Skip to main content

Featured

SE'ing Encyclopedia

Updated: 29/03/2022:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

The Boxing Method For Beginners

 



Beginner's Guide To The Boxing Method

If you've been social engineering consistently for many months or perhaps years, by hitting companies to the likes of Zalando, Nike, Logitech, GoPro, Argos, etc and of course the largest eCommerce company being Amazon, you'd be well aware of what It takes to effectively manipulate their representatives to Issue refunds or dispatch replacement Items at their expense. Due to your level of expertise, things like Investigations opened, police reports requested to be filed and returned and asked to sign documents, are no cause for concern and handled with relative ease.

And If you're part of an active SEing community such as an Internet forum/board or a Discord server, there'd be no problem communicating with fellow SE'ers by abbreviating all messages, as well as discussing every traditional method Including (but not limited to) the DNA (Did Not Arrive), wrong Item received, missing Item/partial, sealed box, the faulty Item and the list goes on. However, If you've just started (or looking to get Into) refunding stores, there's no doubt you'd be at a complete loss as to what you've just read - particularly comprehending the aforementioned "methods".

As a result and referring to yourself who's had very little to no experience In the SEing sector, It's of the utmost Importance to be well-acquainted with at least one method, prior to selecting a retailer to refund - as It will give you a good understanding of what's Involved to prepare the SE In readiness for the attack vector. The problem many newbie SE'ers face, Is finding resources on the Internet that not only talk about the Ins and outs of methods In the capacity of "company manipulation & exploitation", but also discuss It purely from a "beginner's standpoint".    

Rest assured, I've got you covered. Given It's way beyond the scope of this article to cater for each and every method used by social engineers of all shapes and sizes, I will focus on just the one named "the boxing method" - which Is commonly used against almost every company that utilizes a carrier to service their goods. What you will learn today, Is what defines the boxing method, how to apply It with a commodity called dry Ice, and finishing off with the events the boxing method often triggers  while the claim Is In motion - all from an absolute novice point of view. But before ripping Into It, It's vital to understand what a "social engineering method" entails, so let's check It out now.     


What Is A Social Engineering Method?

When you've selected the company you'd like to SE and researched their terms & conditions, Inclusive of establishing their carrier partners, the next step Is to "create a strategy" on how you're going to execute the attack and deceive their representatives afterwards. That Is, you need a "plan" that will be used to guide your SE from beginning to end. The "plan" Is the "method" and without It, the SE cannot (and will not) make a start. Allow me to provide an analogy that you can relate to. Let's say you've purchased an entertainment unit from IKEA, that comes with shelves, draws, etc, In Its collapsed form.

In order to build It, the "assembly Instructions" must be on hand and If they happen to be missing, the job cannot be done. The very same principle applies to social engineering. In this case, the "assembly Instructions" Is the "method", which supports the attack vector to ultimately get what you're aiming to achieve - a refund or replacement Item. Now It's not as simple as opting for the first method that comes to mind. Apart from the DNA and the wrong Item received that're compatible with just about any product of reasonable size & weight, every other method Is based on the nature of the Item.

For Instance, given packages are weighed when dispatched by the company and also at the carrier's depot, If you're going to use the missing Item method, by saying that the Timberland Pro Safety Boots you ordered from Amazon (that weigh around 1.4Kg) were missing In the package when delivered by the carrier, your SE will fail. They're too heavy for the missing Item method. How so, you ask? Well,  when the company Investigates and cross-checks the carrier's records, the weight at 1.4Kg would've registered on their scales, therefore your boots could not have been missing when you received the package. 

If you had've chosen something less than "120 grams" (more on this soon), It would've been a different outcome - a successful result. Sure, some reps/agents are brain-dead and approve claims with very little to no questions asked, but for the most part, they do follow protocol, and It's this (compliance with protocol) that may cause huge complications with your SE - particularly when you haven't prepared your method accordingly

The reason why I've discussed the missing Item method above, Is because It heavily relies on the "accuracy of the Item weight" to succeed, and the "boxing method" Is also part of the equation. In other words, It's crucial to take the "product weight" Into account when formulating the boxing method - for the fact that you'd need to choose from one of two different approaches to put the method together. Don't worry, this will make perfect sense as the article moves forward. Okay, so without further delay, we'll have a look at the boxing method In detail below.    


What Is The Boxing Method?

There are many ways  the boxing method can be performed, but for the purpose of this tutorial, I'll demonstrate only the one example as follows. After the product was purchased and the carrier driver delivered the package to your premises, you'd contact the company and say that the Item you've received Is not working. Evidently, there's nothing wrong with It, but you're stating otherwise to SE them. The customer service rep will then go through a few routine troubleshooting steps - to try and Identify why It's not operating as per Its factory condition.

When he's satisfied It's defective, a refund or replacement will be arranged, but "only when your (seemingly) broken Item Is returned". Obviously, there's no Intention to send It back, and that's when the "boxing method" comes Into action, by returning the box/package without the Item, and making It look as though It was tampered with during shipment. To do that, cut the box/package on one side and seal It with different colored tape, so when the company receives the package, they'll think that someone stole your Item at some point In transit

If they're responsible for loss of goods (research this beforehand!), then they're liable to cover all expenses, therefore the company Is obligated to Issue a refund/replacement. As easy as It may sound, there's a few things to consider when preparing the boxing method. First and foremost, "get the precise weight of your Item" - as this will determine how the method will be formulated, and depending on how heavy It Is, one of two procedures will be used to put It together

If the product Is extremely light (under 120 grams), It will not be detected when weighed, so send the box on Its own with nothing Inside. Don't forget to cut the box/package and seal It with different colored tape! On the other hand, If the Item Is significant enough to register a weight, substitute It (the Item) with "dry Ice". I'd say It's very safe to assume that you have no Idea what defines "dry Ice", let alone how to apply It, correct? I thought as much. Don't panic, I've covered It In the next topic.  


Using The Boxing Method With Dry Ice

To make this easy to follow and comprehend, I'll begin with an analogy that I'm sure you've experienced at least once while attending some type of venue. Okay, when you've been to a birthday party, someone's wedding or perhaps hitting a few nightclubs/discos, have you witnessed a kind of foggy or smoky atmosphere on the dance floor? Of course you have. This Is In fact the result and effect of "dry Ice" - which Is "frozen carbon dioxide In Its solid form". When It's exposed to external conditions, such as being placed In a box that Is not airtight, It turns to "gas" and this Is known as "sublimation" - going from a solid piece of dry Ice to disappearing Into gas.

Unlike normal frozen Ice (that you have In the freezer), whereby It melts Into water when It's left lying around the kitchen, dry Ice Is quite the opposite - It does not melt, but rather "turns directly to gas" and does not leave anything behind - water or otherwise. That's why social engineers use It with the boxing method - when It sublimates (turns to gas) It leaves no trace that It ever existed, hence there Is no evidence to suggest It was used at the time of the SE. Here's how the boxing method & dry Ice Is prepared and applied. 

Let's say the Item you're supposed to return Is "950 grams". It's obviously too heavy, therefore dry Ice will be added In the box (Instead of the Item) that's a little bit heavier than 950 grams - just to allow extra time to sublimate when your package Is In storage and transit. As already mentioned, you'd then tear the box to a length that's slightly bigger than your Item and seal It with different colored tape. As such, It gives the Impression that your product was stolen when your return was on Its way to the company and when they received It, the dry Ice would've turned to gas, thus they're left with "only an empty box".

No doubt, they'll see your package/box Is not In perfect condition (which Is exactly what you want to occur), and after noticing It's been taped, It Indicates some Individual opened It, grabbed your Item and to cover their tracks, taped It thereafter. As a result, they don't have anything to try and decline your claim, so expect your account to be credited for the full cost of the purchased Item, or If you prefer a replacement, ask the rep/agent to send one out to you. Now the boxing method Is not all sunshine & rainbows - there are certain "events" that may happen beyond your control, which brings me to the final topic of this article.


What To Expect With The Boxing Method

Every method has Its pros and cons, some that flow rather smoothly with minimal disruptions, while others trigger all sorts of events that Inevitably require the SE'ers undivided attention to ensure the SE has a successful outcome. The boxing method Is definitely part of the latter, whereby there will be a series of events that take place when the SE Is In progress, hence It's vital to comply with requests from the company's representative - namely because It's all part of their protocol to move forward with the claim and nothing more.

For example, If an Investigation Is opened and you're asked to sign a statutory declaration, or file and return a police report, agree with each one - they're both purely needed for administration purposes to continue assessing your claim. Although a PR (Police Report) Is not common with the boxing method, nonetheless, many social engineers are particularly scared of having to deal with It - for the reason that they believe they'll get In trouble with the law. If you're one of those SE'ers, I can assure you that nothing could be further from the truth

The police have more Important things to do, than to waste their time and valuable resources on pursuing a "one-off  Incident" that's simply claiming you're not responsible for tampering with the package. So when you're asked for a PR, head over to your local police station and file one. Alternatively, you can do It online by completing the report with the relevant details, but depending on where you reside, especially If It needs to be done locally, not every police station allows a report to be filed on the Internet. Whichever option you choose, rest assured, there's no cause for concern.       


In Conclusion

On the grounds you've just started your career In the SEing sector, and/or have never come across the boxing method before, you're now well-equipped with the perfect Ingredients to effectively prepare It In readiness to tackle every obstacle that comes your way

Additionally, you have a clear understanding of the (possible) events that the boxing method may trigger - which puts you In a commanding position to handle each one accordingly. In closing, you've also learned how social engineering methods are structured, thereby you have a stepping stone to delve Into specific traditional methods as your skill set advances.             

Comments