Skip to main content

Featured

SE'ing Encyclopedia

Updated: 29/03/2022:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

The Three Types Of SE'ers

 


The Three Different Types Of SE'ers In Every Community.

In today's standards and expectations of social engineering online retailers by tricking their representatives to credit accounts or Issue replacement Items at their expense, each and every attack vector differs to a certain degree, hence In order to get the job done, It takes an exceptional set of skills to circumvent every obstacle to the point of having the claim finalized In your favor. No doubt, many claims are approved on the spot with very little to no questions asked, but that's predominantly due to reps neglecting to follow protocol, or the value of the Item Is minimal and not worth the time, effort and particularly the administration costs to pursue It beyond Its Initial assessment. 

It's also typical (where available) for chat bots to Instantly credit accounts for products that fall within a certain (lower) price range, which Is Intentionally Implemented as such to reduce labor costs and allow reps/agents to "focus on claims of significant value and Importance". It's at this point, when social engineers experience Issues - namely when reps work strictly by the book and evaluate claims with a fine-tooth comb. Things like affidavits asked to be signed and returned and depending on the company being SEd at the time, a POD (Proof Of Destruction) Is requested, that's a commonality with technology-based companies to the likes of Logitech and SteelSeries - all cause some degree of difficulty for social engineers, which Is yet another reason why SEs prematurely come to an end.

If you're operating from an "advanced SEing standpoint", whereby you've been hitting companies for refunds and replacements on a consistent basis for many years to date, and/or perhaps offering a refund service to other SE'ers, you'd pretty much know the Ins and outs of what It takes to push reps to their limits and achieve a successful outcome with the SE at hand. However, the same cannot be said for "beginner SE'ers" and even some who are on an "Intermediate level". It's Important to recognize exactly what defines the three types of social engineers- being "beginner", "Intermediate" and "advanced", for the reason that each one with either ask for assistance (beginner), request & provide help (Intermediate) or purely offer their support (advanced). 

As such, you can apply yourself accordingly when communicating with other SE'ers, especially If you're registered on an active SEing community such as a forum/board or a Discord server. In other words and simply stated, "as social engineers, we all work together", and Identifying the needs and wants of each other's questions and concerns will build a better and solid foundation to formulate SEs,  flawlessly execute them and manipulate representatives efficiently and effectively. By the time you've finished reading this article, you will have a clear understanding of how beginner SE'ers function and what It takes to move up to a higher level, as well as what characterizes Intermediate SE'ers and finally, the best approach advanced social engineers should use when providing help & support. So without further delay, let's make a start with beginner social engineers.

Beginner Social Engineers:

As with everything In life, there's always a starting point when you decide to tackle a particular task and If you've never attempted It before, you'd need to begin from the bottom and work your way up until you finally achieve the result you're after. The more times you repeat the process, the better you'll become at solving the objective at hand. Over a period of time, It will become second nature and you'll find that what was once an arduous project to evaluate and complete, will be done with Incredible ease. The same principle applies when starting your career In social engineering, namely "company manipulation and exploitation", by SEing companies for refunds and replacement Items.

As a beginner, there Is a lot to take on board such as (but not limited to) familiarizing yourself with every traditional method like the  DNA, missing Item, wrong Item received, boxing, sealed box, partial etc and If that's not enough to add to your confusion, you'd be at a loss as to how to "choose an appropriate method" and then "effectively formulate It against the nature of the Item" you're planning to SE. Moreover, you'll Inevitably be dealing with stubborn representatives who'll hit you with all sorts of questions and requests and one wrong move on your part, can well and truly put an end to your SE there and then. So how do you become acquainted with social engineering In the above capacity? Well, unfortunately, a 21 day crash course In SEing (so to speak) Is nonexistent and If you believe otherwise, you're under a total misapprehension.

The biggest mistake that beginner SE'ers can make, Is jump In the deep end by trying to SE an entity that's way beyond their understanding - It will most likely fail, which will decrease their confidence level, and also put a negative Impact on future SEs. In a nutshell, don't be a hero by attempting to SE Items and companies that're not within your capability. Accept the fact that you have very little to no experience In the social engineering sector and the only way you will move to an Intermediate level, Is through trial and error, asking a lot of questions and most Importantly, SEing products (and companies) that are rather simple to succeed. To help you along the way, I've created a list with a short description, that outlines the key elements for every beginner social engineer, so be sure to read every subtopic listed below.

Be Well-Informed With Social Engineering Terms

When you first begin to blend In with communities who're actively discussing social engineering, you will find a lot of terms posted In their abbreviated form, thus It's paramount to know what each one means and precisely what It relates to. Why? Well, let's say you've posted a thread on a forum requesting assistance and sometime later, a member replies with: I've "SEd" them before by using the "LIT" method. If that doesn't work for you, use "SNAD" through PayPal but not "INR". As a beginner, you'd have no clue as to what those quoted abbreviations denote, and will be totally confused with trying to Interpret them and posting your reply. Don't worry, I've taken care of everything In my tutorial named Every SE'ing Abbreviation, so do take the time to read It thoroughly. 

Read Posts And Their Replies

On the grounds that you've just registered on an Internet forum and It has a dedicated social engineering section, one of the first things to do as a beginner, Is to sift through posts/threads and read what other users have personally experienced, but be selective with the ones you take on board. For example, the last thing you need Is to be mislead by someone who's replied with a recommendation that's completely Incorrect. Although It can be difficult to determine what's appropriate and accurate, "a member with high reputation and Is very active In the SEing section for many months or perhaps years", Is generally considered a good source of Information. Over time, your skill set will advance to the point of Identifying and filtering right from wrong. 

Don't Be Afraid To Ask Questions

A lot of beginners are somewhat hesitant to ask for help by creating a thread on a forum or chat via Discord - namely because they're not really sure on how to word their post and probably feel a little embarrassed due to their lack of knowledge. If you're part of that equation, don't be afraid! As a member of a reputable and caring community, other SE'ers will have no hesitation to be of help In any way they can. Of course, there's always one bad apple In every community, so If you're receiving replies that're Intimidating and try to belittle you, simply Ignore It and focus on those who genuinely have your best Interests at heart. Now you're not going to remember every message of assistance, so a good way to reference those that're useful to you, Is to take a screenshot and name the file according to the nature of Its content

Take All The Time You Need To Prepare Your SE

Unlike attending work everyday, where your alarm clock Is set to a certain time to force you out of bed each morning and arrive at your office at precisely 9:00 am, the same principle does not apply when "preparing" every element of your SE. I've quoted "preparing" for a very good reason. You see, It's one thing when your attack has been "executed" whereby you need to act and respond to all questions, concerns and requests (several times) as they come to hand, but It's another thing when you're relaxing at home thinking about how to flawlessly formulate your method with the Item you'll be SEing. Your SE has yet to make a start, so why rush Into It when there's no reason to? There's no timeframe nor are you working to meet some sort of deadline, so be sure to take as much time as you need to prepare your SE prior to your attack.      

Select The Method You're Confident With

Although this Is also relative to Intermediate and (to an extent) advanced SE'ers, as a beginner who's only been In the scene for a very short period of time, you'd have limited knowledge of how the majority of methods operate. As such, opting for a method that does not fit your skill set, may cause your SE to either fail right from the get-go, or not long after It was executed. "Every method Is the backbone of the SE", so It's crucial to get It right In Its entirety and the only way you're going to do It, Is to have all the confidence In the world to not only formulate It to perfection, but also effectively make changes along the way. For example, If you have very little to no Idea on how to box a company using dry Ice, leave It be and select an alternative method that you can well and truly handle. Checkout my guide here - It documents a number of methods, and how they should be used to carry out the SE successfully.    

Begin By SEing Food Items

As an absolute beginner SE'er, the worst thing you can do, Is to try and SE big with your very first or perhaps second attempt by hitting the latest IPhone or a gaming laptop - each worth In the thousands of dollars. High value Items can be quite difficult to SE at the best of times, even for advanced social engineers, hence you must be realistic with your selection of goods. As a starting point, I strongly recommend to choose a "consumable commodity- basically anything related to food or drink". They're the easiest to SE and have a very high success rate. For Instance, almost every company backs their product with a satisfaction guarantee (or something to that effect), so saying that "you felt extremely sick Immediately after eating or drinking the product", works on just about every occasion.  

Intermediate Social Engineers:

An Intermediate SE'er, Is defined as having a particular set of skills somewhere In between a beginner and advanced level, thereby (the majority of times) he has the knowledge to research his target effectively, gather Information with minimal disruptions and execute his attack In readiness to tackle a series of events when the claim Is being assessed. Up to this stage, everything was solely performed by the SE'er, hence "he had control of how the SE was planned and formulated" however the moment It leaves his local environment, It's purely In the hands of the company's representatives. As a result, what happens from this point onwards cannot be predicted, and due to the (Intermediate) level of the SE'ers experience, complications are "most likely" to occur.

Notice how I've quoted "most likely" just above? That's because there's every chance that Issues "may" take place, but It's not to suggest that they "will" take place. For example, from a company's perspective, there's a lot of variables Involved such as reps being half-asleep on the job and Instantly approving claims, to carrier drivers leaving packages unattended at the doorstep of the premises, thus the rep/agent cannot conclude that the package was "personally received by the SE'er" and had no choice but to generate a refund. However, when the claim Is still In progress and things just don't add up with what the SE'er has said/provided to the company against what they actually have on record, that's when they'll Investigate to see why there's a discrepancy between each other.

For Instance, If the social engineer was asked to return an Item to have It refunded and he boxed them to circumvent sending It back, It's almost certain that an Investigation will be opened and because It appears to be a theft-related Incident, they "may" request a police report be filed and returned - just to say that the SE'er Is not responsible for loss of goods. Those are a couple of (many) complications that I'm referring to with a lot of Intermediate SE'ers - especially when they've never dealt with such requests. To this day, I continue to read messages In SEing communities to the effect of "They said they're Investigating It and told me to get a police report, what should I do next?"

Now It's not that the SE'er doesn't have the ability to handle It on his own, but rather the fact that "he hasn't come across those type of events" (Investigation & police report), or If he has, he simply wants reassurance from advanced SE'ers to ensure the most appropriate course of action. If you're reading this from the same standpoint, you'd know exactly what I'm talking about, but rest assured, It's perfectly normal. Social engineers who operate on this level, will keep asking questions throughout their SE but at the end of the day, "they will get the job done themselves". Eventually, and together with the assistance they've been given from others, as well as successfully hitting many SEs In succession, they will become "advanced SE'ers", which brings me to the final topic of this article as per below. 

Advanced Social Engineers:

Advanced social engineers either develop their skill set over many months or years of company manipulation and exploitation, or they've always had the capacity to SE but probably didn't recognize their talent until a later stage. You already know about what It takes to reach this level of SEing by working your way up from beginner to Intermediate, so there's no use repeating myself. What I will discuss from this point forward, Is "advanced SE'ers who have the natural ability to manipulate every entity that comes their way", and bypass every obstacle with hardly any complications. To make It easy to follow and understand, I'll begin with providing a scenario that you can relate to.

During your educational years at school or college, I'd say It's very safe to assume that you excelled at one particular subject and completed every task with minimal effort and thought, whilst other students struggled to keep up - no matter how hard they tried to get the job done right. There's a perfectly good explanation for this, and that Is "you were gifted In the topic" and could accomplish just about anything your teacher handed to you. The same analogy applies to "advanced social engineers who've been born to SE". Statistically, I can't give you a percentage figure as to how many exist, but what I can confidently say, Is that these breeds of SE'ers are rare and usually don't realize just how talented they are - even when other social engineers clearly point out their Intelligence.

Their method selection and formulation, Is done with Incredible ease and In no time at all and when they plan to SE a given company, there's nothing too difficult nor anything that they're not capable of doing successfully. In other words, SEing Is second nature to them and seldom do they sit around and contemplate how to perform their SE - It all comes together naturally. Now If you happen to be one of these rare types of SE'ers, you'd be aware of your ability to social engineer anyone and anything, but what I'd like to end this topic with, Is "when you communicate with SE'ers who're below your level of expertise", particularly those who require your assistance.

For example, If you're a member of a social engineering forum and other users are aware of your SEing capabilities, they're more likely to PM you or quote you In posts with questions and concerns about their SE that's currently In progress. Whether you decide to help, Is entirely your choice but on the grounds you're willing to offer your support, many questions can be somewhat annoying and difficult to translate, thereby you may become frustrated rather easily. Just remember that the world of social engineering Is relatively new to beginner SE'ers, so they have very little clue as to how they should approach you, and the way they should translate their thoughts Into social engineering parlance. 

In a nutshell, as social engineers, we all work together and not against each other - other SE'ers are not company representatives, so don't treat them as enemies, but rather be patient with their queries and help where you can. Now for the most part, It's expected that you won't get the response you're hoping for and you'll find that with many SE'ers, you will be repeating yourself until your message finally sinks In, but the rewarding part Is knowing that your advice was the reason why their SE succeeded! On the other hand, there's no doubt that you'll come across members who enjoy spamming you with messages, but given your level of expertise In analyzing and Identifying such behavior, you'd Instantly detect It. I don't need to explain how you should handle It - you know what to do!

In Conclusion:

After reading each topic, you've learned all about how social engineers start their career as beginners and what It takes to move onto a bigger scale, being on an Intermediate level and then slowly working your way towards mastering the art of human hacking by becoming an advanced SE'er. I've been In the SEing game for over three decades, hence this article Is based on personal experience and not something that I've written via a few Google searches and as such, your knowledge Is obtained directly from the source - namely "myself"

In closing, If you're a beginner SE'er and dedicated to learn all about social engineering without any other form of distractions, you will progress a lot sooner than later but don't try and rush things. SEing Is a step-by-step process that takes a lot of time and effort to move from one stage to the next, so be patient, let nature take Its course, and push for perfection with every task you've set to achieve. Eventually, you'll be the one who's calling the shots and offering your assistance, and not the other way around




Comments