Skip to main content

Featured

SE'ing Encyclopedia

Updated: 08/09/2022:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

Beginner Serial Number Method

 


Beginner's Guide To The Serial Number Method

If you've just started your career In the art of human hacking, specifically exploiting vulnerabilities In companies by tricking representatives to credit your account or dispatch a replacement Item at their expense, It can be a difficult process to grasp exactly what's Involved to get the job done, as well as how to handle certain types of evens that will Inevitably be experienced during your social engineering activities. Things like Investigations opened, police reports asked to be filed and returned, or perhaps signing a statutory declaration or an affidavit, can put you In a state of panic and confusion - for the fact that you're pretty much clueless about the way to effectively tackle each one.

Moreover, It's a very arduous task becoming well acquainted with every traditional method to the likes of (but not limited to) the wrong Item received, the DNA (Did Not Arrive), the disposed of the faulty Item, the sealed box, the missing Item and partial, boxing and the corrupted file or corrupted video method. And If that's not enough to get the blood pumping, you'd be at a complete loss at to how to circumvent the carrier taking photos and bypassing an OTP (One-Time Password) at the time of delivery - all because you're totally new  to the sophisticated breed of SEing called "company manipulation and exploitation".

While It's way beyond the scope of this article to document a tutorial on the above-mentioned Incidents and methods, what I will do Is Introduce you to what's called "the serial number method" from a beginner's standpoint, that's very easy to follow and straight to the point. Given you're a newbie, prior to moving forward with this guide, I strongly suggest reading my Beginner's Guide To Social Engineering and when you're done, you can continue where you left off here. Here's what you will learn In today's lesson.


Table Of Contents 
  • What Is A Social Engineering Method?
  • The Serial Number Method Explained
  • How To Obtain A Valid Serial Number
  • What To Expect With The Serial Number Method

Before ripping Into the serial number method Itself, It's of paramount Importance to have a clear understanding of what "defines a method", and why It's an Integral part of each and every attack vector. We'll then move onto the Ins and outs of the serial number method as outlined In the table of contents above. So, without further ado, let's get this started. 


What Is A Social Engineering Method?

When you've selected the company you'll be targeting and researched their terms and conditions, the next step Is to create a "strategy" on how you're going to execute the attack and manipulate their representatives afterwards. That Is, you need a "plan" that will be used to guide the SE from beginning to end. And the "plan" Is the "method" and without It, your SE cannot, and will not, make a start. To give you an Insight Into the way a method Is applied, here's an analogy that you can relate to.

Let's say you've bought a bedroom suite from your local furniture store that comes with dressing tables, a tallboy, bedside tables & mirrors and obviously the bed Itself with slats - In Its collapsed form. To put It all together and successfully complete the task at hand, you'd need the "assembly Instructions" and If they're missing or belong to a different type of bedroom suite, the job cannot be done. The same principle applies to social engineering - In this case, the "assembly Instructions" Is the "method" which supports what you're aiming to achieve - a refund or replacement Item. Understood? Good!

Now It's not as easy as choosing a product and opting for the first method that comes to mind. Apart from the DNA and the wrong Item received, both of which can be used with almost any Item of reasonable size and weight, every other traditional method must be based on the nature of the Item - and the "serial number method" Is certainly no exception, namely with products that require some type of functionality to operate. So what exactly Is the serial number method, and what purpose does It serve? We'll check It out right now.


The Serial Number Method Explained

The most common way to social engineer online retailers such as Argos, Amazon, Nike, Adidas and so forth, Is to buy the Item first and then use any other method thereafter. The main advantage of this methodology, Is that you have (where applicable) more than one suitable method, hence you can select the one that's most likely to work In your favor. It's all well and good when funds are readily available, but not every SE'er has money to spare, and that's when the "serial number method" comes Into action, whereby you SE an Item that you don't have to begin with! Don't worry, this will make perfect sense In a minute. 

Evidently, It relates to goods that do In fact contain serials, Including computer keyboards, Apple AirPods, speakers, SSDs (Sold State Drives) and the list goes on. And for obvious reasons, It must be under warranty before the claim can begin. So how does this method work when you don't have the Item at your disposal?  Well, basically you as the SE'er, will grab a serial number (more on this In the next topic) of the Item you wish to SE, and use It to manipulate the representative by saying the Item the serial belongs to, Is not working.

The rep/agent will then proceed with a few troubleshooting steps to try and establish why It's not functioning, and when you've convinced him It's broken In Its entirety, he will (generally) ask you to do one of two things - "return It", or provide a "POD" (Proof Of Destruction). A replacement will be dispatched when you've fulfilled his request. To circumvent a POD, read my tutorial here. In terms of sending It back, naturally you cannot return an Item you don't physically have, so use the boxing method or the disposed of the faulty Item method. What you've just read, Is not possible without a valid serial number on hand, which brings me to the next topic below.   


How To Obtain A Valid Serial Number

Many social engineers have a difficult time trying to locate the serial they're after, and If you're part of this equation, rest assured, I've got you covered. I will show you the most effective ways to obtain serials for just about any product you're planning to SE. Now there's one entity that I do not recommend, which Is "eBay", particularly If It's an "Individual seller" - they have bills to pay and mouths to feed, just like you and I, thus refrain from targeting them. Okay, what I've done below, Is created a list of where serials can be found, as well as a short description explaining how you should go about getting them, so we'll kick It off with "Using YouTube".


Using YouTube

YouTube Is an excellent gateway to get your hands on valid serial numbers, for the fact that countless users share their videos and completely disregard to edit/mask Identifiable details associated with the device they're showing In the footage - Inclusive of "the serial number". Because of the step by step demonstration by the uploader, It's very likely the serial number will be exposed, but to ensure It's still under warranty, be sure to "look at the date of when the video was uploaded". If It's current, then you're most likely good to go. Another way to confirm It, Is to "check the make & model of the Item". Again, If It's current, It speaks for Itself.

Do note that your search results, are only as good as the keywords you enter. For example, given you're after a serial number, you must locate videos that display It, and one of the best ways to do It, Is to type the description of your Item followed by the word "unboxing". What this does, Is show how the product Is packaged by the manufacturer, and the process used to take Its contents out of the box. For Instance, I've entered "Samsung SSD unboxing", and It returned an array of pages showing procedures of what to expect when taking the drive and Its accessories out of the box.

Believe It or not, It literally took me 45 seconds to locate a serial number! Evidently, It won't always be that simple, so If you happen to experience a few difficulties, keep sifting through videos until a serial Is found - If you look hard enough, you will eventually find one. The good thing about this method, Is that the Items are brand new (hence "unboxing"), so the serial will be covered by warranty, but as stated earlier, "always check the date of when the user uploaded the video"


Physically Visiting The Store

This Is my favorite method, for the reason that there's absolutely no risk whatsoever. As a matter of fact, there's very little to no social engineering Involved, which makes your job as an SE'er Incredibly simple, however for this to work, "the serial number on the box, must be the same as the one on the Item". You'll see what I mean shortly. So how do you know whether the serial on the exterior of the box, Is the same as the one on the Item? Well, exercise some common sense by hitting a Google "Image search" and enter something along the lines of: "Where Is the serial number on (your Item)". Obviously replace your Item  with the product you're SEing. 

I've just performed a search for Apple AirPods with wireless charging case, and although the user masked the Image with serial number protected, It confirmed that It's located on the underside of the box. Simply do the same with your SE. Okay, assuming you've applied the above strategies and have an Item In mind to SE, pinpoint a store that sells the exact make & model, and walk In as though you're a normal customer looking to buy something. Bear In mind, that you're (seemingly) a shopper just like everyone else, so make sure you're cool, calm & relaxed whilst walking around In search of your Item.

Some serial numbers are lengthy and difficult to remember, so when you've found your product, hold the box In one hand and grab your cell phone In the other, and then act as though you're shooting off a text message. Instead, navigate to your phone's camera and take a picture of the serial (that's on the outside of the box) and put It back on the shelf. For security purposes, the Item could be behind a "service counter", which requires a sales assistant to make the purchase, so just pretend you want to be certain It's the correct one by asking If you can first have a look at It. Then use the same procedure as above (with the cell phone), and hand It back saying It's not the one you're after. It doesn't get much easier than that!


Purchase The Item And Then Return It

For one reason or another, In the event you cannot perform In-store SEing by physically attending the retailer nor use any of the above-mentioned methods, what I'm going to Introduce Is just as effective and the upside Is, there's no pressure on the social engineer - In this case, yourself. The only requirement, Is that you must have funds on hand to buy the Item you're planning to SE, but don't worry, your account will be credited 100%, thus you won't be left out of pocket.

If you haven't worked It out by the title of this topic, you purchase the Item and when It arrives, write down the serial number and then return It for a full refund by saying you received the same one as a gift, or whatever else complies with the retailer's return policy. For example, John Lewis provides a refund (or exchange) for a "change of mind", hence you won't experience any Issues when using this reason.  

I'd like to point out that return policies differ from one company to another - some have 15 days, others are set at 30 days and so on and so forth, so be sure to check that you don't exceed the time frame with the company you're SEing. Moving back to the SE, the moment the company (pertaining to the Item you bought to get the serial number) reimburses the funds Into your credit card, you can then social engineer the manufacturer or any store that stocks the same Item by purely using the serial number.


Using Google Images

This particular method Is stating the absolute obvious and basically needs no Introduction, however to this day, I'm at a loss as to why many SE'ers completely overlook It and fail to put It Into practice. As with YouTube, whereby a lot of users upload their videos and forget to hide Identifiable details, the same applies with "sharing Images online". In fact, I've just hit a general search on Google Images with the keywords of: "Samsung SSD serial number" and pages of results were returned - most of which displayed serial numbers clearly In plain text.

Now the question you're probably going to ask Is: "how do I know If the serial Is valid and still under warranty?". If you've been In the SEing scene for years on end, you should well and truly know this, but If you've just started out as an SE'er, then your question Is justified. I will explain a couple of ways that're so simple, that you'd wonder how and why you haven't already thought of It. The first Is to navigate to the manufacturer's website and do a "serial number check" (or some variant), which will return Its warranty state, and display If It's still valid.

For Instance, I've browsed on "Dell's website", and there's an option to search for the service tag or the serial number. I've purposely entered some random numbers, and It returned an Invalid message. This Indicated that It does check for valid serials. The second way, Is to give the company a call, and act as though you're a concerned customer wanting to know If your product (that the serial relates to), still has warranty left on It

Because your call appears legit, you'll find they'll have no hesitation In serving your request. The only downside of using Google Images to obtain serial numbers, Is that It can take a while to sift through pages of search results until you find the one you're after. But do remember that you're not working on a schedule, so take all the time you need to locate a serial that's valid, and of course, Is also covered by warranty.     


What To Expect With The Serial Number Method

Every traditional social engineering method, will trigger one or more events that will cause some degree of difficulty, and the serial number method Is certainly part of the equation. As such, It's vital to be well-Informed of "what to expect when the claim Is In motion", thereby you can tackle each Incident with minimal complications. To help you along the way, I've put together three common occurrences, Inclusive of how to effectively circumvent each one, so let's begin with the good ol' "POD".


Asked To Provide A POD

A "POD" Is an abbreviation of "Proof Of Destruction", that's often used by companies to the likes of Logitech and SteelSeries, whereby rather than returning your Item, "they'll ask you to destroy It" In a manner that will render It non-functional, then take a photo or video of the damage and send It as an email attachment. You may also be asked to place a handwritten note next to the device, and/or show Its serial number - just to demonstrate It belongs to "you", and not something taken from Google Images. Evidently, a POD Is used for tech-based Items that have some type of functionality. 

The reason you're told to destroy It, Is to make sure your (seemingly) defective product Is completely useless, thus preventing you from falsifying your claim. Moreover, If the cost of your Item Is greater than the cost of freight to return It, the company will opt for a POD - which doesn't set them back a single dime. Naturally, you have no Intention to smash your product to bits, so you'd need to circumvent the POD as discussed below. 

How To Circumvent A POD

There are a few ways to bypass a POD, the first being the corrupted file method or If a video Is requested, the corrupted video method Is put Into action. Alternatively, If you're proficient In using "Adobe Photoshop", by all means use your skillset to manipulate the Image accordingly. If you choose the above methods (corrupted file & video), be sure to thoroughly read my tutorials to give the SE the best chance of success.    


Asked To Return The Item

When you have a valid serial number at your disposal and Initiate a warranty claim, not every company handles and processes It In the exact same fashion. For example, as you are aware, some stores will ask for a POD and will Instruct you to send the proof of destruction as an email attachment, which they don't pay a penny to receive It In their Inbox. If there's no signs of Inconsistencies with what you've provided, your claim will be approved thereafter.

On the other hand, you will Inevitably be told to "return the product" at some stage when using the serial number method and obviously, such a request cannot be fulfilled - you can't return what you don't have! Remember: You've acquired the serial number and not the Item. As a result, the only option Is to "circumvent the return of the Item", by using any method outlined In the following subtopics.  


How To Circumvent The Return

There are basically three methods that can be used to circumvent the return, but given this article has already exceeded Its reading time by a lot more than what I anticipated, I cannot possibly discuss each one In a single topic. Instead, I've referenced the lot to my guides on this blog, so check them out by simply clicking on each link. The methods are: The disposed of the faulty Item, the leaking battery method and the boxing method.   


Asked To Provide A POP

It's pretty much common sense that when you buy something online or In person at your local mall, a receipt will be given with your transaction, so there's no point In elaborating the obvious - that'll be a waste of my time and yours. From a company's perspective, a "Proof Of Purchase" (mostly abbreviated as "POP") Is requested to confirm that the Item the customer Is claiming for a refund or replacement, was purchased from their Inventory or when SEing the manufacturer, It belongs to them or a given retailer.  

When the POP Is cross-checked and verified, the representative will decide whether the claim should be approved. That's how an SE works when buying the Item and using a compatible method, however as you know, some SE'ers don't have the cash to pay for an Item upfront, therefore they'll utilize the serial number method and pretend they've bought the product and have the "POP" In their possession. But you can't give what you don't have, hence the need to bypass the proof of purchase Is a must, so we'll have a look at that now.


How To Circumvent A POP

In terms of manipulating reps to dismiss the need for a POP, It's not an easy task, especially when dealing with agents who remain firm with their request to obtain one and do everything they can to make things as difficult as possible. But SEing Is not all about focusing on the Impact that representatives have on you, but rather "the Impact that you have on them". And the way It's done, Is by remaining one step ahead of their demands - In this case, circumventing a POP by using the corrupted file method. Now you can use an online service like this to create a fake one, but the majority of companies verify It, thus they'll Immediately notice It's not the real deal


In Conclusion

Upon reading this entire article, you may be thinking It's an overkill, meaning It goes Into too much detail for beginner social engineers, but I'm the type of SE'er who covers every angle and leaves nothing to chance. As such, what you've had the pleasure of reading In each topic/subtopic, has provided you with the perfect Ingredients to formulate and execute the "serial number method" to Its full potential, so apply what you've learned accordingly to every SE that Involves using a serial number to obtain a replacement Item


Comments