Skip to main content

Featured

SE'ing Encyclopedia

Updated: 10/11/2021:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

Keep A Record Of Every SE

 


Keep A Record Of Each And Every SE Performed

If you're at the age of taking responsibility for your own personal affairs, such as shopping for groceries at the local mall, paying the electric, water and gas bills and meeting up with family & friends for lunch, you'd need to be well organized with the way every event Is planned and most Importantly, making sure there's enough money to cover all expenses. Without knowing precisely how much funds are readily available In your bank account and on the grounds you don't have a credit card at your disposal, It's very difficult (If not Impossible) to go ahead and purchase the latest IPhone, or perhaps wine and dine at fancy restaurants on a weekly basis.

On the other hand, you may be the type of person who operates In an orderly fashion, whereby you're systematic with handling all events that take place, as well as the amount of cash you earn each week and how much of that Is required to fulfill the cost of food, rent, transport, clothing, bills etc. As a result, you're able to forecast, arrange and tackle each entity with Incredible ease. All that Is what's called a "home Inventory", hence you know exactly what's going on within your local environment, which significantly helps to address problematic Issues as they come to hand. The same principle applies to social engineering - being structured and prepared to effectively challenge every obstacle that comes your way, Is crucial to say the very least.        

Be It hitting a small family-owned business with the sealed box method by attending the store late on a Friday when they're Inundated with customers, thereby you're Instantly Issued a refund due to the employee not having the time to check your return, or SEing the largest eCommerce company named Amazon for a replacement on a 2k gaming laptop using the wrong Item received method, It's Imperative to have a social engineering Inventory as part of your toolkit. If you haven't worked It out yet, what I'm referring to Is "keeping a record of every SE performed" - both past happenings, and while your claim Is still In motion. More on this In a minute or so. 

Prior to your attack vector, there's no doubt that you must first research the company's terms & conditions, and do the same with the carrier who will be servicing your delivery, and then formulate your method against the nature of the Item (and company) you'll be SEing, but have you thought about "documenting every social engineering activity for each company you've SEd?". Or what about the time your claim was approved for a refund, only to find that a few hours later, the representative decided to reverse his decision for no apparent reason? "Did you take note of the conversation between yourself and the rep(s) as It happened In real time?"

I'd say your answer Is "no" to either or both of the above circumstances, and because you neglected to save vital Information relative to your SE/claim, you don't have anything to use as ammunition when told It has been declined and as such, there's very little you can do to rescue It. For Instance, many SE'ers fail to write down and/or save the progress of their SE "as developments unfold there and then" - which leaves them In a vulnerable position, and (at times) leads to an unsuccessful outcome. 

That's where I come In. What you will learn from this article, Is the reasons why "It's paramount to keep a record of every conversation and event" at the present time of your attack vector, as well as the Importance of having a "social engineering log book for all SEs performed". Now that you understand that, I'll first discuss the three gateways of communication that you will Inevitably be using - namely "email", "live chat" and "speaking over the phone" and just before concluding this article, I'll talk about the best measures to Implement In your "SEing log book". Okay, so without further ado, let's get this started.     


Sending & Receiving Emails:

The biggest benefit of shooting off messages back and forth via email, Is Its suitability to all types of SE'ers, even those with very little to no experience. It doesn't matter If you've just begun your career In the social engineering sector, and you're attempting your very first SE by replying to an email, It's not difficult at all to generate the appropriate response and here's why. There's basically no sense of urgency nor the need to act promptly on your end - It's purely a message that will be sent to your Inbox at any given time and day, which means It'll be sitting there until you decide to read It. Because of that, the rep/agent Is not expecting an Instant reply, thus you can take all the time In the world to think of "what to say and how to say It"

Moreover, If you need help and you're part of an SEing community to the likes of a forum/board or Discord server, you can ask a few fellow SE'rs to clarify your queries - all done with no rush whatsoever. Now It's all well and good when the exchange of emails between yourself and the company run smoothly, however "representatives have a tendency to lie, or provide contradictory Information and some also tell you one thing, and then sometime later, they completely deny what they've previously said". For example, have you been told by a rep that a refund/replacement has been approved, but a day or two afterwards, an Investigation was opened and you were asked to file a police report?

I think you have experienced a similar scenario, but If not, you WILL at some stage when continually hitting an array of companies. And In order to Identify Inconsistencies with previous and present details, "you'd need something that you can refer to on your end" - and that "something" Is the "records" you've taken from the very first email you've sent, to the last one received. However, It's not as simple as writing down a few bits & pieces In your notepad - due to being disorganized, you may become overwhelmed when looking for specific Information. Instead, you'd be using a calculated approach with "how every event and message Is stored" and to help you with that, I've created a list of recommendations below.        

  • Create a folder with the company's name.
  • Place all emails (sent & received) In the folder.
  • Check your spam/junk folder every day for flagged messages.
  • If  messages from the company are marked as spam, move them to the folder you've created above.
  • Take note of the representative's full name that you're dealing with at the time.
  • Cross-check If It's the same rep with each new message received.
  • If It's a different rep, be sure to clearly document the change.
  • Highlight every question and concern you've stated In your email message.
  • Highlight precisely how you ended your email message (example: "I'm still waiting for the package to arrive").
  • Take note of how the rep responds, particularly If It's relevant to your previous reply.
  • Take note of how the rep has ended the message, namely the details he requires from you, If any.
  • If the claim Is declined, check all previous emails to see If there's any discrepancies.
  • If there are discrepancies, ask for clarification and make sure the rep/agent complies with your request.
  • If the rep refuses to answer your concerns, ask your claim be escalated to a senior level.
  • Repeat your record keeping with every SE as per the examples above.

Well, that's quite an extensive list, Isn't It? Although It may seem like It's more trouble than It's worth to arrange and apply everything just for the sake of sending & receiving emails, It's actually a lot easier than you think. For Instance, It literally takes 10 seconds to create a new folder, and the same amount of time to highlight the questions & concerns In both your email, and the representative's response. The only part that's a little time consuming, Is checking for variances In each email message, but If It's the deciding factor In approving your claim for the 1,800$ IPhone 13 Pro Max you're SEing, then It pretty much speaks for Itself!  


Communicating Via Live Chat:

Before I begin, I'd like to make you aware that whilst many companies such as John Lewis, Argos, Amazon and ASOS support customer service through "live chat", there are some that don't, thus you will need to make other arrangements by choosing another gateway to communicate. That aside, as with talking over the phone, live chat Is also done In real time and even though all responses are Instant the moment you "hit the Send button", there Is one particular advantage that allows you to gain a little bit of extra time - just to recollect your thoughts, and think of the most appropriate reply

Notice that I've quoted "hit the send button" just above? That's because It's entirely up to you to make that decision, hence If you have a momentary lapse of concentration and cannot figure out what to say next, you can stall the session for around 20-30 seconds and then generate the message. It can be done quite a few times, but don't abuse It - as It may look as If you're trying to hide something. As you can see, live chat definitely has Its advantages, and If your reaction time Is quick when translating your thoughts onto your computer's keyboard and addressing the rep's messages effectively, then this form of communication Is your strong point.

While dealing with the representative over live chat has Its strengths, when It comes to keeping track of every conversation sent & received, It also has Its weaknesses - namely services that do not have the option to view your chat history, especially when you've terminated the session and logged out of your account. Sure, the majority of chats can be accessed by scrolling up and down In an active window, but depending on who the company Is and the length of each message, not all chats may be available. Yes, I've personally experienced It when trying to retrieve previous messages - each and every one was not accessible. As a result, you'll need a few tools at your disposal to take note of all relevant details, as well as setting up your chat environment accordingly - which can be applied by using the following list.
  
  • Log In to your account and open the chat window.
  • If available, click the option to "send a copy of the transcript to your email address".
  • If the above option Is not there, have a screenshot tool up and running.
  • In case you need to quickly write down some details, have a pen & paper on hand.
  • Connect to your chat session and If the date & time Is not on your screen, write It down.
  • Depending on the company, a chat bot may first come to assist you. If you're In luck, It will approve your claim.
  • If the bot cannot resolve your Issue, you will be passed onto a real representative.
  • The customer service rep's name should be Immediately displayed, so write It down.
  • If possible, maximize the chat window so that you're able to view many sent & received messages In a single screen without scrolling.
  • When the chat window Is almost full, take a screenshot and keep repeating the same process throughout the entire session.
  • At the end of the chat, save your screenshots by naming them In order of conversation.
  • If your claim was not finalized or Is pending further review, highlight the reasons why that took place.
  • Highlight the last message you sent - you'll most likely need It as a point of reference to continue with your claim.
  • Highlight messages from the rep that don't make sense, or appear to be contradictory.
  • If need be, request your claim be escalated and refer to all previous records you've saved.
  • Repeat your record keeping with each chat session.  

Evidently, not every detail In the list above will relate to a given SE that's currently In progress, so before starting your chat session, I suggest you go through the lot and filter those that are applicable to your circumstances and surroundings. Also, do remember that most of the Information Is based on the grounds that you cannot access to your chat history - due to signing out of your account, starting a new session altogether, browser chats not showing In mobile apps chat history, or aged conversations (that happened a while back) have been discarded.     


Speaking Over The Phone:

The final gateway of communication that will be discussed, Is the good old "phone call" to a customer service rep, which Is Instant and without delay. Everything you say, happens there and then and the biggest disadvantage of performing this type of contact, Is that "whatever you've said, cannot be taken back". It Is all well and good If your reply was effective, but If you're the type of SE'er who's somewhat hesitant and nervous about how to respond In real time conversation, then It can work against you, and give every reason for the representative to decline your claim. Because of that, It's best to opt for another channel, such as those already discussed - email or live chat.

On the other hand, you may have the gift of the gab whereby you're able to tackle every question and concern with pinpoint accuracy, so manipulation over the phone Is what you excel at, therefore you'd prioritize this over the rest. If you're part of that equation, then keep reading this topic. The good thing about a phone call, Is that once you've reached the agent, you can Immediately SE him without having to wait for a response, thus It helps prevent reps from making up all sorts of fanciful stories to try and reject your claim. 

However, when the SE Is In motion, you don't have anything on file that you can refer to, nor (stating the obvious!) can you capture screenshots of the conversation. Unless you use a sound recorder, the only alternative Is to "document the events as they happen", by simply using a pen & paper. Seeing that speaking over the phone Is extremely quick, you'd need to work fast, hence I recommend writing most of It down by abbreviating the spoken words "In a way that you can fully understand what's written". Now I don't need to explain the purpose of the list below, so check It out and use It as stated. 

  • Prior to making the call, take note of the exact time and date.
  • Prior to making the call, write down how you're going to start your end of the conversation.
  • When calling, the rep will usually answer with a given (first) name. If not, ask who you're speaking with.
  • There may be more than one person sharing the same name, so grab his last (family) name.
  • If you need to call back at any point, highlight precisely how each conversation ended. 
  • After you've told the agent your Issue, listen very carefully to how he responds.
  • If he's requesting certain details, make a note of the main points (example: asks for an "Invoice number", "POP", "serial number", etc).
  • If he's offering ways to resolve your claim (example: refund on return of Item), write It down.
  • If an Investigation Is opened, ask him how many business days It will take to complete. 
  • If you don't get a reply when the Investigation duration has ended, call him back and ask why It's taking so long to finalize.
  • On the grounds he refers you to a senior customer service rep, get his/her full name and job title.
  • Refer to all your previous notes when speaking with the senior representative. 
  • If your claim Is declined, get every specific detail that decided the outcome, and cross-check It with your records.  
  • If he's approved your claim, be sure to get a reference number pertaining to the phone conversation, and also log the time & date.

As you can see, phone communication Is a fast-paced environment with events, questions, requests and concerns occurring at a rapid pace and In order to keep track of It all, you'd need to act very quickly by jotting down the rep's responses and well as your own - as It happens In real time. It's very difficult, If not Impossible, to catch each and every detail, which Is why I suggested to abbreviate It - similar to how you shoot off text messages. Okay, to conclude this article, I'll briefly discuss the Importance of having a "social engineering log book" with every SE performed, so let's have a look at It now.


Social Engineering Log Book:

This article has exceeded Its reading time by a lot more than what I Initially anticipated, so to avoid congestion, what you're about to read Is very short and straight to the point. When you're continually hitting one SE after another for many months on end, be It success or failure, It's literally Impossible to remember when every event took place, Inclusive of the Items refunded and/or replaced, as well as the timing between each one, the company names and more. As such, It's vital to keep a "social engineering log book" to record your activities as they occur. 

So why Is this Important? Well, have you ever wondered why your SE failed for no apparent reason? Or your online account was unexpectedly locked on a temporary or permanent basis? While the cause could be due to quite a few possibilities, SEing too many high value Items, or using the same method a lot of times In succession, or perhaps not allowing a sufficient gap from one SE to the next - are all significant contributors. Clearly, you can see why a logbook Is an Integral part of your social engineering toolkit. Here's my non-exhaustive list that you can use as a general guide. 

  • Names of companies
  • Nature of every Item
  • Value of every Item
  • Dates & times of every event
  • Methods used
  • Carriers used for deliveries
  • Number of refunds
  • Number of replacements
  • Timing between each SE
  • Number of successful results
  • Number of failed attempts
  • Number of credit card chargebacks
  • Number of PayPal disputes & claims
  • Number of legit purchases
  • Number of SEs performed
  • The date of the last SE performed

In Conclusion:

As mentioned midway through this article, It may seem like an arduous and lengthy process to record every event (and the like) with each SE you decide to hit, but bear In mind that a lot of what's listed In the topics above, may not relate to your environment. Furthermore, you're obviously not going to use all communication gateways (email, phone and live chat) simultaneously, thus you'll find that the one you select, can be filtered and adjusted according to your needs. 

In closing, I'd like to reiterate that the majority of live chat services do have a chat history that can be accessed from your end, but my guide Is based on those that don't, and/or the history Is not available when the session has been terminated - and there are a few entities who operate In that fashion.    


Comments