Skip to main content


SE'ing Encyclopedia

Updated: 08/09/2022:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

SE Success Indicators


Indications That Your SE Is On Its Way To Success.

As an SE'er yourself, who's been social engineering online retailers In just about every capacity for quite a number of years, or perhaps you're offering a refund service to those who don't have the skill set to perform a given SE on their own, you'd do your utmost best to ensure the attack vector runs as smooth as possible until It finalizes In your favor. In order to do that with minimal disruptions, there's one particular element named a "method" that's used with each and every SE and If you select one that's not suited to both the nature of the company and the Item(s) you're SEing at the time, the SE will either not Initiate, or come to an end shortly after It was executed.

As such, It's paramount to have a good understanding of every traditional method, particularly those that're commonly used and less likely to cause major complications such as the missing Item method, the partial, and of course the good old wrong Item received. Additionally and on the grounds you're not familiar with the company you're planning to social engineer, "researching" both the company and their carrier partner (who will be servicing your delivery), plays an Integral role with Identifying how they operate when assessing claims, as well as the type of verification required when receiving your goods. 

So far, due to the fact that "you're handling every task In readiness for your attack vector", you have complete control of all happenings and as a result, you'd have a pretty good Idea of where your SE will be heading, Inclusive of the likelihood of Its success. However, the moment It leaves your local environment and Is In the hands of the company's representative, It's not possible to"predict the exact steps that will be taken during their claims management process", which can be somewhat frustrating at times- namely waiting to receive replies and whether your claim will ultimately be approved. That being said, unbeknownst to many SE'ers, there are what's called "SE success Indicators" that Indirectly give you a very good sign that your SE Is on Its way to a favorable outcome .

Confused? Don't worry, you won't be In a few minutes or so. From a social engineering standpoint, "Identifying why certain events take place", actually reveal a lot about your SE's progression. For example, when using the DNA method, It's almost a certainty that an Investigation will be opened and subsequent to that, you may be asked to file a "police report", or perhaps sign & return an "Internal company document" or a "statutory declaration". Seems rather Intense, yes? Not at all! Believe It or not, each of those (quoted) terms are In fact "SE success Indicators" which speak a thousand words about where your claim stands and most Importantly, why It has a significant chance of approval. Allow me to explain all this as per the topic below.

What Is An SE Success Indicator?

Every time you hit an online store to the likes of Logitech, Zalando, Amazon etc with the Intention to manipulate their reps/agents to credit your account for the cost of the purchased Item, or send a replacement at no extra charge, "every action taken during the assessment of your claim triggers some type of event" that will either work to your advantage, or complicate matters to the point of your claim being declined. It's quite obvious when It comes to an end, but what a lot of social engineers fail to recognize, Is what I call a "success Indicator" which means exactly that- Indicates that the SE Is heading towards success

For example, let's say you've just started your SEing career and used the DNA method, whereby the driver left the package at your doorstep and you said that you didn't receive It. Because It was (seemingly) stolen from your premises, It becomes a theft-related Incident. As such, more often than not, the company will ask for a "police report" and many SE'ers are Indecisive If they should go ahead with It- for the reason that the term "police" convinces them that the cops will get Involved, which Is not the case at all- I've covered this and a lot more In the next topic. Did you know that the "success Indicator" Is In fact "the police report?". How so, you ask? Well, firstly, completely disregard Its fancy title and solely focus on "why" the company decided to Issue It.

Think about It from a logical perspective, by taking a few steps back to when the representative Initially began to process your claim. As already discussed above, we'll use the DNA method as the example. You've ordered something from Amazon and when the carrier arrived with your package, you gave the Impression that no one was home- hoping that the driver will leave It unattended at your doorstep and leave thereafter. Your plan worked as expected, so the next day you've contacted the company and told them that you're still waiting for your delivery to arrive and as a result, they've opened an Investigation by liaising with their carrier partner to see why It didn't make Its way to your premises.

Their tracking records confirm that It was sent to the correct address (your home), but given there wasn't any form of delivery verification (a signature, one-time password or otherwise), their Investigation was deemed Inconclusive. Due to the nature of the circumstances surrounding your claim, namely the possibility of your package stolen whilst sitting at your doorstep, "you've been asked to file and return a police report". Can you see why this Is the "success Indicator" that strongly suggests your SE will finalize In your favor? The answer Is pretty simple as follows. As you can see, the company had no evidence to decline your claim and If they did, they "would've done so already", and not waste their time with a police report! 

The actual police report Is the last stage of their assessment, which the report Itself, cannot be used to verify consignments, hence the reason why "It Indicates that there's nothing more the company can do to refuse your refund/replacement"- which Is why It's a "success Indicator". Sure, there are times when SEs fail after complying with a police report, but not with a scenario as per the above example, but rather due to other unforeseen events. As with a police report, the same principle applies to a "statutory declaration" and an "Internal company document", meaning the reason why they're Issued, Is because they don't have a single piece of evidence to suggest you're falsifying your claim. 

Okay, you're aware of why the aforementioned paperwork Indicates success, but It's also crucial to know what they entail and of equal significance, the reasons behind the rep's decision to generate and Include them as part of their evaluation of your claim. As such, I've defined a "police report", "statutory declaration" and an "Internal company document" respectively In each topic below, so do take the time to read each one thoroughly- as there will definitely be a few details that you've yet to experience. So without further delay, let's begin by familiarizing yourself with the Ins and outs of a police report. 

Asked To File A Police Report:

Even If you've dealt with police reports on a number of occasions and you're confident with the steps you need to take to fulfill everything on your end, I have no doubt that there are some things unbeknownst to you, thus do not skip a single word from this point onward. I'll explain It as simple as possible. It's human nature that when SE'ers hear the word "police", they Instantly assume that they'll be In some sort of trouble with the law, or perhaps the Feds will bust their door down at 5:30 am and start reading out their rights. I can assure you that nothing could be further from the truth. Law enforcement agencies have more Important things to attend to, than waste their time on a one-off Incident that suggests (for example) you did not receive your Item

So why do companies request a PR (which Is short for "Police Report"), and what do they do with It once It's received? I'll answer all your concerns and put your mind at ease. It's basically nothing more than a bit of paperwork to say that everything you have said Is true and correct to the best of your knowledge, therefore "It's simply required to move forward with your claim". To give you an Insight, here's an analogy that you can relate to. If you've been Involved In a minor motor vehicle accident, you'd contact the police and when they arrive, they'll ask you a series of questions pertaining to the events that took place. 

To claim the cost on Insurance, you'd "file a police report and the cops will put It on record". Your Insurance company will then use the Information on the report (with other bits & pieces) to process your claim, and repair the damage on your car free of charge. All this Is no different to filing a police report when social engineering- as long as your SE appears legit without any suspicion raised whatsoever, then there's no cause for concern. The PR will be over and done with and stored at the police station purely for record-keeping, so If you're asked to hand one In, you now know exactly what to expect- don't panic and comply with the rep's Instructions by attending your local police station, or (where permitted) file one online.       

Signing A Statutory Declaration: 

I'd like to reiterate that the Intention of the above topic, Inclusive of this and the one below, Is "to give you a clear understanding of the reasons why representatives require the documents to assess your claim". You already know that they're "SE success Indicators", so there's no point repeating myself, but It's Imperative to have sound knowledge of their purpose, so absorb all details as this article progresses. Okay, given that legislation and regulations differ between many countries, I cannot cater for each and every region, so what you're about to read, Is based on general principles of law and not bound to any specific location.

Much the same as a police report, a "statutory declaration", also known as a "stat dec", Is a written statement that declares that everything you've stated "Is true and correct". It Is signed In the presence of an authorized witness such as (but not limited to) a police officer or a medical practitioner. Depending on what part of the globe you live In, some stat decs are signed on the condition that everything you've said Is correct "to the best of your knowledge". This Is a vulnerability that can potentially render the declaration void because as far as you're concerned, you have signed It "to the best of your knowledge"- be It true or false, Is Immaterial. 

In other words, "that Is what you believed was true at the time of signing the stat dec", hence even If you've lied (which as an SE'er you will!), no one can hold It against you- "It was believed to be true by you" and ultimately, that's where It ends. The good thing about It, Is that It's not a legally binding document so It's generally fine to sign and return It. Now I'd like to make you aware that In some territories, making a false declaration can result In the person being liable and subsequently charged with perjury, but the chance of this happening due to (for example) submitting a claim for a package that did not arrive, Is extremely slim. In fact, In all my years of social engineering, I've yet to experience legal action taken for signing a document "to the best of my knowledge", so that pretty much speaks for Itself. 

An Internal Company Document Signed & Returned:

The third and final bit of paperwork that I'll be discussing, Is an "Internal company document", whereby (as Its name Implies), Is prepared "Internally" and Issued by the company Itself- perhaps by their account's section, HR department or the senior management team. It's similar to a statutory declaration, meaning It's used to confirm that everything you've told the company about your SE, "Is true and correct". Now on the grounds that "It's solely created by the company's personnel without any Involvement by their legal representatives", It's not legally binding, which makes It the least effective document of the lot. 

I've been SEing for a very long time (over 30 years to be precise) and during that period of signing and returning them as Instructed by companies of all shapes & sizes, each and every one was only required for administration purposes. There wasn't a single occasion that suggested further action would be taken as a direct result of the contents contained In the document per se, so If you've received one and you're contemplating whether you should put pen to paper, go ahead and do It. But do remember that "this Is based on paperwork purely generated by the company and not their legal team".      

The way It can be Identified as an Internal document, Is when It lists specific details regarding your claim. For Instance, If you're using the DNA method and It contains something along the lines of "I hereby declare that the Information of my package not delivered to my home by DHL, Is true and correct", then It's come directly from the company- namely because It distinctly mentioned "package not delivered" and "DHL" as the carrier. How so, you ask? Well, other than the company and given the details haven't been shared externally, who else will have knowledge of this? Also, and stating the obvious, check If there's a "logo" and/or some type of "company heading", both of which are usually located at the top and/or bottom of the page. If your document has something to that effect, you know what to do with It!

In Conclusion:

After reading this entire article, you're now well-Informed that certain types of documents Issued by companies, are not always a true representation of their Intention. As said, a "police report" Is not used to pursue the matter further, but rather allow the company to follow through with your claim. The same applies to a "statutory declaration", as well as an "Internal company document"- each are nothing more than paperwork for the administration department to do their job. Evidently, If you keep hitting high value Items many times In succession, then that's a different matter altogether- action may be taken by the company, so use common sense and good judgment when planning your SEs.       

In closing, there's one particular document that I purposely excluded from this article, being an "affidavit", for the reason that It's legally binding and can go either way- work to your advantage, or the company takes It further with legal action. Sure, It could be a sign of a "success Indicator" (like all the others) and only needed to assess your claim, but there's always the (slight) possibility of putting on your favorite suit and heading off to face the judge at your local court house! It may never come to that, but I always recommend not to sign an affidavit. Ultimately, It's your call.