Skip to main content

Featured

SE'ing Encyclopedia

Updated: 29/03/2022:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

Beginner's Partial Method

 


Beginner's Guide To The Partial Method

If you've just heard about the sophisticated breed of human hacking known as "company manipulation and exploitation" whilst navigating online, or very recently registered on an Internet forum or Discord server as a total newbie, you'd be at a complete loss as to what's Involved to deceive representatives Into Issuing refunds and dispatch replacement Items at their expense. What also adds to the confusion, Is the traditional methods used to support your attack vector, and exploit companies on every level.

For Instance, If I've posted something along the lines of: "The PEB method Is perfectly suited to SE one stick of Crucial 16 GB DDR4 Ram", I'd say It's very safe to assume that you're clueless about the context of my conversation, and rightly so - specifically If you're reading this from a "beginner's standpoint". As such, everything Is speaking another language, thus It can be quite difficult to familiarize yourself with social engineering per se, and In particular the Ins and outs of how "methods" are structured and the purpose they serve.

That's because (online) resources that're created for totally Inexperienced SEers, are few and far between, but rest assured, I've got you covered. Now before I discuss this any further, I strongly suggest checking out my tutorial named Beginner's Guide To SE'ing and when you're done, you can continue where you left off here. Given It's way beyond the scope of this article to cater for every method, I've focused on one called "the partial method" - for the reason that It's very effective when prepared and executed accordingly.   

What you will learn today, Is the definition of the partial method, Inclusive of how to apply It, as well as selecting the Ideal product weight, and finishing off with what to expect with the method  while the SE Is still In motion - all of which Is written and aimed at beginner social engineers. If you're operating as an advanced SE'er, naturally you're welcomed to sift through every topic - who knows, you may learn a thing or two! Okay, prior to ripping Into the design, application and events of the partial method, It's very Important to first have a clear understanding of what a "social engineering method" entails, so without further ado, we'll make a start on It now.  


What Is A Social Engineering Method?

When you've chosen the company you'll be SEing and researched their terms, conditions and carrier partners, the next step Is to create a "strategy" on how you're going to execute the attack and manipulate their representatives afterwards. That Is, a "plan" Is needed to guide the SE from beginning to end. The "plan" Is the "method" and without It, the SE cannot, and will not move forward. To give you an Insight Into the way a method Is applied with each and every SE, here's an analogy that you can relate to.

Let's say you've bought a bedroom suite from your local furniture store that comes with dressing tables, a tallboy, bedside tables & mirrors and obviously the bed Itself with wooden slats - In Its collapsed form. To put It all together and successfully complete the task at hand, you'd need the "assembly Instructions", and If they're missing or belong to a different type of bedroom suite, the job cannot be done. The same principle pertains to social engineering - In this case, the "assembly Instructions" Is the "method" which supports what you're aiming to achieve - a refund or replacement Item. Understood? Good!

Now It's not as easy as choosing a product and opting for the first method that comes to mind. Apart from the DNA (Did Not Arrive) and the wrong Item received that're compatible with almost any Item of reasonable size & weight, the majority of every other method, Is based on the nature of the Item - and the "partial method" Is no exception. In other words, there's a certain methodology (with the partial method) that must be Implemented when selecting the product(s) you'd like to SE. Don't worry, this'll make perfect sense as per the topic below.            


What Is The Partial Method?

Also referred to as "partial" on Its own, the "partial method" works by ordering a bunch of Items from an online store, and saying that the order was partially filled when you received It. Put simply and as an example, you purchased "5 Items", however only "3 or 4 of those Items" were received. It's performed almost the same as the missing Item method, but Instead of buying the one product and SEing that alone, you'd purchase "multiple Items on the same shipment", and then contact the rep/agent and tell him that "one or more Items were not In the package/box" when you opened It.

The reason why a heap of Items are bought, but only one or a few of them are SEd, Is to add extra weight to the package and to also help mask Its entire contents, thereby draw attention away from the Items you're claiming as missing. Using that type of approach, Is generally aimed at reps who're easily confused and too stupid to figure out quantities & weights - and believe me, there are plenty of them around! Now that you're aware of how the partial operates, It's time to check out how to apply It.      


How To Apply The Partial Method

Before I begin, do note that all the events you're telling the representative regarding nonreceipt of goods, do not take place - you're purely using It as an excuse to SE the company for a refund, or If you prefer, a replacement. Yes, I realize It's stating the absolute obvious, but given you're a novice SE'er, the last thing I want Is for you to misinterpret this tutorial and lose track of Its progress. Okay, as you know, the partial method Is used In one of two ways - either claim "a single Item was not received" or "multiple Items were missing".

The former (single Item) Is pretty much self-explanatory, hence there's no point elaborating on It - It'll be a waste of my time and yours. In terms of SEing more than one Item, It's Imperative to calculate the "combined weight", meaning whatever It Is you'll be claiming as missing (when the package was delivered by the carrier driver), that's the equation you'll be working with. For Instance, let's pretend you bought 6 Items, with the Intention to SE two of them - namely an "SSD" (Solid State Drive) and a "CPU".

When formulating the method, the weight of each of those Items have to be added together and If It's within a safe weight bracket (more on this In the next topic), the SE Is ready to go. Evidently, you can social engineer more Items, perhaps 3 or 4, but do remember to always merge each product Into one unit. The reason being, Is because the partial method heavily relies on goods that're extremely light to give It the best chance of success. So what Is an Ideal weight to work with? Keep reading, and all your questions and concerns will be answered.  


The Ideal Product Weight For The Partial Method

As you've realized, the "weight of the Item(s)" plays an Integral role In ensuring the partial method serves Its purpose. That Is, the product(s) should not be detected when the package Is weighed at any stage from the time of dispatch, to when It's travelling through the carrier's network, and finally arriving at Its destination - your home, drop house or any other location used to accept the delivery. The problem with (beginner) social engineers, Is that they tend to disregard the weight altogether - which Is mainly due to the lack of Information at their disposal.

For example, If you're part of an active SEing community, there's no doubt you've come across an array of messages discussing the partial method, however seldom do users specifically talk about "the Ideal product weight". You can dedicate all the time needed to prepare the method, but If you have little to no knowledge of the safest weight to work with, then there's no use pursuing your attack, particularly If the company "opens an Investigation" and cross-checks the claim with a fine-tooth comb - your SE will fail under the circumstances. 

Now If you're a regular reader of this blog, you'd see that I always recommend as a rule of thumb, not to exceed "120 grams" when SEing a single Item, or as a total weight for multiple Items. If you don't go over that (120 gram) weight bracket, you'll find that the majority of SEs will result In a successful outcome. To refresh your memory, I'd like to reiterate the Importance of "combining the weight Into one figure  when social engineering several products". Allow me to explain It as follows. If one Item Is 65 grams and the other Is 45 grams, It's taken as one unit at 110 grams. Do the math: 65 + 45 obviously equals 110! Use that formula with each Item you plan to SE.     


What To Expect With The Partial Method

Each and every traditional method, triggers one or more events that will cause disruptions and/or complications with the claim's assessment, and the partial method Is certainly known to Inevitably set off a number of Incidents. It's all well and good when preparing the partial In readiness for the attack vector - you're In charge of making sure It's flawlessly formulated and executed, however the moment It leaves your local environment, you have no control of what occurs when your SE Is In the hands of the representatives. 

For Instance, because of the method's nature, as well as the measures some companies have Implemented In their warehouse with picking & packing procedures, there are a couple of common approaches that reps/agents take on board to continue with their evaluation - namely an "Internal Investigation" and an "external Investigation". And If you have no Idea on what to expect from either or both of them, It may significantly Impact your SE - perhaps to the point of failure. As such, It's vital to understand what takes place with each "Investigation", so let's rip Into It.    


Internal Investigation Opened

A lot happens behind closed doors during an "Internal Investigation", which Is completely unbeknownst to social engineers, thus It's crucial to be well acquainted with actions performed by customer service reps - as It will allow you to make an Informed decision with "the store you're looking to SE" when using the partial method. Here's what I'm referring to. When an Internal Investigation Is opened, the company will check the activity of your claim within the confines of their very own premises to Identify what went wrong with your order, and If your statement of not receiving your product(s) Is true and correct.    

Some of the things they'll examine Is when your order was placed, "who was responsible for packing It", and "whether the Item(s) were checked" before the box was taped and dispatched from their warehouse. Can you see what the problem Is, If the partial method Is used against a company that operates In that fashion? I'll simplify It for you. The "quoted" words above, typically represent stores that have "CCTV cameras" monitoring their movement of stock, and others that "check their goods as they're packed In the box/package" - just to ensure there are no mistakes with orders.

For example, I can confidently say that a UK sunglasses and watch retailer called Shade Station works by picking their stock, opening the sunglasses case to confirm the product Is Inside, and then packs & sends It to the customer. Other companies to the likes of John Lewis, ASOS, Ebuyer, Argos, Goldsmiths, Overclockers and Footasylum, have CCTV cameras Installed hence If you've SEd any one of those entities with the partial method, It will miserably fail. The message Is loud and clear -  prior to hitting the SE, always research a company that's unfamiliar to you


External Investigation Opened

In contrast to an Internal Investigation that occurs within the company Itself, an "external Investigation" Is when Information Is requested from other (outside) sources - the most common being the carrier who serviced your delivery. In this case, the weight of the package Is the main thing the company checks with the carrier, to establish If there's any Inconsistencies and If so, kiss your SE goodbye. But If the product weight Is carefully considered, It maximizes the likelihood of a refund or replacement Item.

How so, you ask? Well, let's suppose you've used the partial method on something rather light - at  around "65 grams". The company will contact the carrier to verify the weight taken at their weighing facilities - right before the package was loaded In the driver's van to be dropped off at your house. As you're aware, anything under "120 grams" will (predominantly) not register on any shipping scales. Therefore, because your product was only "65 grams", a variance In weight could not be Identified, so they'll have no choice but to approve the claim. All In all, be sure the Item Is as light as a feather (so to speak), and you won't experience any major difficulties.


In Conclusion

Although this article Is somewhat lengthy for a guide targeted at beginner social engineers, I've made sure every topic Is pretty much straight to the point, and Is purposely written In a way that's very easy to follow and comprehend. 

As such, you've acquired the skill set to prepare and execute the partial method all on your own, as well as effectively tackle the events associated with "Internal & external Investigations" - all of which put you In a commanding position to handle every obstacle that comes your way, and ultimately work towards achieving your objective - obtaining goods without paying a single dime.    

Comments