Skip to main content

Featured

SE'ing Encyclopedia

Updated: 10/11/2021:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

The Double Dip Method



Social Engineer An Item Twice From The Same Company

As a social engineer yourself, who's been hitting companies on every level by tricking their representatives to credit your account for the full cost of the purchase price or have a replacement sent at no extra cost, the benefits speak for themselves - everything Is obtained without paying a single dime. And If you're well organized by using a calculated and strategic approach such as allowing a sufficient gap from one SE to the next, throwing In a few low value Items between SEs and not using the same method many times In succession, It will significantly minimize the chance of your online account being flagged for suspicious activity, thereby you can continue to use your manipulative tactics In the same fashion over and over again.

That being said, If you're operating on an advanced level of SEing for personal gain, or perhaps offering a refund service to beginner SE'ers, you'd be well and truly aware that social engineering Is not all sunshine and rainbows. You may have covered everything within your local environment to ensure your attack vector was launched as expected, however difficulties WILL be experienced on the other end of the spectrum - namely "when reps/agents are assessing your claim by complying with every detail listed In their protocol". As a result, It can be a lengthy and arduous process to manipulate the rep Into having your claim approved and on some occasions, failure Is Inevitable.

Whilst you cannot control the steps taken during the evaluation of your claim, such as the company all of a sudden deciding to open an Investigation or asking you to file and return a police report, you certainly have the power to effectively "handle" those type of requests - but only when your SE Is executed by leaving very little to no room for error. And the way It's done, Is by perfecting "Item & method formulation" that's also compatible with the company's operations.

For example, If you're using the missing Item method and selected a product that weights around "40 grams", and also had knowledge that the company's warehouse does not have CCTV cameras In place, your SE Is almost guaranteed to succeed - for the fact that there's very little to no evidence to decline your claim. "How so", you ask? Well, firstly, the Item Is simply too light to register a weight on consignment and secondly, there's no camera footage that they can view to see If It was picked & packed correctly, hence there Is no way to conclude that you received your product.  

The scenario above, Is pretty straightforward "that only Involves a single SE" - you've said that the Item was missing when you opened the package, and left It at that. The rep/agent then looked over your claim and because their records were Inconclusive, a refund was Issued thereafter. Every traditional method that Includes the DNA (Did Not Arrive), the wrong Item received, the sealed box, the partial method and so on, work on a similar principle when they're "purely used on their own" - only one social engineering attack Is required to get the job done, however the same cannot be said for "the double dip method"

If you've just started your career In the art of "company manipulation and exploitation", and only SEd less than a handful of online retailers to the likes of Wayfair, Amazon and ASOS, I'd say It's very safe to assume that you haven't heard of the "double dip method" - and rightly so for the following reason. Due to It triggering some degree of difficulty when the SE Is In motion, It's one of the least used methods In the SEing sector, but It's not to say that It's not on par with those mentioned In the paragraph above. 

As a matter of fact, It's more profitable - you will be rewarded twice when using the double dip method! So what exactly Is It, and how does It differ from the rest? Before I answer all your questions and concerns (and on the grounds you're reading this as a beginner), I'd like you to have a clear understanding of what defines a "method" - as It will allow you to Interpret the rest of this article with relative ease. On the other hand, If you're operating on an Intermediate/advanced level and know precisely how methods are structured, feel free to skip the next topic altogether and move straight Into the one named "The Double Dip Method Explained". Okay, without further ado, let's rip Into It.  


What Is A Social Engineering Method?  

The first thing you must do prior to selecting the method you're planning to use, Is to research both the "company" that you'll be SEing, and their "carrier partner" that will be servicing your delivery. However, It's way beyond the scope of this post to cater for each one, so when you're ready to take It on board, refer to my guides named Research Company Terms and Researching The Carrier. So what role do methods play with every SE? To give you a good Insight, I'll provide an analogy that you can relate to and probably have experienced at some point when furnishing your home. 

Let's say you've bought an entertainment unit from Ikea that comes with shelves, draws, cabinets etc, In Its collapsed form. In order to put It together, you'd need the "assembly Instructions" and If they happen to be missing or they belong to the wrong unit, you cannot complete your project. The very same principle pertains to social engineering methods. In this case, the "assembly Instructions" Is the "method", that's used to guide you In the right direction and support the goal you've set to achieve - being the claim finalized In your favor. Put simply, It's Imperative to SE a company by first having prepared a plan, and the "plan" Is the "method"

Every method Is the backbone of the SE, and apart from the DNA that can be used with just about any product of reasonable size and weight, other methods must be suited to the nature of the company and the Item you're SEing. A prime example, Is what you've read a few minutes ago with the missing Item method - neglecting to take the Item's weight Into account, as well as the company's warehouse logistics, will result In a failed SE. Of course, this Is based on representatives who work strictly by the book when processing claims, and not those who have no brain cells left and approve them with no questions asked. Now that you comprehend all that, It's time to checkout the "double dip method".   


The Double Dip Method Explained:

Typically, when social engineering online stores with the Intention to obtain a refund or replacement by using any of the traditional methods discussed In this article, It's performed against one particular Item and "only done once". For Instance, you've chosen the wrong Item received method, contacted the company and told them that another Item was In the package/box to what you originally ordered. The rep then asked you to return the wrong Item, and when he received It, your funds were reimbursed Into your credit card. That's how a standard SE Is done - "one Item Is SEd and one refund or replacement Is Issued".

The "double dip method", on the other hand, requires an exceptional set of skills and a great degree of confidence to succeed - for the reason that "the same Item will be social engineered twice" from the same company where It was originally purchased. In simple terms, you're "repeating the SE" on the one claim to get a refund/replacement "twice". Confused? Don't worry, It will make perfect sense In the next topic! Now because you're SEing  the company "two times In a row", to avoid raising suspicion, I strongly recommend using "two different methods" when double dipping. 

Why? Well, If (for example) you've solely opted for the DNA method, It will be used a couple of times In succession by claiming that you did not receive your goods and as a result, It's very unlikely that your package did not arrive twice In a row at your premises. Sure, the possibility exists (on the rare occasion), but do you really want to take a risk, when It can easily be avoided by simply choosing another method? I didn't think so. Given you get the gist of what I'm saying, we'll now have a look at what the double dip method entails. 


The Double Dip Method In Action:

For the purpose of this tutorial, I will be referencing the SE'er from a third-person point of view rather than yourself, and to make sure It's easy to follow and understand, every detail Is kept to a bare minimum. Okay, here's how the double dip method generally works. The social engineer wants to SE "two AirPods" from the "same company", without paying a single dime for either of them. Firstly, he orders just the one pair and decides to use the DNA (Did Not Arrive) method. After satisfying the company that the Item was (seemingly) not received, they decided to send out a "replacement"- meaning another set of AirPods. 

It's absolutely crucial that a "replacement Item" Is dispatched on the first SE, otherwise the double dip method cannot be used (more on this after we've finished here). Back on-topic, the social engineer now has two AirPods, but only paid for one. That Is how a standard SE Is performed. Next comes the double dip. The SE'er then calls the company and says that the replacement AirPods (that they just sent), are defective. After going through a few routine troubleshooting steps, the rep/agent asks to send them back. The SE'er uses the boxing method, thus only sends back the box without the AirPods. Remember: So far, the social engineer still has two AirPods but only paid for one

The representative thinks that the Item was stolen during transit, and "refunds the AirPods". As a result of every event, the social engineer has SEd "two AirPods"- one using the DNA method, and the other using the boxing method. In other words, he's "double dipped!". Because he was given a full refund, he now has both AirPods without paying a single penny for either of them. I've tried to simplify the entire scenario as best I can, but If you still have trouble following It, take the time to read It carefully - It's really easy to grasp how the double dip method works. As mentioned a few minutes ago, you must receive a replacement on the Initial SE, which brings me to the last topic below.


A Replacement Must Be Sent On The First SE:

It's just a matter of common sense that the first SE Involves a replacement Item, but many SE'ers fail to see the logic behind It, thus I'll elaborate why It's the case as follows. A refund obviously cannot be generated on the first SE, because If It Is, "you don't have an Item to double dip!" - therefore the SE will end there and then. So how do you say that you prefer a replacement Instead of a refund? Well, although many companies give you the option to choose one or the other, for one reason or another, some reps would rather credit your account and that's when you'll put your SEing skill set Into action, by making up a few excuses as to "why you cannot receive a refund"

One very effective approach, Is to simply say that "you've lost your credit card" and after contacting your bank, they've organized to send a replacement card. However, due to a high volume of customer claims, the banker/teller "could not give you an estimation on when your card will arrive". If asked, I strongly suggest telling this to the rep/agent, for the fact that If he had an ETA (Estimated Time of Arrival) on your card, he may hold your funds until that date, but saying that "you have no Idea when the card Is expected to come", will leave a replacement Item as the only option to finalize your claim. 

Now the good thing about using a "lost card" as the excuse, Is that such circumstances do happen legitimately and If you treat your SE as such by convincing the representative of the event that took place (losing the card), there's no reason why he'll decline your request for a replacement Item. Another equally effective tactic, Is to use a "VCC" (Virtual Credit Card) and when "first using the double dip method", cancel/dispose of the VCC - which will ensure that a refund cannot take place. If you're not sure how a virtual credit card Is used, refer to my guide here under the title of: "What Is A Virtual Credit Card"


In Conclusion:

The double dip method Is considered a little risky, namely because you're SEing two Items In succession from the same company and In some Instances, you'll also be dealing with the same rep throughout the entire claim, thereby It Increases the likelihood of suspicious behavior being detected. But If you accurately follow every topic that you've just had the pleasure of reading, and apply the methodologies according to the nature of the company and the Item you're SEing, It will significantly decrease your activities being flagged. The Important thing to remember, Is to "always use two different methods" when double dipping, and be sure you have sound knowledge of how to effectively formulate each one. 


Comments