Skip to main content

Featured

SE'ing Encyclopedia

Updated: 10/11/2021:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

Methods Pros And Cons



The Advantages & Disadvantages Of Traditional Methods.

In order to successfully SE a company by tricking their representatives to dispatch a replacement Item while you still get to keep the original, or credit your account for the full cost of the purchased Item at their expense, there's one very Important element that's a mandatory requirement to get the job done- namely a"method", which Is used to support your attack vector from the moment It's executed, to when your claim Is finalized In your favor. Without having a method In place that's suited to the company you're SEing at the time as well as the nature of your Item, your SE will not move forward and prematurely come to an end

What I'm referring to of course, Is social engineering online retailers to the likes of Zalando, Amazon, Argos etc which Is known as "company manipulation and exploitation". If you've just started your career In this capacity, I strongly suggest you read my Beginner SEing Tutorials and when you've familiarized yourself with Its contents, you can continue from this point onwards. On the other hand, If your skill set Is on an Intermediate or advanced level, whereby you've been hitting companies for refunds and replacements for many months/years to date, you'd be well aware that "methods are the backbone of every SE and must be formulated with precision to give It the best chance of success".

There are many traditional methods available, such as the DNA, the wrong Item received, the missing Item and partial, sealed box method and the list goes on and unbeknownst to you, each and every one will Inevitably "trigger one or more events" that will either work to your advantage, or cause some degree of complications whilst your SE Is In progress- sometimes to the point of failure. For Instance, In terms of the DNA (Did Not Arrive) method, It's very likely for Investigations to be opened, police reports requested to be filed, and possibly a statutory declaration or an affidavit be signed and returned- all of which must be dealt with accordingly and In a very effective manner. 

The same principle applies to every other method, meaning they all have their "pros & cons" (advantages & disadvantages) which Is precisely the objective of this article- to outline the positives and negatives pertaining to traditional methods that are commonly used by SE'ers of all shapes and sizes. As a result, you'll be well-Informed of exactly what's Involved when not only preparing your method against the Item & company you're planning to SE, but also what to expect when your claim Is being assessed by a given representative. 

All this will significantly help to ensure your SE runs as smooth as possible with minimal disruptions and most Importantly, allow you to make the correct decision when looking to select a suitable method prior to executing your attack. To avoid congestion and keep this article as short as possible, I've started each topic below with a brief Introduction about what the respective method entails, and also referenced each one to my tutorials on this blog. The pros & cons are listed In a single line at the end of every topic, so without further delay, let's get this started.  


The Wrong Item Received Method:

Errors In picking & packing orders happen In every warehouse environment, regardless of the company's state of the art logistics facilities and as such, social engineers use the wrong Item received method to say that a totally different Item was In the package/box when the carrier delivered It to their premises. Evidently, the correct Item was received, but the SE'er Is claiming otherwise for SEing purposes. After calling the rep and Informing him of the (apparent) mistake, the SE'er will be Instructed to send It back- which can be circumvented by using the boxing method, or "returning a previously purchased stock Item from the same company". If It's the latter, It will be placed back Into stock and a refund/replacement will be Issued thereafter.


The Pros Of The Wrong Item Received Method

  • Can be used with any company that has an Inventory of stock
  • There's a huge selection of Items to choose as the wrong Item
  • The method's simplicity Is suited to beginner SE'ers
  • External Investigations (with the carrier) will not be opened 
  • There's no theft Involved, hence It does not warrant a police report
  • The need to file an affidavit or statutory declaration Is not relevant 
  • The delivery can be accepted anywhere and without using a drop house

The Cons Of The Wrong Item Received Method

  • Any variance In weight, may cause the SE to come to an end
  • If CCTV cameras are In place, the method will fail
  • The wrong Item Is limited to purchasing from the same company on a fake account
  • An Internal Investigation may be opened with the Invoicing/accounts department
  • When the return Is scanned, a mismatch of order numbers may be detected
  • If boxing the return, any Inconsistencies can result In failure. 

The Missing Item & Partial Method:

Although both of these methods are titled differently, their formulation Is much of a muchness, thus the reason why I've Included them In the same topic. With regard to the missing Item method, It's used by SE'ers to say that the Item was missing when they opened the box/package as delivered by the carrier. There's two ways It can be used, with the first being a "warehouse error", whereby you opened the "package" and nothing was Inside, meaning (where applicable) the box and Its contents were missing. This happens when the storeman picks your order, and he's totally forgotten to grab your Item from the shelf/racking, hence the package was sealed and dispatched with nothing Inside. The second way It's used, Is due to a "manufacturer error"- where you'd claim that when you opened the "box", the product was missing. On this occasion, the "factory" did not pack the Item In the box.

As for the partial method, It's very similar to how the missing Item method works, but with a slight variation In the way It's executed as follows. It pertains to ordering a bunch of Items, but claiming that your order was partially filled when you received It. In other words and as an example, you've purchased 5 Items, but only received 3 or 4 of those Items. In contrast to the missing Item method that's used to SE only the one product, the partial method Involves "buying multiple Items on the same shipment", and then saying that "one or more of those Items" were not In the box/ package when you received It. For Instance, we'll assume that you bought 5 t-shirts and 2 Ray-Ban sunglasses. When the delivery arrives, you'd contact the rep and tell him that "both sunglasses were missing". Of course, any combination of those Items can be SEd.


The Pros Of The Missing Item & Partial Method

  • Has a very high success rate with lightweight Items
  • Can be used against a warehouse or manufacturer error
  • There's an array of Items to choose from
  • In an unmonitored warehouse, the company cannot conclude that the Item was dispatched
  • A police report Is not justified and not needed 
  • No need to bypass delivery verification- signature or OTP

The Cons Of The Missing Item & Partial Method 

  • Restricted to only lightweight Items
  • Very high chance of an Internal Investigation opened
  • CCTV cameras must not be In place when using the warehouse error
  • The partial method can only be done with Items packed In the same shipment
  • The box must be fully covered In cardboard when using the manufacturer error
  • The precise Item (net) & shipping (gross) weights can sometimes be difficult to locate

The Boxing Method:

When SEing a given online store and claiming that the Item you received Is defective or It's not the one you originally ordered, the company will (predominantly) ask to return It, and only then will a refund or replacement be approved. Evidently, you have no Intention to send It back, and that's when the boxing method comes Into action, by making the package appear as though It was tampered with whilst In transit, and your Item was stolen before the company received your return. If they're responsible for loss of goods during shipment and your SE was executed by leaving no room for error, expect your funds to be reimbursed or a replacement Item dispatched at no extra cost. The boxing method can be done by using dry Ice, or If your product weighs next to nothing, you'd send the package/box on Its own- without your Item.    
    

The Pros Of The Boxing Method

  • Compatible with any Item of reasonable size & weight
  • Is an effective method to circumvent a return of Item
  • High success rate with small & very lightweight Items
  • Compatible with any carrier/company who's liable for loss of goods In transit
  • Can be used with many other methods- leaking battery, faulty Item, wrong Item received and more
  • Does not (generally) trigger the need to sign an affidavit or statutory declaration 

The Cons Of The Boxing Method

  • Company Investigations are almost certain to take place
  • Can be difficult to calculate the use of dry Ice.
  • The method must be applied with extreme precision
  • Not suited to very large Items- tampering will be noticed at the collection point
  • Not suited to very heavy Items- Impossible to calculate dry Ice sublimation time
  • The carrier may raise a damage report and release themselves from liability 
  • Only have one shot to get It right- any Inconsistencies and the SE will fail

The DNA Method:

As Its name Implies, the DNA (Did Not Arrive) method Is used to say that the package that was scheduled for delivery by the carrier, did not arrive at Its Intended destination- being the SE'ers home, a drop address or any other location used to accept deliveries. Naturally the social engineer did receive It, but Is stating the opposite for the purpose of the SE. The DNA Is known as a "carrier-based method", for the reason that It's suited to just about any company who utilizes a carrier service to send goods to their customers. As such, the SE'er only focuses on one thing for the SE to succeed- namely manipulating the representative Into believing that "the package was not personally received", hence It was (either) not dropped off by the carrier driver, stolen from the premises or lost somewhere In transit.


The Pros Of The DNA Method

  • Is not Item-specific, therefore suited to any product of reasonable size & weight
  • Is almost guaranteed to work when the package Is left unattended at the doorstep
  • Compatible with every online retailer who delivers goods
  • Easy to circumvent delivery verification by using a fake signature
  • The SE will succeed when "the driver makes the decision to leave the package" at a given location of the house
  • The simplicity of the method by solely claiming the package didn't arrive, can also be used by beginner SEers
  • A drop house can be used to accept packages, thereby anonymize the SE'ers residential address
  • The claim may be Instantly approved for low value Items when dealing with a chat bot

The Cons Of The DNA Method

  • There's a very high probability that an external Investigation will be opened
  • A police report, affidavit or statutory declaration may be requested by the company
  • Due to an Investigation, the claims process can be lengthy at times
  • The carrier driver may call or visit the SE'ers house asking why the package wasn't received
  • The carrier driver may lose his/her job as a result of failing to deliver the package
  • An OTP (One-Time Password) Is sometimes required to verify receipt of goods
  • If the carrier/company Is not liable for loss of goods during shipment, the SE will fail
  • Can be difficult to justify non-receipt of goods when It's the same driver for each delivery
  • When a household member Is not home, the package may be redirected to a (more) secure pickup location

The Sealed Box Method:

The sealed box method Is one of my favorite methods, for the fact that It can be used on a broad range of Items and the likelihood of Its success, Is extremely high when the social engineer takes the time to methodically apply It. Here's how It generally works. Let's say you're planning to SE a "GPU" from Amazon, or any other retailer of your choice. When you receive It, you'd send It back for a refund by using their return options (example: bought by mistake, no longer needed etc) but Instead of returning the graphics card, "pack anything of equal weight" that you have lying around the house, and seal the box as per Its factory/manufacturer's state. When the company receives It, "they'll assume that the original Item Is enclosed", place It back Into stock and refund your account thereafter. 


The Pros Of The Sealed Box Method

  • Anything of equal weight can be used to replace the purchased Item
  • The SE Is suited to both online companies and In-store retailers
  • The return Is sent In the original box, so there's no suspicion raised when scanned 
  • Can also be used with high value Items that're factory packed In a box
  • Completely avoids an Investigation opened by the company
  • Suited to SEers who only prefer a refund (and not a replacement) due to claiming a change of mind etc

The Cons Of The Sealed Box Method

  • Can only be used with goods that come packaged In a box that's fully covered In cardboard
  • There's a chance the rep/agent will open the return to Inspect Its contents
  • If the box Is not resealed to perfection and signs of tampering Is noticed, the SE will fail
  • Another buyer will buy the return, and the company may link It to the SE'ers purchase
  • Some boxes are difficult to reseal, such as those wrapped In a clear outer film and a seal with strong adhesive 
  • The selection of Items are limited to the nature of the package/box- whether It can be resealed without error 

The Corrupted File & Corrupted Video Method:

During the process of assessing a claim for a refund or replacement, as opposed to sending the Item back, some companies ask the SE'er to provide a "POD" (Proof Of Destruction) by destroying the Item, and taking a photo or video that clearly shows that It's completely damaged. They may also request the serial number and a handwritten note to be Included In the photo/video- just to verify the Item has been destroyed, and does In fact belong to the account holder. Logitech and SteelSeries are a couple of many companies that opt for a POD, especially for very low value Items- for the reason that the cost of freight outweighs the cost of the Item Itself, hence sending a photo or video (of the POD) as an email attachment, Is completely free of charge. Obviously the SE'er has no Intention of destroying It, so he'll use the corrupted file or the corrupted video method.    


The Pros Of The Corrupted File & Corrupted Video Method

  • Corrupting a file Is very easy to apply using this online service
  • Corrupting a video Is very easy to apply by changing a single character In the URL
  • The representative Is (seemingly) at fault for not being able to open the file or view the video
  • Given the corrupted video Is hosted on YouTube, It gives the Impression that the SE'er has complied with the rep's request
  • Both methods can be 'prepared' (not executed) quite easily

The Cons Of The Corrupted File & Corrupted Video Method

  • Representatives can be stubborn, refuse to budge and keep asking to fulfill their request
  • The SE must be pushed to Its limit to give It the best chance of success
  • Due to the complexity of the attack vector, the methods only suit Intermediate/advanced SE'ers
  • For the most part, they cannot be used with high value Items- companies may Instead ask for return of goods
  • If the SE'er Is not adamant and lacks confidence, the SE has a high chance of failure

The Serial Number Method:

The most common way to SE online retailers, Is to buy the Item first and then use any of the traditional methods thereafter, however not every SE'er has money to spare and that's when the serial number method comes Into action. Evidently, this relates to Items that do In fact contain serials such as computer keyboards, AirPods, speakers, SSDs (Solid State Drives) and the list goes on. The social engineer doesn't have the Item to begin with, so the first step Is to locate a suitable serial number, and then solely use that to claim a refund while It's still within the company/manufacturer warranty period. Although this method Is not as popular as most others, It continues to be used by SE'ers of all shapes and sizes. 

The Pros Of The Serial Number Method

  • There's no need to purchase the Item upfront to perform the SE
  • Has a very high success rate when claiming ownership of the serial number
  • Can be used by every type of SEer, beginners Included
  • There's nothing to lose and everything to gain- should the SE succeed
  • There's very little preparation Involved with the method Itself.

The Cons Of The Serial Number Method 

  • Limited to technology Items and the like that must contain serials
  • Limited to companies that supply products with serial numbers
  • Without guidance, It can be difficult locating specific serials that're under warranty
  • A "POP" (Proof Of Purchase) may be requested to verify the purchase
  • A "POD" (Proof Of Destruction) may be requested which can complicate the SE
  • The rep may Instruct the Item be returned (which you don't have), so you'll need to circumvent the return 

In Conclusion:

Irrespective of the method you're using or plan to use with future SEs, each and every one has their "pros and cons" and no matter how hard you try to eliminate the latter, you'll never end up formulating the perfect method without any weaknesses whatsoever- It will contain flaws to some degree. Not doubt you've already realized It throughout this article, but It's not about focusing on the Inconsistencies of each method, but rather "taking the positives out of the negatives" by analyzing the "Cons" to see where they can be Improved and ultimately work "for you", and not "against you"

For example, one of the disadvantages of the sealed box method, Is that "some boxes are difficult to reseal, such as those wrapped In a clear outer film and a seal with strong adhesive". So what do you do In this situation? Disregard It altogether by giving up on the SE before even attempting to open and reseal It accordingly? Certainly not! You're not working to meet some sort of deadline, thus take all the time you need to assess the packaging, thereby figure out exactly how It will be opened and sealed without leaving any signs of tampering. That's what social engineering Is all about- analyzing, manipulating, persevering and being confident In your ability to succeed with every obstacle, task and complexity that comes your way. Never take "no" for an answer, ever!



Comments