Skip to main content

Featured

SE'ing Encyclopedia

Updated: 29/03/2022:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

Creating Aged Accounts

 


How To Effectively Create Aged Online Accounts

In terms of social engineering online stores to the likes of Zalando, Nike, Apple, Amazon, GoPro, Logitech etc, with the Intention to trick their representatives to Issue refunds or dispatch replacement Items at their expense, It can be quite an arduous task to get the job done - particularly when dealing with reps who follow protocol and work strictly by the book during the claim's assessment. As a result, complications can be expected while the SE Is In motion, that Includes (but not limited to) the carrier driver taking photos when using the DNA method, an OTP (One-Time Password) required to accept the package, or perhaps documents asked to be signed and returned, of which an affidavit Is not welcomed for the fact It's legally binding.

If you, as a social engineer, are not prepared to tackle the above-mentioned events In the appropriate fashion, or you have very little to no experience In "company manipulation and exploitation", your SE will come to an end In the early stages of the attack vector. Therefore, to significantly minimize the risk of failure, It's crucial to Identify how the company operates, as well as research the carrier that will be servicing your delivery, and then establish your method's pros and cons - thereby they'll all help ensure the claim heads In the right direction and ultimately approved In your favor.

However, there's one very Important element that a lot of SE'ers tend to overlook or disregard altogether - namely "the nature of their online account" when SEing a particular retailer - which plays an Integral role In maximizing the likelihood of the SE's success. For Instance, have you ever wondered why your SE failed miserably, even after formulating your method to perfection, flawlessly executing your attack and complied with each and every request from the company's customer service rep? Believe It or not, "the standing of your online account" may have been responsible!

In other words and put simply, If your account demonstrated signs of suspicious behavior, or It contained a few Inconsistencies, there's a high possibility It contributed to the rep's decision to decline your claim. As such, It's vital that It doesn't attract attention In any way, shape, or form - and that's where I come In. What you will learn today and as per the topic of this article, Is "how to effectively create aged online accounts" by Implementing a number of measures that will solidify Its status, thus allow you to continue SEing safely and securely. Okay, without further delay, we'll get this started.


What Is An Aged Account?

If you've registered a fresh online account and have been social engineering the same company, you'd obviously try and refund or replace every purchase made. That's the point of SEing - to obtain goods absolutely free of charge, but the more you claim, the greater the chance of capturing the Interest of representatives - who will then Investigate your account, and sift through every payment, Incident and activity. If you've only performed refunds and given the account Is recent, It will Immediately raise suspicion, hence It's very likely It'll either be flagged or closed.

In the worst-case scenario, the company may decide to reverse any or all transactions. As a result, It's paramount to make your account appear as though It's used for legit purposes, and that's when you "create an aged account" by allowing It to mature and at the same time, build some credibility on It BEFORE deciding to hit your SEs. In doing so, It will have a good track record and shall not be the focal point of attention while the claim Is being evaluated, therefore It'd be ready to go when the time comes to social engineer the company In question. So let's have a look at all the steps needed to constructively create an aged account.  


The Steps To Create An Aged Account

Having an aged account that's many months or better still, years old, has a much better Influence on your SEing activities, as opposed to one that was just created only a few weeks ago. But to this day, I continue to come across SE'ers who struggle to grasp the concept of how the account should be formulated, and eventually reach Its maturity In readiness for the attack vector. The reason for that, Is because there are a number of steps that must be applied  before the account Is classed as "aged" and "In good standing" - all of which I've covered In the subtopics below. What you're about to read, runs In chronological order, so be sure to not skip anything from this point onwards.   


All Credentials Must Match

When legitimately buying products on the Internet, It only consists of purchases with the occasional return due to a change of mind, a defective Item or perhaps receiving something different to what was originally ordered, so there's no cause for concern with claims and transactions. But the same cannot be said from a social engineering standpoint. For Instance, a lot of SE'ers prefer to anonymize their payment system by using a "Virtual Credit Card" with a fake name (similar to what this service provides), which Is commonly used to prevent being billed with advanced replacements

While It's all well and good to prevent being Identified, Inclusive of protecting your real credit card, If there's any discrepancies with your payment system and online account, there's every chance the company you're SEing will decline your purchase. As such, they'll request ID documents, bank statements, etc - just to verify there's no fraudulent Intent on your part. In some cases, your account may be closed without notice, and It can be a rather difficult process trying to reinstate It. Of course, the discrepancies also apply to other Inconsistences on the account. The bottom line Is, "make sure all credentials match" - with both real and fake accounts.  


Perform Legit Purchases

In order to build credibility on the account, and give the Impression that there's no deceitful activity with goods you're Intending to buy and refund/replace, It's of the utmost Importance to "perform a few legit purchases" prior to hitting your very first SE. This will help mask and draw attention away from your acts of social engineering, thus make It seem as though there Isn't any Illegal behavior on your end. There are no hard and fast rules as to what should be purchased, nor does the value of the Item(s) matter - the only thing of significance, Is "transactions recorded on the account".

But to maintain a sense of normality and authenticity, It must be done systematically, meaning on a reasonable level and not too extreme. That Is, don't go overboard when buying products by grabbing anything that comes to mind "In one hit" and/or "In large volumes". This can be counterproductive and actually work against you - as too many purchases may Indicate unusual spending patterns, thereby set alarm bells ringing. As a rule of thumb, buy one or two Items and start SEing after that, then use the same formula with every other SE performed. 


Do Not Hit Any Refunds

Before I begin, I'd like to remind you that everything you've read so far (and will continue to read), pertains to "creating" an aged account - that's purely designed to kick off your first social engineering attack, and then allow you to keep SEing with minimal disruptions and complications. Understood? Good! Okay, generally speaking, companies review accounts based on their overall activity, and If they've established that you've requested refunds for a large number of orders, there's a high probability they'll evaluate/Investigate the account on a case-by-case basis.   

For example, let's pretend you've been consistently and recklessly SEing Amazon for refunds, you may receive an email something along the lines of:

"We noticed many returns for refunds from your account In the past few months. We understand that occasional problems with orders are expected, however the Issues you have reported with your orders, exceeds this exception. If this problem continues, an account closure may be necessary and we will no longer allow you to buy on our site".

That's a standard message sent by the Amazon Account Specialist team (just a bunch of office staff with a fanciful name!), to warn you that you've claimed too many refunds on the account In question. If you Ignore It and still SE In the same manner, I don't need to explain the consequences of your actions. So right after you've created your account, do not hit any refunds with your legit purchases - save It (the refunds) for your SEs but work on a ratio of 2:1 - with "2" being the number of legitimate purchases, and "1" being a single SE afterwards.  
 

Do Not Hit Any Chargebacks Or Disputes/Claims

Not every social engineering attack vector goes according to plan - It WILL fail at some stage, regardless of your level of expertise, and how well you've researched your target and prepared your method. Nevertheless, there's still a chance to refund your purchase by filing either a "PayPal Dispute/Claim" or a "Chargeback" via your credit card provider. Both are equally effective to recover funds and should always be used as a backup when all else fails, but SE'ers tend to abuse the service by making too many claims and/or chargebacks In close timing when It's not needed.

As a result, PayPal accounts can get limited and credit cards may be frozen or terminated, hence transactions on both payment systems cannot be processed. Moreover, because Information Is collected by PayPal (or the credit card provider) from the company you're SEing, "It also Impacts on your online account" - with the possibility of It being flagged or closed without prior warning. 

All the events above, obviously relate to accounts that are up and running while SEs are In motion - which has the same effect If you decide to execute chargebacks/disputes/claims "with your legit purchases after the online account has been created". Do you get what I'm saying, or am I speaking another language? The message Is loud and clear - read the title of this topic and stick to It!


Allow The Account To Mature

Now that you've created an account by making sure there's no mismatch with your credentials, as well as performing legit purchases and keeping refunds & chargebacks down to zero, the final step Is to "allow the account to mature", meaning to let It sit around for a short period of time, and then start using It for social engineering purposes. 

Why Is that, you ask? Well, when (for example) an account Is a few months old and has a clean transaction history, It seems a lot more reputable as opposed to one that's only been active for a couple of days or perhaps a week. As an analogy, a 21 year old blended bottle of whiskey, Is Instantly considered a valued commodity purely by Its age. The same principle applies to an online account - the older It Is, the more value It holds.    


In Conclusion

Upon reading this entire article, you're now fully aware of why It's vital to Include an aged online account as part of your social engineering toolkit - specifically when planning to SE the same company many times In succession by using a variety of methods and approaches.

On the grounds you've thoroughly read and absorbed every word In each topic, you now have the perfect Ingredients to effectively "create an aged online account", that will help support your SE to predominantly achieve a favorable outcome - a refund generated Into your account, or If you prefer, a replacement Item dispatched at no extra cost

Comments