Skip to main content

Featured

SE'ing Encyclopedia

Updated: 10/11/2021:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

Tracking Confirmation

 


Why Tracking Cannot Be Used To Confirm Deliveries.

Social engineering entails many different types of attack vectors, ranging from grabbing someone's full name and date of birth over the phone by pretending to be a customer service rep of their credit card provider who needs the credentials for verification purposes, or perhaps hitting online retailers for refunds and replacement Items  that are not supposed to be Issued to begin with. Irrespective of the gateway used and the Intention of the SE'er, It takes an exceptional set of skills to get the job done with minimal disruptions- and "company manipulation & exploitation" Is certainly no exception. In terms of the latter, If you're part of an active SEing community on a large scale, you'll know precisely what I'm referring to and the complexities Involved to successfully exploit your target with just about each and every attempt.

On the other hand, If you've just started your career In the above-mentioned capacity, I strongly suggest reading my beginner tutorials and when you've familiarized yourself with Its contents, you can continue where you left off here. If you haven't worked It out already, this article pertains to social engineering companies to the likes of Amazon, Logitech, ASOS and so forth by tricking their reps/agents to credit your bank account for the full cost of the purchased Item, or "dispatch" a replacement at no extra charge. Notice how I've used "dispatch" as the operative word? That's because unlike In-store SEing that's done In person, by physically entering the store and manipulating employees at the customer service counter, SEing over the Internet always has one thing In common- and that Is "receiving your goods from a carrier company".  

It makes no difference what type of method you utilize, be It the wrong Item received, the missing Item or the partial method - your products must (obviously) be delivered before the SE can take place. Whilst each of those methods don't rely on "how the package Is delivered to your premises", there Is one particular method named the "DNA" (Did Not Arrive) that solely depends on It to succeed, namely rendering consignments (that are marked as delivered) Inconclusive. In simple terms, you've accepted your package from the carrier driver but claimed that It never arrived. For the most part, this seems like an arduous task due to the fact that almost every carrier uses "tracking confirmation" to conclude that their packages were correctly sent to the consignee/receiver.

Believe It or not, "tracking cannot be used to verify shipments" and given SE'ers of all shapes and sizes (advanced Included), are either misinformed, Ill-Informed or simply confused as to how and why tracking Is pretty much a useless form of verification, I've decided to write this article to give every SEer a clear understanding of Its futility. By the time you've finished reading every topic, you will have the tools and know-how to effectively manipulate representatives who try to decline your claim based on their tracking records alone. Now unlike the majority of tutorials on this blog, this Is a lot shorter and straight to the point- for the reason that there's not much Involved with how tracking operates. I have however, provided "two events" that have over a 95% success rate, but before I discuss that, It's vital to know at least the basics of how the "DNA method" works, so let's check It out now.

What Is The DNA Method?

As you're aware , the DNA method stands for "Did Not Arrive" which as Its name Implies, Is used to say that the package that was delivered by the carrier driver, did not arrive at your address. Of course, you did receive It, but you're only stating otherwise for social engineering purposes. The good thing about the DNA, Is that It's a "carrier-based universal method", meaning It mostly relies on SEing the carrier delivery service to succeed (which Is very easily done), and It's not tied to any specific product category. For Instance, unless you're planning to SE a sports car (so to speak!), the Item's weight and dimensions are Insignificant, but do exercise common sense and good judgment with your selection. 

If It's a huge "1,000 L fridge that weighs around 180 Kg" and worth In the thousands of dollars, then the carrier will not drop It off at the doorstep without a signature or some other type of verification, like an "OTP" (One-Time Password). The only objective of the DNA method Is to claim that the driver failed to deliver your goods, hence being realistic with the Item you'll be SEing, will maximize the outcome to work In your favor. Put simply, things like laptops, cell phones, gaming consoles, articles of clothing, beauty products, food commodities etc, can all be DNA'd- regardless of their size & weight

Remember: "you're saying that your package did not arrive", so the type of contents It contains, Is completely Irrelevant. No doubt, the company will try and use "tracking" to confirm that you did receive It, but It's a load of garbage that doesn't prove anything, which brings me to my next point. As per the topic below, I will demonstrate a scenario that you can relate to, which perfectly explains why tracking cannot be used as evidence to confirm deliveries, so let's rip Into It.    

Example Of Why Tracking Is Useless:

What you're about to read does not discuss any type of social engineering Incident, but rather emphasizes on a legitimate event that does happen from time to time- which will allow you to easily comprehend the futility of tracking. For the purpose of this guide, I will use the good old postman delivering a (tracked) letter to your residential address. Okay, let's say you live In an apartment complex with 30+ units In total. You're expecting mail from your employer that contains some very Important documents and as such, your boss has sent It via "registered mail/tracking", just to make sure It reaches the correct address.  

The postman arrives at your building and whilst In the process of putting mail In Its respective letterbox, for one reason or another, "he mistakenly put your envelope In someone else's mailbox". After a day or so, you've contacted your boss and said that you're still waiting for It to arrive, so he's grabbed the "tracking number" and Immediately got In touch with the postal service- who confirmed that your mail did In fact make Its way to the "right address". Can you see what just happened? Tracking showed that your envelope was sent to the "correct address", however It wasn't "you" who received It, but rather another person In your building

The above analogy Is no different when using the DNA method, claiming that "you" did not receive your package. I'd like you to have a good look at what I've quoted here, and In the paragraph above, namely "correct address" and "you", for the reason that each of those elements Is the key to render tracking confirmation absolutely useless. Allow me to explain why It's the case In very simple terms as follows. Irrespective of what reps/agents tell you, tracking ONLY concludes that the package was sent to the "address" and not to a "person". That Is, your "address" received It and not "yourself" and because you did not personally accept It nor have possession/ownership of the package, your claim cannot be declined purely based on tracking records. Now that you understand all that, we'll have a look at a couple of DNA events that have an extremely high success rate.    

Event One - The Package Left At The Doorstep:  

Although It's blatantly obvious that this particular event Is just about guaranteed to succeed on almost every occasion, SE'ers of all types are still Indecisive as to whether the DNA will work "when the package Is left at the doorstep by the carrier driver". Think about It logically for a minute by reading the following scenario. You've placed an order with Zalando, and your package Is scheduled to arrive on a given day. Your plan of attack Is to "avoid signing for the delivery" and as a result, you're hoping that "the carrier will drop off your package at the front door" and leave thereafter. Your approach worked as expected, whereby the driver knocked on your door, and you deliberately gave the Impression that no one was home, so "he left the package unattended at your doorstep".

Have you worked out what happened, and why It's perfect DNA material? Your package was just "dumped without any form of verification", so how can the company justify without a shadow of a doubt, that "you personally received It?". I'll answer It for you- "they can't". Sure, tracking has shown that It arrived to the correct "address", but by no means can It be used as evidence to say that It was "handed to you by the driver". Anything could've happened to It when It was sitting at your doorstep- a passerby stole It, or perhaps your neighbor decided to take It. Whatever the possibilities are, the fact of the matter Is that yourself or a household member, "does not have possession of the package", so how can your SE possibly fail based on tracking alone? They've basically DNA'd themselves, which Is why It's very difficult for this event to fail. 

Event Two - A Signature Required On Delivery:

This Is the most widely used option for carrier companies to confirm deliveries, but as with the one above pertaining to the package left at the doorstep, this Is just as useless. You see, unlike a contract that's bound by law to stick with an agreement made by two or more parties, "a signature for SEing purposes Is quite the opposite" - It holds no ground whatsoever, hence Is completely futile to verify that "It was you who signed and accepted your goods". For Instance, If you used a fake name that has no association to your real Identity, how can the company "conclusively say It belongs to you?". Were there any witnesses at the time of signing? Was It done on a document In the presence of a Justice of the Peace? Of course not.

The only person who was around at the time of the delivery, was the carrier driver and regardless of what he tells the company, at the end of the day, "It's his word against yours- which deems your shipping confirmation Inconclusive". I've been SEing for a very long time, over 30 years to be exact and to this day, I continue to see drivers who sign their hand-held device themselves, predominantly those who're running late for their scheduled delivery run. So when you're asked for a signature, do so with a totally different name but be sure It's "legible" (readable), yet consistent with what typically represents a signature- somewhat messy. Because It can be read, the rep/agent will see that "the name does not correspond with yours", thus your claim cannot be declined based on that alone. All In all, tracking has marked the package as delivered to your "address", but "you" did not receive It. 

In Conclusion:

Now that you've reached the end of this article, and on the grounds that you had very little knowledge of how the tracking system works and the purpose It (supposed) to serve when carriers deliver packages, you should now be well-Informed with the reasons why It's absolutely useless. Just to recap on Its futility, "tracking cannot be used to verify person-to-person deliveries", It only shows that consignments reached their destination- your "address", "drop house" or any other location that's used to receive goods. Always keep this In mind when using the DNA method, and apply what you've just learned accordingly.      



Comments