Skip to main content

Featured

SE'ing Encyclopedia

Updated: 16/01/2022:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

The Infected Item Method

 



The Item Was Infected With An Object When Purchased

Social engineering has been around for centuries and with the advent of technological advancements, particularly the Internet, a lot has changed In the way It's used nowadays, Inclusive of what SE'ers are aiming to achieve with a given attack vector. Although the old-school SEing that Involves (but not limited to) grabbing confidential Information to the likes of usernames & passwords, or perhaps gaining remote access to a computer by compromising the network, Is still well and truly going strong, It's been superseded by a more sophisticated type of SEing named "company manipulation and exploitation"

If you're a regular reader of this blog or registered on an active social engineering community, you'd know precisely what I'm talking about, and the complexities Involved to trick representatives to reimburse funds Into your account, or dispatch a replacement Item while you still get to keep the original one. Unlike the aforementioned old-school SEing that's (for the most part) over and done with In a single session, the new breed of human hacking can take days, weeks and sometimes months to finalize. The events and circumstances responsible for that, Is mostly due to stubborn reps evaluating claims, Investigations opened, police reports asked to be filed and returned, and the list goes on.

As a result, social engineers must always remain one step ahead of everything reps throw at them and In order to do that, they need to have sound knowledge of how the company operates, the type of carrier partner(s) they utilize to service deliveries and of the utmost Importance, Implementing "Item and method formulation" by leaving very little to no room for error. In other words, unless It's a universal method, It must always be suited to the nature of the Item and If you (the SE'er) fail to prepare It accordingly, your SE may prematurely come to an end, thus It's crucial to fully familiarize yourself with the method you're planning to use. 

However, not all social engineers are equal, nor does every SE'er have the confidence and skill set to effectively apply each traditional method such as the missing Item and partial, boxing, faulty Item, corrupted file and an array others. Wouldn't It be nice If there was a method that you can put Into action, regardless of both your level of experience, and the Item you've chosen to SE? Well, I will Introduce you to one that I've personally created called "the Infected Item method" - which Is unbeknownst to you, for the reason that I'm the author by naming It as such. So what exactly Is the Infected Item method, and how does It differ from the rest? Let's check It out In the topic below.


What Is The Infected Item Method?

If you have just started your SEing career and have yet to hit companies like Wayfair, Zalando, John Lewis, Adidas and so forth, you cannot jump straight Into this tutorial without knowing at least the very basics of how stores are structured, as well as the role methods play In every attack vector. I strongly suggest reading my articles named Beginner's Guide To SEing, Identify How A Company Works and also Asking For Help With Methods and when you're done, you can continue where you left off here. Okay, on the grounds you have a general understanding of social engineering In the capacity of exploiting companies and deceiving their reps/agents for refunds/replacements, you're now ready to see what "the Infected Item method" entails.

As Its name Implies, It's simply used to say that the Item you purchased from an online retailer was Infected with some type of substance/material, or It contained an undesired/harmful object when you opened the package (or box) after It was delivered by the carrier driver. Of course, nothing of the sort happened, you're just saying It did for SEing purposes. Now unlike the methods mentioned a few minutes ago and almost every other one that's commonly used by SE'ers of all shapes & sizes, the biggest advantage of "the Infected Item method" Is Its flexibility - It's compatible with any product you can get your hands on!

Whether you order something that comes In a box being the latest IPhone, AirPods or a pair of trainers, or a lined flannel jacket wrapped In a clear plastic bag, It makes no difference whatsoever and has no Impact on the Infected Item method. Moreover, It does not require any preparation on your end - for the fact that you'll be purely claiming your product was received In a condition that was totally Inappropriate/unacceptable, and (In a few Instances), a commodity that posed a health & safety risk, was found Inside the package/box. Everything I'm referring to, Is listed In the topics below and after reading each one, you'll see why the Infected Item method Is extremely effective and has a very high success rate. So without further ado, let's make a start.       


Finding Blood In Your Goods:

Before I begin, this approach Is a variation of "the blood method" and given the similarities Involved, It's Important to understand how It works, thereby you'd be able to apply what you've read to the Infected Item method with Incredible ease. Okay, In terms of the blood method Itself, It's generally used to circumvent returning an Item (as requested by the representative) so when you're asked to send It back, you use the excuse that you cut yourself while opening the box or Its packaging, and that the Item Is covered In blood. Because many companies refuse to accept goods In that state, and some carriers are not willing to transport them, the claim will most likely finalize In your favor - your account credited or a replacement dispatched.

Evidently, there's a lot more to executing the blood method, but It's way beyond the scope of this post to detail the lot. The "Infected Item method", on the other hand, functions the other way around by saying that you found blood stains on your product the moment the package/box was opened, and the benefit of this, Is that It can/does actually happen In legit circumstances - namely when storemen are quickly picking and packing orders using knives, tape guns etc. It's a fact that warehouse workers Inevitably sustain cuts and abrasions that subsequently result In bleeding - which may then be passed onto the Item(s) they're handling at the time, and that's what makes this entire scenario appear genuine.

Now when getting In touch with the rep/agent and explaining what happened (as per above) with the blood, depending on who you're speaking with, some will simply process your refund and others will try and make life difficult for you by asking to return It, or take a photo that clearly shows where the product contains blood. A very effective way to bypass each of those requests, Is to tell the rep that you were absolutely disgusted by what you witnessed (blood) and to avoid being personally Infected by It, you threw It In the trash. Be sure to "always express your disgust and personal risk of Infection", and you'll find that there's a high chance your claim will be approved.       


Finding A Spider In Your Goods:

From my personal experience In warehouse & logistics over a period of three decades, I can confidently say that I've come across countless occasions of Insects, bugs, arachnids etc located In pallets, skids, packages and boxes - some of which were dead, and many were well and truly alive! Irrespective of how well a given stores area Is maintained, by having pest control personnel visiting the premises on a regular schedule to ensure cleanliness and eradicate pests, the workplace will never be 100% free of cockroaches, ants and on-topic of this guide, "spiders". I've selected "spiders" as part of the SE for a very good reason - a lot of them are poisonous, and that's the main attribute that you'll be focusing on during your attack vector.

In other words, you'll be using a venomous/dangerous spider to your advantage by saying that It was Inside the package/box when you ripped It open and due to sheer panic, everything was thrown In the trash - your Item Included. What makes this very believable, Is firstly all the events that you've just read above pertaining to the existence of spiders In a warehousing environment and secondly, rarely (If ever) will anyone In their right mind, attempt to remove the spider and dispose of It thereafter. I, for one, would be frightened to death just by looking at It, and I'm sure you feel the same way.

Okay, when you're communicating with the representative and Informing him of what you've experienced, If you detect he's a stubborn Individual and the conversation Is leading to a request to provide evidence of what took place, beat him to It by "telling him that you were bitten by the spider and was Immediately rushed to hospital". Furthermore, say that upon being discharged yesterday, you still feel nauseous, tired and begin to sweat every so often, and also express your frustration of how you've been mistreated (by the rep) after your frightening ordeal. If you remain firm with your side of the story and reverse the situation by putting the rep at fault for his rude and Impolite attitude, expect a favourable outcome!


Experiencing A Bad Smell In Your Goods:

It's obvious that every company wants to make a huge profit with sales, hence the majority of products they advertise on the Internet to the likes of (but not limited to) clothing, footwear and electrical Items, are manufactured In another country  - for the purpose of  keeping labour costs down to a minimum. For example, at the time of this article, did you know that the latest Apple AirPods are being mass produced In China? And most of Nike's apparel and footwear come from Asia such as Thailand, Vietnam and of course China Itself? It's significantly cheaper to outsource their supplies to those countries, as opposed to manufacturing their products locally.       

Essentially, when a company orders ex-amount of stock, their goods arrive In shipping containers and depending on how their warehouse facilities Is structured, either the forklift drivers unload everything onto pallets or a team of storemen physically do It by hand. Given the shipment Is Imported, It's common practice for "containers to be fumigated" prior to unpacking the load by those who receive It. Put simply, when containers are In transit from one location to another, there's every possibility that disease-carrying pests will Invade the cargo, therefore most countries make fumigation a mandatory requirement and will only allow Importation under such conditions.

Because of Insufficient venting procedures, some shipping containers may still have levels of gas/chemicals, thereby It Inevitably Imbeds Into the goods as It's transported to Its destination -  namely the company who's awaiting their stock. If you haven't worked It out already, you're going to Incorporate that Into your SE, by saying that you experienced a very bad/sickening smell when taking out your product from the package - to the point of throwing It out for health and safety concerns. The best thing about It, Is that the rep cannot ask you to take a photo of the contaminated Item - It's obviously not visible! And If you're adamant on using "health and safety" as the reason for the Item's disposal, Inclusive of pushing the rep to his absolute limit, there's very little the company can do to decline your claim.         


A Knife Blade Found In The Package/Box:

The final event that I will discuss, Is just as effective as all the others that you've had the pleasure of reading thus far and given this Is seldom used by social engineers In today's world of exploiting online stores, I've decided to bring It to the attention of every reader who's currently viewing this article. As per the title of this topic, It pretty much speaks for Itself - the carrier driver dropped off your delivery and upon opening the "package", you found "a knife blade sitting next to your Item" and because It could've been handled by a number of people (example: workers from the company or manufacturer), you refused to take out your Item - "for the fear of catching some type of Infection" through physical contact with your product.  

Alternatively, you can use the same process by saying the blade was In the "box" rather than the package. It doesn't matter which of the two excuses you've selected - the fact Is, each and every warehouse utilize utility knives to cut boxes open when replenishing stock, as well as cutting bags and cardboard during their picking and packing of orders. As a result, It's not uncommon for the blade to snap and fall Into the package/box and go unnoticed, especially when workers are Inundated with customer orders and have deadlines to meet prior to close of business. The same applies to manufacturing plants. 

One of the benefits of using this procedure, Is that If the representative asks to take a photo of the blade In the package/box so he can continue assessing your claim, there's no need to Photoshop an Image, nor use the corrupted file method - you'd simply buy the cheapest knife you find on the Internet, break off Its blade and place It In the package/box accordingly, then take a photo as Instructed by the rep. It doesn't get much easier than that! As for complying with a request to return your goods, hit the boxing method and If need be use dry Ice to substitute the weight, or (as already mentioned a few paragraphs above), you disposed of It for health & safety reasons.


In Conclusion:

Many social engineers from beginner to Intermediate and (some) advanced, find It somewhat difficult to select a suitable method against the Item they're planning to SE. That's what prompted me to write this article - to put together a method that Is compatible with any product, regardless of Its nature, size and weight - which you now Identify It as "the Infected Item method"

I've also made sure that every event related to Its execution, Is based on legitimate circumstances hence from an SE'ers standpoint, It adds an added layer of protection when manipulating representatives to approve the claim. In closing, be sure to apply the Infected Item method by choosing any of the four elements It's associated with - "blood", "spider", "bad smell" and "knife blade", all of which are documented respectively In each topic above.

Comments