Skip to main content

Featured

SE'ing Encyclopedia

Updated: 29/03/2022:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

Online Accounts Flagged

 


Online Accounts Flagged While Still SEing The Company

When operating on an Intermediate or advanced social engineering level, who's been dedicatedly hitting companies of all shapes & sizes, or offering a refund service to beginner SE'ers, due to the knowledge and skill set attained, you'd know precisely what to expect when using certain methods, and how to handle and effectively tackle events that're Inevitably triggered during your SEing activities. For Instance, If the DNA method was used, whereby you've said the package wasn't delivered to your address or a drop house, It's common for the company to ask for a document to be signed & returned - just to confirm that everything claimed (about the SE) Is true and correct.

If It's a statutory declaration, a denial of receipt form or maybe a police report, you're well and truly aware that they're only required for administration purposes to move forward with the claim, therefore there's no cause for concern - signing and emailing It back Is perfectly fine, namely because neither of them Is legally binding per se. On the other hand, If the company hits you with an affidavit, It becomes a legal document the moment you put pen to paper and can be used as evidence In court, thus you'd refrain from dealing with It altogether. 

All the above Incidents and requests, are addressed with Incredible ease and what's responsible for that, Is the fact that yourself (as a social engineer) having years of experience with "continually exploiting" stores/retailers to the likes of Wayfair, GoPro, Zalando, Amazon etc, and deceiving their representatives to Issue refunds or dispatch replacement Items at their expense. Notice I've quoted "continually exploiting" just above? That's because If It's done that way In a careless manner by not taking precautionary measures to protect each SE, It can lead to one particular consequence - specifically your "online account being flagged"

When that happens, It can have a serious Impact on your ability to keep social engineering the company who flagged your account, and If you keep repeating the SEs In the same fashion, action will be taken by permanently closing the account without any chance of appealing the decision. So what exactly Is a "flagged account", "what are the ramifications after It's been flagged", and "how do you prevent It from happening to you?". I'll answer all that respectively In the topics below, hence upon reading this entire article, you will have a clear understanding of how and why an account Is flagged, thereby you can apply what you've learned to continue SEing the same company securely and safely. Okay, without further ado, let's rip Into It.    


What Is A Flagged Account?

When you're on a winning streak from one SE to another, It's very easy to get carried away and lose track of precisely when each one took place, and while you may be under the Impression that your refunds have been settled In full, behind the scenes of the company's claims department, "records are kept of every communication and claim". Essentially, If the rep/agent has reason to Investigate your account, perhaps due to (for example) Identifying that quite a few wrong Items you've returned were not part of their Inventory, they'll not only check those Incidents, but also sift through every other transaction.

What they generally look for, Is unusual spending patterns and basically any Irregular activity performed on the account, such as a large volume of refunds within a particular time frame. If the events are not too serious and do not warrant an Immediate closure (more on this In the next topic), "your account will be flagged", meaning It's being actively monitored for suspicious behavior. 

Under the circumstances, It's almost a certainty that you'll receive some type of warning from the representative, thus It's crucial to be well acquainted with Its contents. Given every company differs In the way they word and format their messages, I cannot possibly cover the lot, so I'll provide a typical OFM email generated by Amazon as follows:  

"Hello,

We noticed that you have requested refunds for a large number of orders. We understand that occasional problems with orders are expected In the normal course of business, however the unusually high number of problems that you have reported with your orders, exceeds this exception.

When unusual account activity such as this comes to our attention, we evaluate each account on a case-by-case basis to determine If additional action or account closure Is necessary. If this problem continues, we may no longer allow you to buy on our site.

If you believe you may have received this message In error, or If you would like to clarify your order activity, please respond to this email within 30 days".


That's a standard message sent by the Amazon Account Specialist team (just a bunch of office staff with a fanciful name!), to warn you that you've claimed too many refunds on the account In question. As you can see above, I've highlighted some keywords In green. The reason for this, Is even though It's flagged, It actually denotes the account Is still active. Here's an explanation of what I'm referring to:

  • If additional action or account closure Is necessary - They've yet to decide If action will be taken.
  • If this problem continues - This Implies further purchases can be made on the same account. 

In short, the flagged account Is still up and running, however due to the magnitude of refunds performed, It's lost a significant amount of credibility - which Is a direct result of the SE'er being Irresponsible by repeatedly claiming refunds In quick succession. If you social engineer In a similar manner, not only with Amazon, but with any company for that matter, It's Inevitable you'll experience something to that effect with your online account. And If you keep going, It won't take long before you'll lose It without any hope of being reinstated, which brings me to the next topic.  


The Ramifications Of A Flagged Account

If you've been SEing consistently for quite a while by using the same account for every transaction on a very regular basis, you'd obviously try and refund almost every purchase made. That's the point of social engineering - to obtain goods absolutely free of charge, but the more you claim, the greater the chance of attracting attention from customer service representatives. And If you don't change your approach and keep recklessly SEing one product after another, your online account will be flagged and closed not long after.

This can happen In one of two ways. You'll either receive an email about the flagged account and subsequent to that, be notified about the closure via the same gateway (email), or the account will be closed without notice. That's right, you won't be told In advance of your wrongdoing, but Instead you'd wake up one morning to check your emails, and a message similar to the one below will be sitting In the Inbox.

"I can confirm that your account has been closed due to unusual returns activity, and It Is also correct that this decision has been made after taking a number of factors Into consideration. 

Passing over the full details as to what exactly these factors are Is something we're not able to do - we're unable to share this Information as If It were to be made public, It could lead to more unfair use of our service. If you have any other questions at all, please ask. 

Best wishes, Peter".

The message above Is pretty vague and other than stating "unusual returns", It doesn't specify why It was closed but one thing for sure, once an account has been "permanently closed" especially by Amazon, that's the end of It - for the most part, It's gone for good. You'd then need to go through the arduous task of creating new accounts, by changing every Identifiable detail linked to the original/primary account, hoping that multi-accounting will not be detected. It's an Inconvenience that could've easily been prevented - If you took the time to minimize the risk of the account being flagged to begin with, so we'll have a look at that now. 


How To Prevent Flagged Accounts

Although there Isn't a 100 percent fail-safe methodology to prevent flagged accounts, you can certainly Implement a number of measures on your end to significantly reduce suspicion being raised during your social engineering activities. As a result, It will help ensure the account's longevity by making every SEd transaction appear as though It's legit, hence there'd be very little to no reason for reps/agents to Inquire Into every previous and present purchase. To avoid congestion and make this easy to follow, here's my shortlist of recommendations In point form.

  • Allow a sufficient gap between each SE (to play It safe, 6-7 weeks from one to the next)
  • Perform legit purchases on the same account (self-explanatory)
  • Alter the value of the Items (hit low value Items every now and then)
  • Don't use the same method many times In a row (no need to explain this)
  • Give the SE a break for a while (stop for a couple/few months and repeat It every so often)
  • Don't always refund (throw In replacements to break the same pattern of behavior)
  • Log In from the same environment (a VPN may Indicate the account has been compromised, so for security purposes, the company may flag It)
  • Keep chargebacks and PayPal disputes/claims to a minimum
  • Where possible, allow the account to mature (an aged account Is In better standing than a fresh one)

In Conclusion

It's of the utmost Importance to make sure that your online account remains In a healthy state when SEing the same company on a consistent basis, because once It's been flagged (unless you have sufficient evidence to prove the company wrong), It cannot be reversed -  which puts a stop to your ability to SE the given company using the same (flagged) credentials. 

After reading this article, there's no doubt that you've acquired the knowledge on why accounts are flagged, Inclusive of the consequences that are likely to be experienced, as well as the best approach to prevent setting off alarm bells from one SE to another, so be sure to apply yourself by putting everything you've learned Into practice accordingly.         

Comments