and nothing was Inside. In other words, you opened the "package" and  (where applicable) the box and Its contents was missing. This Is due to a "warehouse error", whereby the storeman did not pick & pack your goods. The second way It's used, Is by saying that you opened the "box" but the Item was not enclosed. This Is known as a "manufacturer error" which (much the same as the warehouse error), the manufacturer did not pack the Item In the box  when shipped to the supplier. The "partial method" Is much of a muchness, but Instead of purchasing a single product and claiming It was missing, you'd buy multiple Items and say that "you did not receive one or more of those Items".

For example, let's say you've bought "5 T-Shirts and 2 pairs of socks" and upon contacting the company, you've told the representative that "only the T-Shirts" were Included when the carrier dropped off your package. That Is, you've SEd "two socks" which essentially means that your order was partially filled, and that's precisely why the "partial method"  Is named as such. Evidently, any one of those Items (or more) can be SEd, but to keep It simple, I'll leave It at that. Now given packages are weighed on consignment and at the carrier's depot, you cannot select the first Item that pops Into your head, but rather those that're "extremely light and will not register on any shipping scales"

As a result, If the company opens an Investigation and checks the carrier's records, It will be deemed Inconclusive- for the fact that "the goods were so light, that they could not be Identified by weight". SE'ers continue to ask the question, "What's a safe weight to work with when using the missing Item & partial method?". As a rule of thumb, I always suggest not to exceed "120 grams" as a total/combined weight  and that's pushing It to Its absolute limit, however to maximize the success rate to greater than 95%, I strongly recommend sticking to a limit of "40 grams"

I've personally performed countless SEs "< 40 grams", and also assisted many social engineers by advising to apply the same formula and can confidently say, that almost each and every one was a success. Naturally, there are other factors that can contribute to the SE failing, such as "CCTV cameras actively monitoring the movement of stock In the company's warehouse", but this article has already exceeded Its reading time, so I won't elaborate on that. If you "thoroughly research" the company beforehand and stick to the "40 gram limit" with the missing Item & partial method, expect the SE to work In your favor on just about every occasion.

The Sealed Box Method High Success Rate:

The last of the methods that's very Impressive and has a high degree of success, Is named "the sealed box method" and the good thing about It as opposed to the missing Item/partial, Is that It's compatible with just about any Item of reasonable size and weight "that's fully enclosed In cardboard". You'll see why In a few minutes or so. With regard to formulating and utilizing the method Itself, you "seemingly" return your purchased Item to the company In Its factory sealed box, and ask for a refund thereafter. I've used "seemingly" as the operative word because you'll do nothing of the sort, but rather send back something that's completely useless to you, and have your account credited sometime later. 

Sounds Impossible? Quite the contrary- It's a very simple process, but you need to apply your methodology to perfection and here's how you do It. Buy something that comes In a factory sealed box and when you receive It, carefully open It without damaging the seal or any other part of the box/packaging. Then, take the Item out and replace It with anything that you have lying around the house "that weighs the same as the original Item". After that, pack everything back In the same condition as you received It- paying special attention to not tear/break the seal, and send It back to the company you're SEing.

When the representative/Inwards goods department accepts your return, they'll see that there's no signs of tampering and assume that you've sent the box In the same state as when It was purchased  and as such, It will be placed back Into stock and your refund will be Issued. Now for this to work and leave nothing to chance, "It's vital that your Item cannot be viewed externally without opening the box". In other words, the box must be fully covered In cardboard on all six sides  and without a clear film on any part of Its surroundings. Why? Well, stating the obvious, when the rep/agent has your return on hand with the useless Item that you've placed Inside, If there's clear film on any part of the box, he'll Immediately notice It  and your SE will come to an end there and then. 

On the grounds that the nature of the box Is suitable as described above, here's how to "effectively prepare the sealed box" before returning It. Prior to opening It, the first thing you need to do Is "take a photo" of where you're planning cut It open. You're not going to remember "precisely how Its sealed", thus the photo will be your point of reference when putting It back together again, thereby you'll compare your workmanship against the manufacturers- just to make sure both are a carbon copy of each other

When you've finished and there's no signs of Inconsistencies whatsoever, you're good to go by contacting the company and request a refund. As mentioned above, when they receive your return, "they'll think that It's their original product, hence It gives them no reason to check Its contents", therefore they'll put It with the rest of their Inventory and your refund will be forthcoming. If you've applied the sealed box method In a similar fashion to this guide, Its success rate Is almost a certainty with each and every SE. 

In Conclusion:

There's no doubt that every SE that's thoroughly researched and carefully prepared & executed, has a very good chance to work In your favor, however In order to significantly minimize the risk of failure, It's of the utmost Importance to cover every angle from start to finish. What you've learned from this article, Is how to do exactly that- "using three traditional methods to their fullest potential", which ultimately provides current and subsequent SEs with the highest degree of accuracy and success. Every method and Its formulation In each topic has been tried and tested, so be sure to apply It/them according to the nature and environment of your SE.           

Comments