Niflheim World

Welcome to Niflheim !

  • First 5 messages from new users (pre-moderated user) will be checked for flood/spam before being posted on the forum. Users will also be checked for a multi-account.
    If you want to communicate without delay, get a free Huscarl status (how to get - User Groups), or buy premium status (how to buy - Premium status)

SE Common Reasons Why Methods Fail With Their Items.


Hiotcek

Publisher
Staff member
Lenderman
Joined
Oct 8, 2020
Messages
4,659
Reaction score
3,071
NL COIN
23,594
1655724995144.png
Common Reasons Why Methods Fail With Their Items.
The art of exploiting the human firewall, by manipulating the person on the other end to perform an action that they're not supposed to do, can (at times) be an arduous task to get what you're aiming to achieve. Be It gaining unauthorized access to a restricted building by pretending to be an employee of a given organization and tricking another worker to punch In his PIN code and let you In through the entry door, or contacting the clerical assistant of a Fortune 500 company as though you're the IT guy In the head office who needs their user credentials to perform a routine security update on their system, "each attack vector must be researched and prepared beforehand to give the SE the best chance of success".

If you're not familiar with your target, whereby you've never SEd them nor took the time to do a little detective work to see how they're structured and the measures they have In place within their organization, then your SE will come to an end not long after It was executed. Irrespective of which company you're planning to social engineer, "the very first thing that must be done, Is to research and Identify precisely how they operate", Inclusive of the grounds on which refunds are Issued at their expense, and replacement Items dispatched at no extra cost. When you're finished with your Information gathering session, the most Important element comes Into effect- "formulating your method based on your (researched) findings, as well as the nature of the Item you'll be SEing".

Of course, this relates to hitting online retailers to the likes of Zalando, Amazon, John Lewis etc by using "methods" to manipulate their representatives to credit your account or send a replacement Item while you still get to keep the original one. If you've been SEing In this capacity for many months/years, you'd know exactly what I'm referring to and "why methods play an Integral role In determining where the SE Is heading, and whether the outcome will result In your favor". You'd also be aware of the fact that SEs can go wrong at the best of times, and although there are countless scenarios that're accountable for this, the most common reason Is "methods that did not serve their purpose as planned". More on this shortly.

It's paramount to Implement "Item & method compatibility" with each and every SE and If you neglect to do so, It will not move forward or terminate In Its very early stages. I've experienced many SE'ers who believed they did everything right, only to find that their claim was declined for no apparent reason and when I asked them for details about their SE, "It was their method that was actually the cause of It all". That's what prompted me to write this article- to demonstrate how & why methods are responsible for SEs either failing right from the get-go, or at some point during the assessment of claims.

Now you may be thinking of the time when you hardly put any thought Into your method's formulation and your claim was Instantly approved with very little to no questions asked, but I'm not talking about reps who're brain-dead and couldn't care less about doing their job properly, but rather those who work strictly by the book and follow company protocol every step of the way. In such case, your method must be prepared to perfection by leaving nothing to chance.

That's where I come In, by discussing "the reasons why they fail", hence you will have a clear understanding of what to look for when putting together your own method In readiness for your attack vector. To avoid congestion, I've linked every method (as highlighted In blue In the topic title) to my tutorials on this blog, and provided a short description of what each one entails, ending with (where applicable) a few commonalities of why the method Itself will fail. So without further delay, let's rip Into It.

The Sealed Box Method

This method Is quite flexible, thus can be used on a broad range of Items and the likelihood of Its success Is extremely high when the social engineer takes the time to methodically apply It. Here's how It generally works. We'll say you're planning to SE an "SSD" from Amazon. When you receive It, you'd send It back for a refund but Instead of returning the SSD, pack anything useless that you have lying around the house and "reseal the box as per Its factory state". When the company receives It, they'll put It back Into stock and credit your account with a refund thereafter.

Why The Method May Fail

(1). The box was not fully enclosed In cardboard and had a small clear film on one side, hence the employee handling the return, Immediately noticed that the original Item was not Inside.

(2). The weight of the useless Item was not the same as the original Item, so a mismatch In weight was established on the carrier's consignment. This concluded that another Item was returned.

(3). The Box showed signs of tampering when resealed, which raised suspicion when returned and upon checking Its contents, the useless Item was exposed.

The DNA Method

As Its name Implies, the DNA (Did Not Arrive) method Is used to say that the package that was delivered by the carrier driver, did not arrive at Its destination. Naturally, the SE'er did received It, but Is stating otherwise for SEing purposes. The DNA Is known as a "carrier-based method", for the reason that It's suited to just about any company who utilizes a carrier service to dispatch goods to their customers. The good thing about the method, Is that It's not Item-specific, meaning It's compatible with any product of reasonable size & weight.

Why The Method May Fail

(1). An OTP (One-Time Password) was not anticipated by the SE'er, nor did he have the knowledge to circumvent It, so he had no choice but to accept the package on delivery.

(2). The social engineer gave Instructions to leave the package at a safe place at his home, which made him liable for loss of goods during shipment. As such, the DNA could not be used.

(3). The Item ordered was very large and expensive and In the absence of the SE'er, It was redirected to a secure pickup location that required proof of ID for collection, therefore It confirmed receipt of goods.

The Wrong Item Received Method

Errors In picking and packing happen In every warehouse environment, regardless of the company's state of the art logistics facilities and as a result, SE'ers use the wrong Item received method to say that a totally different Item was In the box/package when the carrier delivered It to their premises. The SE'er will then call the rep and Inform him of the (apparent) mistake, and will be Instructed to send It back. A refund/replacement will only be given when the company has received the return- which can be bypassed by using the boxing method or sending back a stock Item belonging to the same company that's being SEd.

Why The Method May Fail

(1). The weight of the wrong Item was not the same as the one that was purchased, so the variance was noticed when the company cross-checked the consignment.

(2). The SE'er did not purchase the wrong Item from the same company and when the return was scanned, It did not come up as part of their Inventory, which confirmed that an Incorrect Item was not originally sent.

(3). A separate account was not used (by the social engineer) to buy the wrong Item and when the company checked with their Invoicing department, the order was linked to the SE'er, which means that they didn't make a picking/packing error.

The Missing Item Method

This Is a very popular method that's used and discussed In almost every SEing community, and has a high success rate with products that are extremely light. It works by saying that your Item was not In the box/package when you opened It as delivered by the carrier driver. For Instance, let's say you bought a CPU and when you ripped open the box, nothing was Inside, meaning the CPU Itself was missing and only the box was received. Alternatively, you can claim that everything was missing- both the box and the CPU was not In the package.

Why The Method May Fail

(1). If CCTV cameras were actively monitoring the stores department, the footage will show that the Item was picked, packed and shipped correctly. This relates to a "warehouse error"- refer to my guide for further Information.

(2). The Item was too heavy and when the company opened an Investigation with the carrier who serviced the delivery, their findings confirmed that the Item was dispatched accordingly.

(3). The SE'er did not calculate the "shipping weight" when he claimed that both the box & Item was missing, so the Inconsistency In weight, caused the SE to fail.

The Partial Method

Given you've just read about the missing Item method, you'll have no problem relating to what the partial method entails, namely because It works on a similar principle but with a slight variation In how It's executed as follows. You'd purchase a bunch of Items from an online store, but claim that your order was "partially filled" when you received It. In other words (and as an example), you bought 5 Items but only received 3 or 4 of those Items. It's almost Identical to the missing Item method, but Instead of SEing only one product, you'd buy multiple Items "on the same shipment" and then contact the rep/agent and say that one or more Items were not In the box/package when you opened It.

Why The Method May Fail

(1). The Items arrived on a separate shipment and because the SE'er didn't research the company/carrier beforehand, the partial method could not be used.

(2). The SE'er did not calculate the "combined weight" of every Item he was SEing, hence they were way too heavy for the partial method, which led to an unsuccessful outcome.

(3). There was 8 "different Items" being SEd In total, which Is very unlikely (If not Impossible) for a picking & packing error of that description and quantity to take place. As such, the claim was declined.

The Boxing Method

When you've been asked to return your product due to Informing the rep that It's faulty, or perhaps you said you've changed your mind and would like a refund, one of the effective methods to circumvent the return, Is by using "the boxing method". The Intention Is to return the box/package without the Item, and making It appear as though someone stole the Item before the company receives the return. It's done by tearing the box on one side and sealing It with different colored tape, which gives the Impression that It was tampered with, therefore It's consistent with a theft-related Incident. Depending on the nature of the Item, the method can be used with or without dry Ice.

Why The Method May Fail

(1). The Item was extremely large, therefore signs of tampering was Immediately noticed at the collection point which Indicated that the SE'er was responsible for It.

(2). The Item was extremely heavy, so It was Impossible to calculate the time that the dry Ice would sublimate- from when the package was sent, to the amount of time held In storage and Its duration In transit.

(3). Unbeknownst to the SE'er, both the company and their carrier partner were not responsible for loss of goods during shipment, which ultimately released them from liability.


The Corrupted File & Corrupted Video Method

In the process of assessing a claim, as opposed to sending the Item back, some companies ask to provide a POD (Proof Of Destruction) by destroying the Item and taking a photo or video that clearly shows that It's completely damaged. Logitech and SteelSeries are a couple of companies that opt for a POD, especially for low value Items, for the reason that the cost of freight outweighs the cost of the Item Itself, hence sending a photo/video (of the POD) as an email attachment Is free of charge and obviously a cheaper alternative. Evidently, the SE'er has no Intention of destroying the Item, and that's when the corrupted file or corrupted video method comes Into action.

Why The Method May Fail

(1). Representatives can be very stubborn, by keep requesting to provide a working file and If the SE'er refuses to comply, they have every right to disapprove the claim.

(2). If the SE'er lacks confidence and Is not willing to push the SE to Its limit, It may come to an end not long after It was executed.

(3). Some reps/agents are already aware of the techniques that social engineers use with the corrupted file/video method, so they'll decline the claim the moment It's received.

The Leaking Battery Method

Whilst this Is limited with the Items It can be used against, by no means does It Indicate that It's not as effective as the methods that you've just had the pleasure of reading thus far. Here's an example of how the leaking battery method works. When SEing an Item that requires batteries to function, SE'ers use It to say that "the Item they've ordered, was delivered with Its batteries leaking". Because the leak could've happened at any time during transit, It's very difficult for the company to conclusively prove that the Item was delivered In Its original faultless condition and If the SE'er remains firm with his story (of the leaking battery), there's a very good chance of success.

Why The Method May Fail

(1). The company may ask to return the product, and If they've organized the carrier driver to pick It up and Inspect the Item prior to shipment, then the method Is a complete waste of time.

(2). With very low value Items, a "POD" (Proof Of Destruction) and a "POP" (Proof Of Purchase) may be needed Instead of returning the Item, which can cause major complications.

(3). If the Item Is very large and heavy, the boxing method cannot be used to bypass the return and If the disposed of the faulty Item method fails, so too will this method.

The FTID Method

One of the biggest load of garbage to hit the social engineering sector, Is the "FTID method" which Is an abbreviation of Fake Tracking ID. If you've just come across this now, you'll be mislead by Its name, for the reason that the author of this piece of trash can't even get the tittle right. The "Tracking ID" Is not fake at all, It's the "shipment" that's fictitious, by manipulating the shipping label and removing all Identifiable details linked to the sender. Only the tracking ID (and Its respective barcode) remains as Is- just to show the package/envelope has been delivered to the correct destination. "That's simply one example of how It's formulated", there are many others but I don't support this junk, so I won't comment on It here. Be sure to read my guide to see how It (supposed) to work.

Why The Method WILL Fail

(1). Carriers scan packages at the collection point, at their depot and at Its destination, so If the SE'er has added another address on the shipping label hoping the driver will solely deliver against the details on the label Itself, then his poor attempt at SEing will fail.

(2). When the package/envelope Is received by the company, the method basically relies on the laziness of the Inwards goods department to dispose of what appears to be a useless consignment. Unfortunately for the method, In today's state of the art logistics, returns are checked accordingly.

(3). If the sender's details are totally removed from the shipping label, many carrier companies will reprint the label at their depot based on the tracking Information, which renders the method futile.

The Faulty Item Method

When an Item Is purchased that requires some type of functionality to operate, such as an electric toothbrush or a hair straightener, the fact Is, they don't always come shipped In their faultless condition. Factory defects are Inevitable and companies are well aware of It, but do not disclose It to consumers. Social engineers also have knowledge of It, and put the "faulty Item method" Into action by saying that the product stopped working right from the get-go, or not long after It was purchased. The rep will most likely ask the Item be returned, or In some cases, request to provide a POD (Proof Of Destruction).

Why The Method May Fail

(1). If the SE'er Is required to return the Item and It's too big and heavy, circumventing the return by boxing them will be a very difficult process.

(2). If a POD Is asked Instead of a return, It may complicate the SE, especially for beginners- as It will add additional tasks like using the corrupted file method or Photoshop It to perfection.

(3). One wrong move by the SE'er during the troubleshooting process (with the representative), could raise suspicion and the claim can ultimately be declined.

The Broken Glass Method

Although the broken glass method Is not commonly used In today's world of company manipulation and exploitation, It certainly serves Its purpose well when It's prepared and executed In a strategic manner. The way It works, Is by buying a product that's obviously manufactured In glass to the likes of a bottle of perfume or cologne, and when the carrier driver drops off the package, "the Item was smashed to bits" when the SE'er opened the box. What makes this method so effective, Is that It's virtually Impossible for the company/carrier to "provide evidence showing that the Item remained In one piece" from the time It was dispatched, to when It was travelling In transit and until It finally made Its way to the SE'ers home.

Why The Method May Fail

(1). In order to generate a refund, the representative may ask to send the broken glass back, and some SE'ers tend to return anything that looks similar to the original Item. If It's thoroughly checked, say goodbye to the SE.

(2). If the rep deems that the cost of the Item outweighs the cost of freight, rather than returning It, he'll request proof of the shattered glass by taking a photo that clearly shows the Item Is In pieces. As such the corrupted file method must be used, which can cause a lot of problems to the point of failure- particularly when the rep keeps Insisting on sending a working file.

(3). Some companies, Inclusive of their carrier partner, are not responsible for damaged goods during shipment which will release them from liability.

In Conclusion:

The objective of this article, Is to demonstrate not only how and why methods work In the social engineer's favor, but also the reasons why they "may" fail. I've quoted "may" and also listed It In every topic (apart from the flawed so-called FTID method), because It's not suggesting that the method "will" fail. In other words, there's every "probability" that the claim will be declined for the reasons mentioned In each topic. As a result, It's very Important to have knowledge of It, thereby you'll know what to expect with your method and (If It's not too late), you can change the negatives Into positives by applying a different approach when formulating your method.
 
shape1
shape2
shape3
shape4
shape7
shape8
Top