Skip to main content

Featured

SE'ing Encyclopedia

Updated: 29/03/2022:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

How To SE Tech Items

 


How To Social Engineer Technology-Based Items

Every social engineer differs to some degree with the type of Items they're Interesting In SEing, and depending on whether they're male or female, the needs and wants will Inevitably vary between each gender. Things like beauty products, hair straighteners, air purifiers and coffee machines are a commonality with women, while men are predominantly Interested In electric shavers, trainers, hoodies, watches and sunglasses. But Irrespective of being a guy or a girl, there's one commodity that captures the Interest of every person - namely "technological Items".

For Instance, be It at work or for personal use at home, "computer laptops" are used by just about every person to do their online banking, navigate on Facebook or perhaps perform data entry tasks at the office. The same applies to "cell phones" - every man and his dog (so to speak!) owns an IPhone or an Android device nowadays, and the moment the latest release Is available, most users dig Into their hard-earned savings and purchase It by attending their local mall, or grab It from an authorized phone dealer. 

Technology moves very fast, hence It can be rather expensive upgrading devices every time a new model Is developed and released by the manufacturer. Wouldn't It be nice, If you can get your hands on whatever you please without paying a single dime on each and every occasion? That's where I come In, by Introducing you to the power of manipulation called "social engineering", whereby companies are exploited and their representatives are deceived Into Issuing refunds for the cost of the purchased Item, or dispatching a replacement product at their expense - while you still get to keep the original one.

Now If you're new to SEing or looking to get Into the scene for the very first time, I strongly suggest reading my tutorial called Beginner's Guide to SE'ing and when you're done, you can continue where you left off here. What you will learn today, Is "what defines a tech Item", four of the very best "methods used to SE tech Items", "what to expect after the product has been social engineered", and finishing off with "when to use the SEd Item". This article Is VERY lengthy, so make yourself a few cups of coffee and we'll get this started. 


What Defines A Tech Item?

Even though the title of this topic Is pretty much common sense, self-explanatory and for the most part, does not require any elaboration whatsoever, It's Important to know precisely how tech products are categorized, and what actually Identifies them as part of the technology sector. As a result, you'll be well-prepared for the ramifications (as discussed In the second last topic of this article) that may take place while your claim Is In motion. Having such knowledge, allows you to make an Informed decision as to whether or not to SE a particular product - as some retailers are known to "blacklist" or "track devices" after the claim has been finalized.

So what exactly defines a tech Item, and how does It differentiate Itself from other products? Stating the obvious, It pertains to anything that's manufactured to perform some type of functionality. Due to the purpose It's designed to serve, such as authenticating via an online service to the likes of an Apple ID, or hooking onto a carrier to get a cell phone up and running, the majority of devices contain a "serial number" and/or an IMEI number

Both the IMEI & serial Identify ownership of the device, and the latter (serial number) verifies It when making a warranty claim. Naturally, there's a lot more to It than that, but I cannot possibly cater for every detail. Now that you comprehend the foundation of how tech products are structured, we'll rip Into "four of the most effective methods" that I've personally handpicked to social engineer almost any technology Item that comes to mind.


Methods Used To SE Tech Items

Each and every traditional method used In today's world of "company manipulation and exploitation", Is crafted to serve Its very own objective, therefore It's paramount to have the ability to recognize, select, understand and utilize a given method (In that very order) to Its full potential against the product you're planning to social engineer. 

As such, It will significantly help the SE to run smoothly right from the get-go, and continue to head In the right direction until the claim Is ultimately approved with a refund or replacement. To assist with your method selection, I've discussed how each one operates and at the end of Its respective guide, I have added a description titled "Method Suited To", which means exactly that - the nature of the Items the method Is suited to. So, I'll kick It off with the good ol' "missing Item method"


The Missing Item Method 

As Its name Implies, the missing Item method Is used to say that the Item ordered from an online store, was missing when you "opened the package" after It was delivered by the carrier driver. Alternatively, you can say that upon "opening the box", there was nothing Inside. You'd then contact the representative and tell him about the missing goods, and at this point, the claim will make a start with the assessment process. Unless the rep/agent Is half-asleep on the job and approves It on the spot or a chat bot does the same, a number of events will most likely take place before a decision Is made on the claim.

For example, the company may open an Internal Investigation, whereby they'll view (where available) their CCTV footage to see If the product was correctly packed, or perhaps launch an external Investigation and cross-check the weight recorded by the carrier who serviced your delivery. As a result, It's crucial to establish whether the company (you'll be SEing) has CCTV cameras monitoring their warehouse and of the utmost Importance, to "keep your product under 120 grams" - preferably half that weight or less.

Why Is that, you ask? Well If you're social engineering a Lenovo Yoga Slim 14 Inch laptop at 1.3 Kg, don't expect a favorable outcome, particularly when reps/agents work strictly by the book and assess claims with a fine-tooth comb. All It takes, Is to check the weight of the package taken at the carrier's depot, and If It's not 1.3 kg lighter, then your laptop could not have been missing! I don't need to explain what happens next. All In all, do your research for CCTV cameras, and be sure to maintain a weight no greater than "120 grams" when SEing your tech Item(s). To give you an Insight of suitable products, I've created a shortlist below which can be used as a general guide. 

Method Suited To: Very Lightweight Items
  • AirPods (Previous Model) with charging case. Weight: 46 grams
  • Crucial 240 GB SSD (Solid State Drive). Weight: 60 grams
  • AirPods Pro with charging case. Weight: 56.4 grams
  • AMD Ryzen 12 Core CPU. Weight: 45.4 grams
  • Apple Watch Series 7. Case Weight: 38.8 grams
  • Fitbit Versa 2 Watch. Weight: 38 grams

The Serial Number Method 

The most common way to SE online retailers, Is to buy the Item first, and then use any of the traditional methods thereafter. The main advantage of this methodology, Is that you have (where applicable) one or more compatible methods, hence can select the one that'll most likely work In your favor. It's all well and good when funds are readily available, but not every SE'er has money to spare, and that's when the "serial number method" comes Into action. Evidently, the Item must be under warranty  before the claim can commence. So how do you get your hands on a valid serial number, when you don't have the Item to begin with?

If you play It smart you will have the Item, but on a temporary basis, and here's how It's done. I'll reference the social engineer from a third-person point of view, and not yourself. When he's chosen the Item he'd like to SE, he will "purchase the exact same one" from a particular store and then open the box, write down the serial number, and return It (to the same store) for a refund. The SE'er will then "contact the manufacturer", and tell them that It's not working. Under the circumstances, the rep will ask for the serial number and go through a few routine troubleshooting steps and when he's satisfied It's defective, a replacement will be dispatched - but only when one or more of the following requirements has been fulfilled.

The company may request a POD (Proof Of Destruction), containing an "Image" or "video" clearly showing the Item has been destroyed - by way of drilling holes Into It, cutting the cord, breaking buttons, and so forth. In terms of the Image, the POD can be circumvented by Photoshopping It, or using the corrupted file method. As for the video, check out my tutorial here. On the other hand, they'll ask to send the (seemingly) broken Item back, which you obviously don't have, thus In such a case and on the grounds It's not too large, hit the boxing method. Some companies also need the POP (Proof Of Purchase), so read how to bypass It here or use this online service.

Method Suited To: Warranty Claims With Tech Items Containing A Serial
  • Bose home speaker 500
  • Razer gaming keyboard
  • Nintendo switch console
  • Computer laptops
  • Computer mouse
  • Oculus Quest 2

The Disposed Of The Faulty Item Method

When an Item Is purchased that has some type of functionality to operate, It's not always shipped In faultless condition. Manufacturing defects are Inevitable and although most are Identified and fixed at the final Inspection by the quality control team, there are many that go unnoticed and leave the factory with Imperfections, thereby end up In the hands of the consumer. Social engineers are well aware of that, and use It to their advantage with the "disposed of the faulty Item method". This Is how It basically works. For the purpose of this guide, I'll use a 17 Inch gaming laptop as the faulty Item.  

The SE'er will contact the rep/agent claiming It's defective and ask for a refund, however In order to process It, the rep will request the Item be returned - which Is standard practice with just about every company. Of course, the social engineer Is one step ahead and says: "When I booted It up, the laptop started smoking and caught fire, and I Immediately disposed of It for health & safety concerns. In addition to that, he will also mention: "He sustained a burn to his hand, but thankfully the doctor said It's nothing to worry about".

Can you see what just happened? The SE'er not only used "health & safety" as the reason for throwing the laptop In the trash, but also made the representative aware that It (seemingly) caused Injury to his hand. Companies take health & safety very seriously, and have measures In place to deal with personal Injuries, hence given the severity of the Incident, there's a high chance the claim will be approved. Do note that this method requires perseverance and for the most part, you must push reps to their limit, but If you remain adamant and not take "no" for an answer at any stage of the claim, It significantly Increases the likelihood of success.

Method Suited To: Predominantly Large Products
  • Desktop computer monitor
  • Espresso coffee machines
  • Home wi-fi projector
  • Computer laptops
  • Smart LED TV

The Sealed Box Method

The last and most effective method I'll be discussing, Is called "the sealed box method", that has a proven track record of having a very high success rate with almost every company on any scale. And If you carefully read what's written from this point onwards, and absorb every word of my recommendations, you'll attain the skill set to apply the method with extreme accuracy. Okay, I'll cut to the chase and explain It as follows. It works by purchasing an Item that's "fully enclosed In a cardboard box on all six sides, and contains one or more factory seals and/or wrapped In clear film".

You'd then meticulously open the box making sure not to damage any part of It, take the Item out, and replace It with anything of equal weight - preferably something similar to the original product. What happens next, Is the most Important part of the method's formulation, so pay attention to what I'm saying. When "resealing the box", It must be done without showing any signs of tampering whatsoever, and the end result should be an exact representation of how It was purchased from the company - with the "seal/seals/film maintained In Its manufacturer's state

If you haven't worked It out by now, the objective of the sealed box method, Is to "seemingly" return the product you've bought (due to a change of mind or otherwise) which appears to be In Its untouched condition, and receive a refund sometime later. Realistically, you've sent back another Item that you replaced earlier on. Essentially, when the company accepts your return, they'll see there's no signs of Inconsistencies on the box and assume It's the real deal. It will then be scanned, put back Into stock, and your bank account will be credited within x-amount of business days.   

Method Suited To: Goods Packaged With A Factory Seal/Clear Film
  • Apple IPhone 13 - Two long strip paper pull tab seals at the top & bottom underneath the box
  • IPad Mini 5 - A long plastic strip along the length of the box used to take apart the clear film
  • Logitech G502 Gaming Mouse - A small clear rectangular seal at the top of the box
  • NVIDIA RTX 3080 GPU - Two small clear square seals on both ends of the box
  • GoPro Hero 9 Action Camera - One paper pull tab seal at the bottom of the box
  • Acer Nitro 5 Gaming Laptop - A small single (square) seal at the top of the box
  • Apple AirPods 3rd Generation - Same as above, but smaller box dimensions
  • Bose QC35 Series II - Wrapped In factory clear film that's similar to a seal
  • Kingston Internal SSD - Same as above, clear film to secure the box

What To Expect When SEing Tech Items

Almost every tech Item can be uniquely Identified to some degree and as such, If the company or manufacturer decide to take action, It can have a major Impact on the device you've SEd, or are currently SEing. For Instance, are you aware that blacklisting an "IMEI number" can render your cell phone pretty much useless? Or perhaps the company uses a given Item's "serial number" to remotely track It, and see If It's actively In use? I'd say It's safe to assume that either or both of those events are unbeknownst to you, correct? I thought as much. So let's first delve Into how and why an "IMEI number Is blacklisted".


IMEI Number Blacklisted

Generally speaking, an IMEI ("International Mobile Equipment Identity") number, relates to devices that establish a connection to a cellular network Including, but not limited to, mobile phones, tablets (cellular-enabled) and smart watches but for the purpose of this tutorial, I will focus on cell phones. Because the Information Is added to the IMEI at the time the number Is hard-coded Into the device by the manufacturer, It doesn't contain personal credentials about the user It's registered to, therefore It only has details about the device - the make, model specifications etc.

But from a social engineering standpoint, namely after the phone has been refunded, the "IMEI number can be used to blacklist the device", whereby the IMEI Is placed In a pool of blacklisted numbers - for the reason that you've SEd the phone, and you're not supposed to have It In your possession. Essentially, when you try to activate the phone with a particular carrier, It will be locked (blacklisted) out of their network, and the same will happen with every other phone carrier. Now I'm not Implying the phone "will" be blacklisted, but rather It "may" be blacklisted, so keep It In mind when SEing cell phones.   


Items Tracked Remotely

As mentioned a few minutes ago, just about every technological Item, be It a computer monitor, keyboard, SSD (Solid State Drive), headphones, gaming console, smart TV etc, has a "unique serial number" that's generated and put In by the manufacturer, and no two serials are ever alike. In terms of social engineering, SE'ers use the serial number method by obtaining a serial off the Internet (or otherwise) that's still under warranty, and then pretend the product (that the number relates to) Is not working, with the Intention to get a replacement.  

Serials are also used by some companies to "track the Item" during the assessment of the claim - specifically when they've realized there's some kind of Inconsistency with the Information the SE'er has provided. For example, we'll say you've put the disposed of the faulty Item method Into action, and the representative was deceived Into believing your story (threw It out for health & safety concerns), but to process a refund, he asked for a POP (Proof Of Purchase).

Given you don't have the POP, you've Photoshopped It, however another rep/agent cross-checked the order number and noticed It was Invalid, so he referred to previous notes about your Item  - which demonstrated "It was disposed of". In order to confirm It's no longer In use, the rep tried to "remotely connect to It" and much to his surprise, activity was detected - namely the events "you" performed on the device. In other words, the company had the capacity to "remotely track the device you were using, purely by Its serial number". At the time of this post, Oculus Is one retailer that has the ability to track their tech Items, hence make sure to "research" the company prior to your SE.


When To Use SEd Tech Items

This article has exceeded Its reading time by a lot more than what I Initially anticipated, so to avoid congestion, I'll keep this brief and straight to the point. Okay, the reason I've decided to write this topic, Is for the fact that I continue to come across countless SE'ers of all shapes & sizes who're hesitant about "when they should start using the technology Item(s) they've SEd". That Is, they're questioning whether or not It's safe to operate the device the moment the claim Is approved, or wait until a later period of time.

While there are no hard and fast rules, logically speaking, the answer Is quite obvious - especially that you're now well aware of the possibility of companies remotely tracking your activity via a serial number as discussed In the topic above. For Instance, If you didn't use the device when the claim was In motion, but Instead waited until everything was over and done with, the probability of the representative having the need to check the activity, Is slim. 

To put all concerns to rest, I strongly suggest utilizing your tech-based product "AFTER the funds have cleared (been deposited) Into your bank account". As a result, your claim Is well and truly finalized, thus your device will not be referenced when It's up and running. This applies to all Incidents and events, and not just remote device tracking.


In Conclusion

After reading this entire article, you have sound knowledge of how to efficiently SE technology-based products by using "four very effective methods" that will flawlessly execute the attack vector, and predominantly ensure a favorable outcome - a refund Issued, or a replacement Item dispatched at the company's expense. 

Moreover, you're well acquainted with the possibility of IMEI numbers being blacklisted and remote tracking of devices, Inclusive of the best time to start using your SEd Items. All In all, you now have the tools, resources and expertise to social engineer tech Items with the highest level of confidence and accuracy, so be sure to apply your skill set accordingly with every SE performed.    


Comments