Skip to main content

Featured

SE'ing Encyclopedia

Updated: 10/11/2021:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

Handling Declined Claims

 


How To Effectively Tackle A Claim That's Been Declined

Those who've been social engineering entities of all shapes & sizes, would know the complexities Involved to circumvent every obstacle that comes their way, to ultimately deceive their target Into performing an action that they're not supposed to do. Be It calling a cell phone store as though It's the manager from another branch whose credit card facilities have (apparently) crashed and needs a given customer's credentials to complete the transaction on his end, or physically entering a restricted building by pretending to be an employee and kindly asking another worker to punch In his 4-digit entry code - each and every attack must be "researched beforehand", and "planned according to the researched findings" to give It the best chance of success

The scenario above, basically Involves a single attempt and one gateway to get the job done. In the case of the store manager grabbing the customer's details, he's communicating over the phone for a few minutes or so and the SE Is over and done with. As for gaining access to the restricted building, that also consists of speaking with another person for less than 60 seconds, and then entering the premises . Each of those social engineering events, take very little time to complete "when the SE Is In motion", however the same cannot be said when hitting online stores by tricking their representatives to credit accounts or dispatch replacement Items at their expense - some SEs can take weeks or months to finalize

What I'm referring to of course, Is "company manipulation and exploitation", whereby SE'ers use what's called a method such as the wrong Item received, the missing Item and partial, boxing, the DNA (and many more) and formulate It against their Item and execute the attack vector thereafter. The objective Is to manipulate the rep/agent Into believing the SE Is a legit claim and unless the rep Is half-asleep and approves It on the spot, It takes an exceptional set of skills to achieve a favorable outcome - particularly when Investigations, police reports and high value Items are Involved during the claims process - all of which add some degree of difficulty.

As a result, even though you've flawlessly performed your Information gathering session by researching the company's terms, conditions and protocol, as well as prepared your Item & method without leaving room for error, your SE can fail at the best of times. For Instance, you know exactly what you're doing when formulating It on your end, but the moment It's executed, you cannot control the steps taken by reps when your claim Is being evaluated. If he decides to decline It and refuses to budge with his decision, many social engineers take It as a loss and move onto another SE, but there are still ways to get the refund or replacement you were hoping for.

That's where I come In, by Introducing you to a number of very effective approaches that will maximize the likelihood of either overturning the rep's decision to reject your claim, or have the transaction reversed, thereby your funds will be reimbursed Into your credit card or bank account. Now apart from a "Section 75 claim" that's discussed towards the end of this article, you'll find that every other topic will relate to your environment - for the fact that your SEing toolkit Is the first thing that should be well and truly established, prior to considering who you're going to target next. So, without further delay, let's rip Into It.     


Ask For Evidence That Supports Their Decision:

Before I make a start, "this Is based on representatives who assess claims with a fine-tooth comb and work strictly by the book" by following company guidelines every step of the way, and not those who have no brain cells left where they can't even spell their very own name (so to speak) and Issue refunds with no questions asked. It also doesn't apply to chat bots that tend to Instantly approve claims, which Is a commonality with low value Items to save on administration expenses and cost of manpower. Okay, the title of this topic pretty much speaks for Itself. In a nutshell, you've performed your SE with the Intention to obtain a refund, however your claim was declined and Irrespective of every manipulative tactic you utilized, the rep/agent remained firm with the outcome.

When this happens (and as already mentioned), a lot of SEers believe that there's nothing more they can do to rescue the claim, but It's not the case at all - It was disapproved for one or more reasons and because reps have a tendency to not elaborate on their decisions, the first port of call on your part, Is to "find out precisely why It was not finalized In your favor". In doing so, and If you analyze the details very carefully, there Is a good chance that you'll Identify a number of Inconsistencies that do not support their reason for declining your claim. More on this In the paragraph after the next.

Now given there are an array of traditional methods used by beginner, Intermediate and advanced SE'ers, It's way beyond the scope of this article to cater for the lot, so I'll only demonstrate the DNA method. You can then "use the Information as a general guide when asking reps to provide evidence of their assessment", as well as analyzing the details beforehand and afterwards. Okay, If your SE was declined when using the DNA method, you may receive some ridiculous message from the company to the effect of

"We have fully Investigated this matter, Including contacting the carrier who delivered the package. Based on the outcome of our Investigation, we believe the package was delivered to the correct addressIn particular, we have taken In account the following Information which Indicates the Item was delivered:

The timed geocode stamp of the delivery location
Information collected at the point of delivery, and
The package weight and reported condition upon delivery"

The message above, Is actually based on a response that I personally received with the DNA method, and If you look at It closely, you'll realize that It's complete nonsense - as there are many details that are Inconclusive, which ultimately renders their findings useless. If you're an advanced SE'er, you should easily Identify the Inconsistencies, but to simplify It for you and as you can see, I've highlighted the operative words In green that do not support their Investigation. As per below, here's what you should be questioning and/or ask for clarification. I've added my comments next to each one.  

We believe - What they believe and what actually took place, are completely different from each other.
Delivered to the correct address - By no means does this conclude that "you personally received the package".
Geocode timestamp - This only confirms It was delivered to the "address" and not to the "person" (yourself).
Information collected - And? What Is It? It could be anything, maybe not applicable to the claim. 
Reported condition upon delivery - What condition? From whom? From where? 

Can you see the Importance of examining every minute detail? They haven't given any evidence whatsoever to justify that what they're saying Is true and correct, so for all you know, "they could have made the whole thing up". As such, If you don't bother to take It further by demanding proof of each of the aforementioned events, your claim may well have been declined for all the wrong reasons! Moreover, my "quoted comments" clearly show that their findings are not relevant to the claim - both tracking/GPS Info and delivered to the correct address, do NOT verify a "person-to-person" delivery and because you did not personally accept your package, It "Did Not Arrive", hence DNA! As said, be sure to use this as a general guide when the need comes to hand.
 

Request Your Claim Be Escalated:

If you're reading this from a beginner's standpoint. whereby you've been In the social engineering scene for a very short period of time and limited to performing a few SEs here and there, of which one or two have failed, the chances are that you're only familiar with dealing directly with the representative who declined your claim. Furthermore, I'd say It's safe to assume you'd be under the Impression that his decision Is final and no further action can be taken, but I can assure you that nothing could be further from the truth. Just because the rep/agent terminated your claim, It doesn't necessarily mean that the correct decision was made, nor does It suggest that further action cannot be taken on your part

Unbeknownst to many SE'ers, Inclusive of those who operate on an Intermediate and probably some on an advanced level, every company to the likes of Logitech, Lenovo, SteelSeries and Amazon have what's called a "complaints department" or something to that effect. It's specifically setup to handle customers who are unhappy with the way they've been treated and the lack of service they've been provided - In this case and on-topic of this guide, "your claim being declined". Companies pride themselves with the service they provide to their customers and as a result, they're obligated to sort out any Issues that come to their attention

In other words and simply put, when you've been told your claim has been rejected, don't leave It at that, but rather "tell" (and not "ask") the representative that you're not happy with the way It's been dealt with, and you want "your claim to be escalated". What this means, Is that you're essentially filing a complaint against the rep/agent who put an end to your claim, and It's then forwarded (escalated) to a senior level, where It will be managed and reviewed In an Impartial and unbiased manner. Well, that's what most companies state In their terms, but the fact Is, you never know what happens behind closed doors! 

If you haven't worked It out already, "the objective of escalating a claim Is to have It approved" by overturning the Initial decision that was used to decline It, however It's not all sunshine and rainbows. It can be quite a long process from the time you escalate It by emailing, calling or opening a ticket, to when you receive a reply from one of the team members. And to make matters worse, It may not be the response you're expecting - a message such as: "We're still looking Into It and will get back to you shortly" Is a common occurrence, and Is sometimes repeatedly and purposely generated that way, to try and make you give up and forget about the whole thing

This tends to take place If your claim appears suspicious, but there's not enough evidence to decline It at that stage of the assessment. Now you may be thinking that It's not worth the time and effort to submit the escalation, but believe me, If your method was carefully formulated and the SE was executed without any degree of uncertainty, there Is every possibility that the outcome will work to your advantage. The key to success, Is to persevere and remain adamant throughout the entire evaluation by sticking with your story behind your claim, keep contacting them when they fail to reply, and not taking "no" for an answer under any circumstances. After all, you have nothing to lose and everything to gain - If (or should I say "when") a refund Is Issued Into your account.         


File A PayPal Dispute/Claim:

In the event you've exhausted all of the above measures and the company refused to reverse their decision, thus your claim was not resolved by way of approval, you still have another alternative at your disposal - namely filing what's called a PayPal "dispute" which will then get escalated to a "claim", with the Intention to have your funds reimbursed Into your bank account/credit card. More on this In a minute. First, I would like you to understand the basics of how PayPal operates, and why "It's Imperative to create an account and Include the service as part of your social engineering toolkit".

Okay, the main reason why SE'ers use PayPal as their preferred payment system, Is because It protects their purchases by offering "Buyer Protection". This means that If something goes wrong with the purchase (which It seemingly will!) such as "the package did not arrive or a "different Item was received", PayPal will try and correct It. Both of those quoted terms are listed on their website as "INR" (Item Not Received) and "SNAD" (Significantly Not As Described) - which Is equivalent to the DNA , (sometimes) the missing Item method and the wrong Item received method respectively. When putting In a claim, they're the only things you can use to get a refund - the "INR" (DNA, missing Item) or the "SNAD" (wrong Item received). Makes sense? Good.

Upon navigating to PayPal's User Agreement, you'll see that It's quite complex and covers a lot of details that can be overwhelming and difficult to comprehend - most of which are Irrelevant from an SEing perspective, so I'll cut to the chase and simplify It for you as follows. When your SE has failed, you'd file a "dispute" through PayPal's Resolution Center and what generally happens after that, Is that the buyer (yourself) and the seller attempt to resolve the matter between themselves. If an agreement cannot be reached (which It obviously won't), the dispute gets escalated to a "claim". At this point, PayPal steps In and takes over by contacting the company (that you're SEing) and grabs all details relevant to your claim.

If you've prepared and executed your SE In a manner that did not raise suspicion, or perhaps the representative made an error In judgment when finalizing your claim, It's very likely that PayPal will side with yourself as the buyer, hence refund your account for the full cost of the purchased Item. Another advantage of using PayPal, Is that some companies do not respond to disputes/claims and as a result, It will be approved In your favor - all without the need to collect further Information. 

I've personally experienced many companies who did not bother liaising with PayPal and because their lack of communication was obviously no fault of my own, PayPal had no choice but to credit my account. I often get asked why certain companies neglect to respond altogether and although there's no direct answer, one possibility Is when low value Items are Involved - It's cheaper to mark It as a "tax write-off" than to spend money on resources and manpower to pursue the claim with PayPal. All In all, If you haven't done so already, make sure to sign up with PayPal asap and use It to your benefit accordingly.  


Perform A Chargeback Or A Bank Reversal:

There's yet another gateway that can be used to obtain a refund, namely a "chargeback" or a "bank reversal" - both of which are much of a muchness In the way they handle and process funds. We'll first have a look at how a "chargeback" works, and then I'll briefly discuss what you need to know when hitting a bank reversal

Performing A Chargeback

Okay, although a "chargeback" Is often viewed as being related to PayPal, It Is In fact done by "getting In touch with your credit card provider" and telling them that you wish to dispute a transaction, and would like your cash placed back Into your account. In other words, the buyer (you as the "social engineer") will ask your credit card provider to reverse the charge - similar to how PayPal operates as said In the topic above.

They will then contact PayPal and request Information such as (but not limited to) proof of purchase, shipment details, communications between the buyer & seller, transaction Info and the list goes on. PayPal will oblige by forwarding everything over to the credit card provider who will then review It, and the good thing about It, Is that "they will have the final say on your refund". Even If PayPal Initially declined It, the credit card provider can go against their decision and approve It. Chargebacks are structured differently (to some extent) between countries and providers, so to start one, head over to the credit card's terms to see the requirements and contact them thereafter. 

Performing A Bank Reversal

Not every SE'er has the luxury of owning a credit card to their name, particularly those who're not legally allowed to apply for one and If you're part of this equation and want to hit a chargeback, there Is an alternative approach named a "bank reversal" - that serves the exact same purpose as a credit card chargeback. The only difference, Is that the request Is made to your "financial Institution" (meaning your bank and the like), and they will assess your claim and ultimately decide If a refund Is warranted - which will not be an Issue "If there are no signs of Inconsistencies with your SE", and the details that you provided as Instructed by your bank, do not demonstrate any type of suspicious activity

I'd like to point out, that both chargebacks and bank reversals, should only be used when all else fails. For Instance, It would be very unwise to Initiate a chargeback/bank reversal In the early stages of your SE - for the reason that your claim may well be approved, hence there's no purpose wasting It, when It can be saved for a time when you have no other alternative. Put simply, when your SE has come to an end and you've exhausted every option to try and rescue It to no avail, that's when you'd opt for a chargeback/bank reversal. Think of It as a backup to every SEing attack - you're going to obviously SE the company first, and If that fails, you have your chargeback/bank reversal to turn to. 


Hit A Section 75 Claim:

This Is rarely discussed and utilized In today's world of exploiting online retailers/stores, but "If you're reading this as a resident In the UK", I suggest to absorb every word from this point onwards. From a legit standpoint, In the event a company goes bankrupt and closes Its doors for good, a "Section 75" allows you to file a claim for a refund with your credit card provider, regardless If the company that you've purchased from, Is no longer trading. A Section 75 Is basically a law In the UK that protects Its consumers, by forcing their credit card company to reimburse their funds when businesses shut down without paying the money they owe to their customers.

In order to qualify for a Section 75 claim, purchases must be over £100 and not greater than £30,000. Now "from a social engineering viewpoint", you can make a claim If you did not receive your Item(s), thus the DNA method comes Into action. Furthermore, If you ordered something and received a totally different Item, you're also covered for that, therefore the wrong Item received method can be used with a Section 75 claim. It's similar to PayPal's "INR" (Item Not Received = DNA) and "SNAD" (Significantly Not As Described = wrong Item received), but evaluated and processed In accordance with UK protocols and guidelines. There's a lot more perks that you can put to your advantage, but I cannot possibly detail the lot - that's your job to establish Its Ins and outs, so research It.


In Conclusion:

What you've learned from this entire article, Is that just because a claim has been ultimately declined and you're told by the rep/agent that nothing more can be done about It, by no means does It end there and then. As you've gathered, there's plenty you can do to try and have the original decision overturned, thereby the transaction will be reversed and a refund credited Into your account, but there's a very Important element that you must ensure with every SE -  which Is to "formulate your method with a high degree of accuracy, and execute your attack In a very effective fashion". As such, your arguments will predominantly work for you, and not against you, which will significantly Increase a favorable outcome. 


Comments