Skip to main content

Featured

SE'ing Encyclopedia

Updated: 08/09/2022:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

Every Company SE'ing Event

 


Every Event That Can Be Expected With Companies

SEing online stores for refunds or having replacement Items dispatched at their expense, Is very rewarding and depending on your level of commitment, It can be quite profitable but the fact Is, It's not all sunshine and rainbows. Complexities will Inevitably be experienced while the claim Is In motion, and Irrespective of operating as an advanced SE'er, there's very little you can do to "prevent the series of events that take place within the confines of the company".

The reason for that, Is because after your method has been formulated and the attack vector leaves your local environment, you've handed over your SE's ownership to the company, and It's at this stage when problems arise. Things like procedures used when packing orders, Investigating discrepancies with claims, goods checked while your order Is being packed, online accounts flagged and eventually closed, and a request for a proof of purchase when you don't have the Item to begin with, are only a few examples of how your SE can be Impacted - sometimes to the point of failure.

In order to help ensure everything runs as smooth as possible with minimal disruptions, It's of the utmost Importance to be aware of the different types of Incidents that will come your way during your SEing activities, and that's where I come In. I will not only list those that are likely to happen, but shall "cover every event that can be expected when social engineering online stores/retailers" to the likes of Argos, Adidas, Nike, Amazon, Logitech, SteelSeries, ASOS, Wayfair and the list goes on. Yes, I'll discuss every company SEing event In this article!

What you're about to read Is very, very lengthy that's taken me a few days to complete and when you've finished delving Into each topic, I have no doubt you'll appreciate the work I've put In to writing this entire tutorial. My objective Is to provide you with all Information pertaining to "company events" In a single resource, thereby you can reference the content, as the need comes to hand with your SEs. 

To make It easy to Identify and locate, I've created a "Table Of Contents", which can be used to hit Ctrl-F on your keyboard and jump to the topic In question and at the end of each topic, I've added my recommendation titled "Action Required" which means exactly that - the best course of action (If any) required by yourself, the social engineer. Also, (where available), I have linked each topic to Its respective guide on this blog. Okay, so make a few cups of coffee and without further delay, we'll get this started. 


Table Of Contents
  1. Company Investigation
  2. File A Police Report
  3. Asked To Sign A Statutory Declaration
  4. Asked To Sign An Affidavit
  5. Denial Of Receipt Form Issued
  6. Cease & Desist Notice Issued
  7. Internal Company Document Issued
  8. CCTV Cameras In Operation
  9. Goods Checked During Packing
  10. Online Account Flagged
  11. Online Account Closed
  12. Request For A POD
  13. Request For A POP
  14. Request Photos Of Damaged Goods
  15. Asked To Deal With The Retailer
  16. Asked To Deal With The Carrier
  17. Advanced Replacement Offered
  18. Responding To PayPal Disputes/Claims
  19. A One-Time Exception Offered
  20. Asked To Return The Empty Box

1. Company Investigation

When things don't quite add up with what you've said to the company about your SE, they'll open an "Investigation" which Is basically an official Inquiry Into your claim, to see why your Information doesn't correspond with theirs. There are two types that take place. The first Is an "Internal Investigation" that happens within the company Itself (checking their picking & packing records, CCTV camera footage etc), and the second Is an "external Investigation", whereby they'll liaise with the carrier to verify details about your consignment (package weight, GPS/tracking Info etc). When you've been told your claim Is being Investigated, be sure to remain compliant.

Read More Here

Action Required: An Investigation Is simply part of company protocol to move forward with the claim. Contact the rep/agent every few days/week and ask where your claim stands.


2. File A Police Report

If the DNA (Did Not Arrive) method Is used, by saying the driver did not deliver the package to your address, the company will get In touch with the carrier and cross-check the shipment to try and establish precisely what went wrong, and attempt to locate the whereabouts of the package. If their findings are Inconclusive, you may be asked to "file a police report" stating that everything you've said (about the SE) Is true and correct to the best of your knowledge. A lot of SE'ers are hesitant to file a PR, but rest assured, there's no cause for concern.  

Read More Here

Action Required: A PR Is only a bit of paperwork that's needed to continue assessing the claim, so head over to your local police station and file It, or where available, It can be submitted online. 


3. Asked To Sign A Statutory Declaration 

Much the same as a police report, a "statutory declaration", also known as a "stat dec", Is a written statement that declares everything you've stated (about the SE) Is true and correct. It Is signed In the presence of an authorized witness such as (but not limited to) a police officer, or a medical practitioner. Given that legislation and regulations differ between many countries, I cannot speak for each and every region, so what you've just read, Is based on general principles of law and not bound to any specific location.

Read More Here

Action Required: A statutory declaration Is not a legally binding document per se, hence when you're asked to sign and return It, comply with the representative's request.  


4. Asked To Sign An Affidavit

This type of document Is a lot more serious than a stat dec, namely because of the legal ramifications that may arise If the company In question, decides to pursue the matter (your SE) further by putting your claim In the hands of their solicitors. Unlike a statutory declaration that must be signed In front of a Justice of the Peace to make It legally binding, an affidavit Is quite the opposite - once It's signed, It becomes a legal document there and then, and can be used as evidence In court. Now I'm not suggesting It "will happen", but rather It "may happen" - should the company decide to take litigation against the SE'er.

Read More Here

Action Required: Due to the (remote) possibility of an affidavit leading to legal proceedings, I always suggest not to sign It but ultimately, It's your call. Refer to my guide for more Info. 


5. Denial Of Receipt Form Issued

This Is relative to the DNA method, whereby upon claiming you did not receive the package from the carrier driver, the company (you're SEing) will open an Investigation and ask the carrier who serviced your delivery to check their GPS/tracking records, photographic evidence, whether the package was left at a safe place at your home or with the neighbour, and so forth. If they fail to find It, that's when you may be asked to sign & return a "denial of receipt form" - which, as Its name Implies, Is used to state you've denied receipt of goods - meaning you haven't received your product. 

Action Required: This Is very similar to a statutory declaration that you've read a minute ago, so It's perfectly fine to scribble your signature and email It back to the company.  


6. Cease & Desist Notice Issued

When a social engineer goes too far with obtaining refunds or replacements against a company, a "Cease & Desist" letter may  be sent (by the company) to the SE'er asking to Immediately stop his activities. It's basically a warning to alert him that his actions are In breach of the company's contract and/or terms, and to stop what he's doing there and then. If the SE'er Ignores the C&D and continues with his SEs by refunding the same company after the notice was sent, legal action can be taken and In the worst-case scenario, legal proceedings could already be In progress - which will be stated In the letter.

Read More Here

Action Required: As you can see, a Cease & Desist notice Is quite serious, so If you happen to be Issued with one, It's paramount to stop refunding the company In question.   


7. Internal Company Document Issued

An "Internal company document" Is prepared "Internally" and generated by the company Itself - perhaps by the account's section, HR department or the senior management team. It serves the same purpose as a statutory declaration, to confirm that everything you've said and done with your SE, Is true and correct. One way this type of document Is Identified, Is by a logo or a heading that represents the company - both are usually located at the top of the document, or sometimes at the end of the page, just after Its contents have been finalized.

Action Required: Given an Internal company document Is solely created by the company's personnel and without any Involvement by their legal representatives, there's no problem putting pen to paper.


8. CCTV Cameras In Operation 

If you've never SE'd a particular company, and you're planning to use the missing Item/partial or maybe the wrong Item received method, It's crucial to establish If they have "CCTV cameras" In operation that actively monitor their warehouse picking & packing procedures. The reason for It, Is because when you put In a claim, the company will refer to their CCTV footage, and deem that your product was picked and packed correctly when using the above methods. Cameras don't lie, social engineers do!

Read More Here

Action Required:  If deciding on using the above-mentioned methods, be sure to claim (where applicable) "the Item was not In the box". Cameras cannot see what's Inside the box, hence the footage will be Inconclusive.  


9. Goods Checked During Packing

Unbeknownst to many SE'ers, certain companies actually "check their goods as they're being packed In the box/package" prior to taping It up, and sending It off to the buyer. For Instance, I can confidently say that a UK sunglasses (and watch) retailer called Shade Station, operates by "opening the sunglasses case to make sure the product Is Inside", and then packs and sends It to the customer. Other stores with a similar setup, also work In the same fashion. This ensures the buyer gets what he/she paid for.

Action Required: Do not use the missing Item, partial and the wrong Item received method on stores whose warehousing team function In a manner as described above. 


10. Online Account Flagged

If the rep/agent has reason to Investigate your account, perhaps due to (for example) Identifying a number of wrong Items you've returned were not part of their Inventory, they'll not only check those Incidents, but also delve Into every other transaction. What they generally look for, Is unusual spending patterns and Irregular activity performed on the account - such as a high volume of refunds within a particular time frame. If the events are not too serious and do not warrant an Immediate closure (more on this In the next topic), "your account will be flagged", meaning It's being actively monitored for suspicious behavior.

Read More Here

Action Required: Your account Is treading on thin Ice, thus build some credibility by making a few legit purchases, and stop SEing for a while - around 7-8 weeks will suffice.   


11. Online Account Closed

If you've been consistently SEing using the same account on a very regular basis, you'd obviously try and refund every purchase made. That's the point of social engineering - to obtain goods absolutely free of charge, but the more you claim, the greater the chance of attracting attention from customer service representatives. And If you don't change your approach and act Irresponsibly by continuing to SE one product after another, your online account may well and truly be closed without notice. That's right, you will not be told In advance of your wrongdoing, but Instead you'd wake up one morning to check your emails, and a message pertaining to the account's closure will be sitting In the Inbox.

Action Required: Precautionary measures must be taken to prevent an account closure. Check out my tutorial here on how to SE safely, and read the account-related topics.   


12. Request for a POD

Due to the nature of various stores/retailers, namely those selling and servicing technology-based products to the likes of keyboards, headsets, mice (PC mouse) etc, It's a commonality for the company to request a "POD" (Proof Of Destruction). This happens when you SE an Item under warranty and saying that It's not working. They'll then go through a few troubleshooting steps and when they're satisfied It's not functional, you will be told to destroy It, and take a photo or record a video showing the damage. A POD Is used Instead of sending the product back

Read More Here

Action Required: In terms of taking a photo, use the corrupted file method or Photoshop the Image. As for a video, follow my guide with the corrupted video method


13. Request for a POP

Some SE'ers don't have the cash upfront to buy an Item, therefore they need to pretend they've bought It and have a "POP" (Proof Of Purchase) In their possession - as It will be requested by the rep/agent to verify the product was In fact purchased from their Inventory. A couple of methods that won't cost you a single dime, and tend to trigger a POP, Is the serial number method and the gift method. Essentially, the refund/replacement Is processed on the grounds your POP Is received, cross-checked and verified.

Read More Here

Action Required:  The POP can be circumvented using the corrupted file method or alternatively, It can be generated via this online service


14. Request Photos Of Damaged Goods

If you're social engineering Items manufactured In glass (such as perfumes & colognes) by using the broken glass method, and saying the bottle was smashed/broken when the package was dropped off by the carrier driver, the claim Is handled In one of two ways. The representative will ask to return the broken bottle to be used as evidence during their assessment, or request photos of the damage clearly showing the breakage. When either one has been fulfilled, a refund/replacement will be Issued.

Action Required: With regard to photos requested, again, the corrupted file method Is available, or If you're proficient In Photoshop, put your skill set to good use. As for sending the broken bottle back, using the boxing method


15. Asked To Deal With The Retailer

When you've bought your Item from a "retailer", but you prefer to put In a claim to the "company who actually manufactured  the Item you're SEing", they may ask you to deal directly with the retailer -  for the reason that the original purchase was made with them. While they're well within their rights to do that, It doesn't mean you need to obey their request and furthermore, as the manufacturer, they're obligated to at least listen to the Issues you're having with "their product". Obviously, you have no Intention to speak with the retailer, so you must have a very good excuse as to why they refused to be of help.

Action Required: Tell the company/manufacturer that you spoke with the retailer, and they said that they don't handle warranty claims, thereby asked you to contact the manufacturer. 


16. Asked To Deal With The Carrier

This Is quite a ridiculous request, and If you haven't experienced It as yet, you will at some stage of your social engineering activities. Okay, this event typically happens with the DNA method, whereby upon claiming your goods weren't received, the company (you're SEing) Instructs you to communicate with the carrier, to try and locate the whereabouts of your package. If you're told something along those lines, don't even think about complying - for the fact that "the Item(s) were ordered from the company, not the carrier", so It's their (company's) duty to manage your claim.

Action Required: Tell the representative that the carrier's job Is to deliver packages, and not handle the evaluation of your claim, and remain adamant that It's the company's responsibility to assess It. 


17. Advanced Replacement Offered
 
As Its name Implies, an "AR" ("Advanced Replacement") Is when the company sends out a replacement Item BEFORE you return the one that was purchased from them that's (apparently) defective. In other words, they'll send a replacement "In advance" so when you receive It, you're supposed to return the broken product. Being the SE'er that you are, you'll do nothing of the sort but to prevent being Identified and your account billed, fake credentials will be used to buy the product, Inclusive of using a VCC to protect your payment system, and a drop house to accept the Initial purchase. 

Read More Here

Action Required: As stated above, It's Imperative to create a fake online account and use a virtual credit card to buy the Item, and then meet the carrier driver at a drop house to grab the delivery.


18. Responding To PayPal Disputes/Claims

The main reason social engineers use PayPal as their preferred payment system, Is because It offers "Buyer Protection", so If something goes wrong with the purchase (which It will!), such as "the package did not arrive" (DNA method) or a "different Item was received" (the wrong Item received method), PayPal will try and correct It. And the way they do It, Is by contacting the company (you're SEing), and collect Information relative to the Incidents of your claim. However, some companies don't bother liaising with PayPal and totally Ignore them and as a result, PayPal has no choice but to credit (refund) the SE'ers account.

Action Required: In the event the company cooperates with PayPal, be sure to gather and prepare all details In support of your claim In advance, and forward them to PayPal on request. 


19. A One-Time Exception Offered

A lot of companies have hidden policies that are not listed In their terms & conditions, nor are they publicly available via other means, of which "Apple" (apple.com) Is one of them. Unbeknownst to the majority of social engineers, Apple has what's called a "one-time exception", whereby Instead of going through their usual protocol to assess a given claim, they'll make an "exception" and approve It without (for example) asking to return the product. The one-time exception, can only be done once per each Individual account.

Action Required: Apple will not tell you about the one-time exception, so you must specifically ask for It while your claim Is still active. I suggest doing It when It's either declined, or Is heading down that path.


20. Asked To Return The Empty Box

Although this type of request Is somewhat of a rarity among companies that operate on a small to medium scale, It does happen every so often with larger corporations - particularly "Amazon" when hitting the missing Item method as follows. After Informing the rep/agent about receiving a box with nothing Inside, for some stupid reason, "he will ask you to return the empty box" so as to continue with their assessment. Yes, you read that right, a useless empty piece of cardboard box Is needed by the company to finalize the claim. Try and make sense of that! 

Action Required: As silly as It sounds, It's vital to comply with the representative's Instructions, by sending the empty box as stated In the email message, live chat or your phone conversation.    


In Conclusion

Now that you've reached the end of this article, I'd say It's safe to assume that you're thinking I've missed a few company events and rightly so - I have purposely omitted those that're miniscule, and have very little to no Impact on your SE. My objective Is to educate you on each and every event that you WILL experience at some point while social engineering companies on any level. And after reading every topic, you're well-equipped and prepared to tackle the most problematic Incidents that come your way, so use your knowledge wisely, effectively, efficiently and accordingly.      

Comments