Skip to main content

Featured

SE'ing Encyclopedia

Updated: 29/03/2022:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

Methods Without Size & Weight

 



Methods That Do Not Require Item Weights & Dimensions.

With regard to the new breed of human hacking known as "company manipulation & exploitation", whereby representatives are deceived by social engineers to credit their account for the full cost of the purchased Item, or send out a replacement at their expense, there's one thing that ensures a favorable outcome - namely a "method". Without having one In place that's predominantly suited to the nature of the Item and the company In question, the SE has very little chance of moving forward and If It does happen to progress, It will prematurely come to an end. Methods are an Integral part of every social engineering attack vector, that basically serve as a set of Instructions to guide the SE In the right direction from start to finish.

To give you an Insight of how methods operate, allow me to provide a scenario that you can relate to. Let's say you've purchased a computer desk workstation from Walmart that comes with shelves, draws, cabinets etc In Its collapsed form. In order to put It together and complete your project, you'd need the "assembly Instructions", and If they happen to be missing or they belong to another unit, you cannot get the job done. The very same principle applies to SEing. In this case, the "assembly Instructions" Is the "method" that's strategically used to support your attack and get what you're aiming to achieve -  a refund or replacement. Makes sense? Good.
 
There are many traditional methods used by SE'ers of all shapes & sizes, Including (but not limited to) the wrong Item received, the missing Item and partial, sealed box method and many others, but It's way beyond the scope of this tutorial to cover the lot. I've listed those methods for a very good reason, being that they all heavily rely on the "Item weight" to give the SE the best chance of success, hence you cannot select any Item that comes to mind and expect It to run smoothly. For Instance, If you're planning to use the "missing Item method on a product that's around 2Kg" and the company opens an Investigation by cross-checking the weight recorded at the carrier's depot, your SE will fail there and then. The Item Is simply too heavy for the said method.

The "size of the Item", also plays a major role with certain methods, one of which Is the boxing method, whereby you tear the box on one side and seal It with different colored tape - to give the Impression that the package you're returning, has been tampered with during transit, and your Item was stolen before the company received your return. So why Is the Item size so Important? Well, If It's too big, the carrier driver (or other related services) will Immediately notice the Inconsistencies on the package at the collection point, and they'll release themselves from liability - meaning "you'll be held responsible for tampering with It". I don't need to explain what happens next.     

On the other hand, there are a number of "methods that do not require weights & dimensions as part of their formulation", and given discussions pertaining to this are few and far between In social engineering communities, I've decided to write this article. I will demonstrate a handful of those that're commonly used by SE'ers, as well as how to effectively prepare each one and on-topic of this post, why the Item size & weight Is not part of their equation. Even If you're familiar with a method or two, I strongly suggest reading each topic - as there will be a few details unbeknownst to you. So without further delay, let's rip Into It.       


The Faulty Item Method:

Have you ever purchased something on the Internet, such as an electric shaver or a hair straightener, and upon plugging In your product, It had no functionality whatsoever? I'd say your answer Is "Yes" on at least one occasion. Although goods are tested and Inspected by the manufacturer prior to shipping them to their suppliers, they're not always In faultless condition - factory defects are Inevitable and companies are well aware of It, but don't like to disclose It to consumers. Social engineers also have knowledge of this, and use It to their advantage with the "faulty Item method", by saying that the Item they've purchased either stopped working sometime later, or It didn't function right from the get-go.

Of course, there's nothing wrong with It, but the SE'er Is just saying It for SEing purposes. Now It's standard procedure for the representative to try and Identify why the Item Is not operating as per Its original state, and as a result, he'll go through a few troubleshooting steps - which Is part of company protocol under such circumstances. This Is usually done over the phone or (where available) live chat, with the Intention to resolve the matter In a timely manner. As a social engineer yourself, everything that the rep asks you to do to see whether your Item Is working, you'll obviously respond by claiming that It Isn't. Be sure to remain adamant and keep Insisting that It's broken.  

Don't be Intimidated by the questions thrown at you by the rep/agent - he's just trying to establish the cause of the fault before making a decision on your claim. When he's satisfied that your Item Is defective, he'll approve your claim but ONLY when you send back your (seemingly) nonfunctional Item. Evidently, you don't want to do It, so you'd utilize (for example) the "blood method". Now rather than returning It, some companies such as Logitech and SteelSeries may ask you to provide a POD (Proof Of Destruction), and that's when you'd put the corrupted file method or the corrupted video method Into action.  

Why Weights & Dimensions Are Irrelevant: The Item will not be returned, so Its details are not recorded.


The DNA Method:

As Its name Implies, the "DNA" (Did Not Arrive) method Is used to say that the package that was scheduled for delivery by the carrier driver, did not arrive at Its Intended destination - namely the SE'ers address, drop house or any other location that's used as a delivery point. As with the faulty Item method above, the SE'er did receive his goods but Is claiming otherwise for obvious reasons. The DNA Is a "universal carrier based method", thus It's compatible with just about any Item, Inclusive of any company who uses a carrier service to send consignments to their customers. What this means, Is that unless you're SEing a family home (so to speak!), the DNA Is not specifically tied to any Items, hence "weights & dimensions are Immaterial".      

That being said, common sense and good judgement must be exercised when selecting the Item. For example, If It's a huge "1,000 L fridge that costs over $2,000", then the driver will not drop It off at the doorstep without requiring some form of verification - a signature or If the company Is Amazon, an "OTP" (One-Time Password). That aside, SE'ers use the DNA method with great precision, by exploiting a major vulnerability In how companies deem their packages delivered. Pay attention to this, as It will make all the difference between a successful SE, and one that ultimately fails due to neglecting to apply the following details.   

A package that's "marked as delivered", does NOT conclude that "you personally received It". Here's how It generally works. Companies use "tracking Information" to demonstrate that the package was delivered correctly by their driver, however this ONLY confirms that It made Its way to the "address" and not to the "person", therefore as far as you're concerned, "you did not personally accept It". For Instance, If a (fake) signature was provided, who's to say that the driver himself didn't scribble on his hand-held device? Or If the package was left at the doorstep, anyone could've stolen It. Whatever the case may be, "you don't have possession of your goods", so the company's records are Inconclusive and cannot suggest that It was handed to "you". As a result, expect the SE to work In your favor.

Why Weights & Dimensions Are Irrelevant: The SE Is solely based on not receiving the package, regardless of what It contains.


The Leaking Battery Method:

Whilst this Is limited with the type of Items It can be used against, by no means does It Indicate that It's not as effective as other traditional methods - to the likes of those mentioned In the third paragraph of this article. In fact, for high value Items that warrant Its usage, It has a better chance of success, for the reason that many other methods can be somewhat difficult to use against the high cost of the Item. Allow me to explain how this method works In very simple terms. When social engineering any product that requires batteries to function, as Its name suggests, SE'ers use the "leaking battery method" to claim that the Item they've ordered (for example, a laptop) from a given online retailer, "was delivered with Its battery/batteries leaking"

As an SE'er yourself, you should be well aware that nothing of the sort happened - you're just saying that It did for the purpose of your SE. What makes this method so effective, Is that there Is no way for the company or the carrier, to prove that your Item was delivered In perfect condition as per Its manufacturer's state. Anything could've happened to It from the time It was packed and dispatched by the company, to when the package was In transit, right until It finally reached Its destination - being your home. In short, the battery could've well and truly leaked during shipment and because It was fully enclosed In Its box/package (thus It cannot be viewed externally), the company/carrier has no evidence that the Item was delivered unscathed.

After contacting the representative and telling him of the (seemingly) leaking battery, If It's a high value Item that's worth In the thousands of dollars, It's almost a certainty that you will be asked to return It and a refund/replacement will only be Issued when they receive It. No doubt, you'll need to circumvent their request to send It back - which can be done by using the "disposed of the faulty Item method" - which I've covered In the topic below, so there's no point In discussing It here. Of course, there are other methods to bypass the return, but I don't plan on writing a 20 page guide! Okay, so let's move onto the disposed of the faulty Item method now. 

Why Weights & Dimensions Are Irrelevant: The Item will be disposed, so the consignment does not exist. 


The Disposed Of The Faulty Item Method:

Before I make a start on this, I'd just like to point out that It works on the same principle as the "faulty Item method" that you've had the pleasure of reading a couple of topics above, whereby you say that the Item you've bought and received Is not functioning. The only difference with this particular method, Is that you'll be using the excuse that "you disposed of the faulty Item" (which Is why It's named as such) to avoid sending It back, so I'll only be focusing on that, and not how the SE Is handled on the company's end. You've already read all about that, so I won't be repeating myself. Now In order to significantly Increase the likelihood of a successful outcome, It's not about "how" you disposed of your Item, but "why" you decided to take that course of action

Here's what I'm referring to. The moment your SE gets to the "troubleshooting stage" tell the rep that "your Item blew up when your youngest son was using It" and as a very distressed parent, you Immediately disposed of It for "health & safety concerns", but It doesn't stop here! To help solidify your SE, also mention that the Impact of the faulty Item left a small cut on your son's hand or cheek, and you're thankful that he didn't sustain further Injuries. Alternatively, you can use an equally-effective approach that's compatible with an array of products that have some sort of electrical and/or mechanical operation to function, by saying that "It caught fire" and as with the example above, your son (or a household member) only suffered a minor burn.

Do note that It's paramount to add "personal Injury" as part of your attack vector, namely because companies and manufacturers alike, know all too well that there's always a possibility of litigation to claim damages for pain and suffering. As a result, companies take "health & safety" very seriously and unbeknownst to many SE'ers, they have measures In place to address every event, therefore they must comply with the applicable regulations. Put simply, unless certain reps have no brain cells left and approve claims on the spot, they're required to stick with company protocol In such circumstances. The key to succeeding with this method, Is to "take control""persevere" and be "adamant" with all the above. The reason why this method Is not dependent on size & weight, Is the same as the "leaking battery method", but used In a totally different context.    

Why Weights & Dimensions Are Irrelevant: The Item will be disposed, so the consignment does not exist. 


The Serial Number Method:

In terms of social engineering companies that have tech-based products In their Inventory of stock, rather than buying the Item upfront and SEing It thereafter, you can opt for the "serial number method" to SE an Item that you don't have to begin with. The advantage of this, Is that you don't need to have a single dime to your name to claim a refund or replacement. Evidently, this pertains to goods that do In fact contain serials - such as a computer keyboard and mouse, AirPods, speakers and the list goes on. So how exactly does this method work? Well, basically you as the SE'er, will grab a serial number of the Item that you wish to SE, and use It to manipulate the representative by saying that the Item the serial belongs to, Is not working. 

As with the "faulty Item method", he'll proceed with a few routine troubleshooting steps and when you've convinced him that It's broken In Its entirety, he will ask you to do one of two things - return It, or provide a "POD" (Proof Of Destruction). As you're aware, both Logitech & SteelSeries often request a POD, particularly for low value Items - namely when the cost of freight outweighs the value of the Item Itself. That Is, It's cheaper (for the company) not to return It, but Instead send them an Image of the proof of destruction - which doesn't cost anything when done as an email attachment. To circumvent a POD, use the corrupted file or the corrupted video method or If you're proficient In Photoshop, put your skill set Into action and edit the Image accordingly.

With regard to sending It back as requested by the rep/agent, obviously you can't return an Item that you don't physically have at your disposal so depending on Its nature, hit the boxing method or (as already discussed), use the "leaking battery method" or the "disposed of the faulty Item method". Now for the serial number method to work, you need to "locate a valid serial that's still under warranty", otherwise your attempt to SE It, will fail the moment you get In touch with the customer service rep. One of the most effective ways to search for valid serials, Is to navigate to YouTube and enter the keywords of: "(your Item name) unboxing" - you'll be amazed at the number of users who demonstrate their videos, and neglect/forget to hide the serial number.

Why Weights & Dimensions Are Irrelevant: The Item Is non-existent to the SE'er.
 

In Conclusion:

Almost every social engineering community that's actively operating on a large scale, has countless threads & posts explaining how to specifically formulate methods against their respective Items by calculating their weights and size as part of the equation, however messages about those that "do not require weights & dimensions" are rarely discussed. Furthermore, there are very few blogs (If any), that go Into detail of the above-mentioned content, thus the objective of this article, Is to give you the knowledge of five methods that can be prepared without having to worry about how big and heavy the Item Is. All In all, If you're finding It somewhat difficult to apply your method due to size and weight restrictions/limitations, you now have the knowledge on how to opt for an alternative method.



Comments