Without a shadow of a doubt, there are so many factors that need to be taken Into account when you're picking a target to social engineer and regardless of similarities, there are no two exactly alike- each one Is based on Its own merits. In terms of the new breed of human hacking, namely "company manipulation and exploitation", It doesn't matter If both entities have been established at the same time and with every layout being a carbon copy of each other, they will differ to some degree and If you're very familiar with one company by SEing them for many years to date, It doesn't mean that the other one operates In the same fashion. Do you know for sure If they've recently updated the way they process claims, or perhaps Implemented new measures In how they pick, pack and dispatch orders? I'd say your answer Is "no".
As such, It's of the utmost Importance to research every bit of detail of relevance, which will significantly help to effectively formulate your method and execute your attack by leaving nothing to chance. The commonalities with researching companies Include the carriers used, refund and replacement policies (and their time frames), whether they're responsible for loss of goods during transit, the grounds on which refunds are Issued and the list goes on. All this Info can be found In their website's terms & conditions. There Is one thing however, that the majority of social engineers neglect to put as part of their SEing Information gathering toolkit, and that Is "The use of CCTV cameras In the warehouse department".
Depending on the method used, the cameras play an Integral role In determining whether the rep will approve or decline your claim and If It's the latter, there will be enough evidence to support and solidify their decision. As a result, It will be very difficult for you, as the SE'er, to state otherwise, but by no means does this suggest that you cannot manipulate the footage to your advantage! Don't worry, this will make perfect sense as you keep reading this entire article. It's crucial to check If cameras are In operation, but as opposed to the details mentioned right above this paragraph, It will not be listed In their website so you need to seek other alternatives- which I've written a guide a little further down the page. Before I get Into the SEing side of things, It's vital to have a clear understanding of the meaning of CCTV cameras, as well as the way they're used In a warehouse environment so without further delay, let's make a start.
What Are CCTV Cameras?
CCTV Is an abbreviation of "Closed-Circuit Television" and Is rarely used In this manner but In the event It Is, you're now aware of what It refers to. Believe It or not, CCTV technology was first Introduced In the early 1940s during the Second World War to monitor the operation of V2 rockets, and Its usage began to rapidly expand to where we are today- of relevance to this guide being manufacturing plants, warehouses, storage facilities and the like. When In use, they're constantly running and capture every bit of activity within their coverage area, hence the person In charge of the cameras, knows precisely what happened at any given time and can pinpoint one's behavior by referring to the timestamp In the footage.
There are no hard and fast rules as to why companies choose to Install them. Some do It to help deter crime, whilst others simply want to check If their employees are complying with their policies, such as meal breaks taken at the right time and not longer than the specified duration, or perhaps to see If their forklift drivers are responsible and practice good occupational health and safety measures. That being said, there's a fine line between monitoring personnel for the said reasons and Invasion of privacy. However many organizations couldn't care less and only think of how to Improve productivity and save money, thus "place CCTV cameras In their warehouse to ensure that their workers are packing goods accurately and without error". This puts a negative spin on every social engineer's Intention to obtain refunds/replacements, but It's not to say that It cannot be done- It's certainly well and truly possible and you'll see exactly how, shortly. Countless SE'ers have asked me how the cameras are used In the warehouse, so let's check It out now.
How CCTV Cameras Are Used In Warehousing:
Before I make a start, I'd like to point out that due to the nature of warehouse logistics to the likes of receiving and dispatch, Inventory management, racking systems and shelving and particularly packing benches and procedures, It's way beyond the scope of this article to cater for the structure of each and every environment. What I will do, Is give you a general and very accurate example of how CCTV cameras are used In "modern warehousing", namely "during the packing process"- In readiness for the shipment of each consignment. What you're about to read, does NOT apply to all warehouses In Its entirety, meaning some may only utilize a portion of what's Involved but nonetheless, It's just as effective In controlling and observing the movement of stock.
Okay, now that you understanding the objective of this guide, here's how It works. Once you've placed your order, the storeman will be allocated a picking slip with descriptions and quantities for each product, and will pick the Items from their respective locations In the shelving/racking. He will then place the box on a conveyor belt, where the "packers" are standing by waiting to receive It. This Is the stage where all the action happens. Right above each packing area, there are overhead CCTV cameras Installed, that record precisely "how the contents are packed In each box"- by their description & quantity. In a more advanced setup, scales are added to the packing tables and document the overall weight of the box, and then calculate what It should In fact weigh. If there's a variance, It will alert the packing team that something Is not right, thereby the box must be reviewed and corrected.
As you can see In this particular setup, there are two frameworks, being the "CCTV cameras and weighing facilities" which safeguard and ensure that there are no errors made when goods are packed prior to dispatch. Do note that this type of Implementation, Is not typical of every warehouse but at the bare minimum for those that actively monitor their packing procedures, CCTV cameras will be In operation. From a social engineering standpoint and In terms of the (for example) "wrong Item received method", this Is the main reason why many SEs fail- as It will be an arduous task for the SE'er to try and justify how and why he didn't receive the correct Item. Having said that, SEing Is all about finding flaws, weaknesses and manipulating them accordingly and as you'll see In a couple of topics after this, It can be circumvented quite easily. The first thing however, Is to see whether the company you're planning to SE does have the cameras up and running, which brings me to my next point as per below.
How To Identify If CCTV Cameras Are In Use:
As opposed to the traditional methodologies when researching a company, whereby you navigate and sift through their terms & conditions to locate what you're after, you cannot do the same when wanting to Identify If they use CCTV cameras. Sure, you may find the odd listing buried somewhere In one retailer's terms but for companies on a very large scale, your search will be futile- they simply do not like to make this type of Information publicly available. So how do you know for certain that cameras have been put Into effect? Well, It's not too difficult at all and the way you do It, Is by performing what I call a "practice run" or In other words, a "trial SE", that's solely used for testing purposes and for the most part, will determine If cameras are part of how the company processes orders.
The method that you'll be using Is the "missing Item", by buying something that's extremely cheap (hence you have not much to lose should the SE fail), but a product that you need. As such, If It works In your favor, you have SEd an Item that's of benefit to you. Here's a brief example of how to apply the "practice run". Let's say you can make good use of a "SanDisk 32 GB USB stick, that only costs 7.35$", and went ahead with placing your order. When the carrier delivers your package, wait around 10-15 minutes and then contact the company and say that upon opening the package, the USB stick was missing. Even though It's Inexpensive, they will Investigate It In some capacity- companies don't like being In the negative with their sales, regardless of cost.
Now when they communicate back to you, If your claim has been approved or declined (either way, It doesn't matter for testing purposes) and "there's no mention of CCTV cameras as all or part of the reason for their decision", then you know that they're not using the technology. At times, there are occasions when representatives approve claims due to sheer laziness or neglect to comply with their protocols and guidelines, thus to be totally sure, "hit another practice run" but this time with a different Item- just to see If their picking & packing procedures are done on the same grounds with every order. As with the above example, their response will conclude whether cameras are functioning In the warehouse. In the event they are, I'll demonstrate a clever workaround that will deem Its footage useless, so let's see how It's done.
How To Render CCTV Camera Footage Inconclusive:
There's no doubt, that CCTV cameras are very effective to keep an eye on exactly what's going on when goods are being packed In readiness to be dispatched to their respective customers. If you've read everything so far word for word, you're probably thinking that It's virtually Impossible to bypass detection and guess what? You're absolutely correct! Unless you can hack Into their systems and disable monitoring, they will remain operational but It's not about trying to take them down or circumvent detection, but rather render their footage Inconclusive. And the way you do this, Is by using the "wrong Item received method", by saying that you (seemingly) received something different to what you originally purchased. However, you cannot just choose anything that comes to mind, such as a sweater that's manufactured In clear packaging- the cameras will obviously Identify It!
For this to work, "the Item must be enclosed In a box" and It's Imperative that It cannot be viewed externally without opening It. That Is, the box Itself, cannot contain any type of clear film that would potentially expose Its contents, and It must be fully sealed with no visible signs of the Item. For Instance, I know for a fact that a SanDisk Extreme Portable SSD 1 TB, comes In Its factory state without a window (film) on any side of the box- It's only wrapped In cardboard, which Is Ideal for the methodology I'm about to explain, so I'll reference this as the Item that you'll be social engineering. What you'll be doing, Is using the "wrong Item received method" due to a "manufacturer error", that requires a very calculated and strategic approach. Prior to hitting the SE with this method, allow me to elaborate on what It entails as follows.
In contrast to the wrong Item received method due to a "company error", whereby the storeman picks the Incorrect Item/box from the shelving/racking and the CCTV cameras notice It during the packing process (hence the SE will fail), the same method as a result of a "manufacturer error", cannot be verified by the cameras. The objective Is to say that "the Item In the box Is Incorrect". In other words, "you received the correct box but It contained a different Item"- all because the factory made a mistake and put "another Item In the box". Although It's not a commonality, It does happen from time to time, and this Is what will render the CCTV camera's footage Inconclusive. How so? Well, the cameras do not x-ray the box nor can they view what's Inside when your order Is being packed, therefore "they will only record the box and Its description"- regardless of what's Inside! Makes sense? Good. Now that you understand how It works, I'll formulate the method and put the SE Into action respectively.
Preparing The Method:
Given the nature of the method, the company will ask you to return the wrong Item that was (apparently) enclosed In the box and sent to you. So, before hitting the SE, the first thing you need to do, Is purchase the wrong Item that you'll be returning but there are a couple of Important factors to take Into account- namely Its "weight" and "product type". For example, In terms of the former, If scales are operating at the warehouse packing tables, then they'll evidently document the weight before your order Is dispatched. When you send back the wrong Item, If your weight doesn't match with what they have on record, then your SE Is destined to fail. Pertaining to the "product type", It must be something that's consistent with a manufacturer error. For Instance, If you're claiming that you've received a "bottle of cologne/perfume" Instead of a "Garmin sport watch", It's highly unlikely that they'll make a mistake with goods that're manufactured and stored In different departments.
Put simply and to not raise suspicion, thereby significantly Increase the likelihood of a successful outcome, both the original & wrong Item should come from same category. A prime example of this, Is hair dryers and moisturisers belong In the "Beauty" section, so the probability of error Is more likely than not. I'd also like to point out that It's best to buy the wrong Item from the same company, but on a completely different account and sent to another residential address. As such, If they decide to scan your return, they'll see that It's part of their Inventory and assume that It does In fact belong to them. I've tried to simplify this as best as possible, so I do hope you comprehend It quite easily. On the grounds that you've prepared your method accordingly, the most crucial part has finally arrived- executing your attack which Is out of my hands and solely your responsibility! I can only guide you from this point forward, so pay attention to every detail.
Executing The SE:
To avoid congestion, this Is simple, straight to the point and relates to claims when CCTV cameras are In operation, so let's begin. As mentioned a little further up the page, the Item that you'll be SEing Is an "SSD" (Solid State Drive) using the "wrong Item received method", so you've already purchased the Incorrect Item which Is a "USB WiFi adapter" that weighs roughly the same as the SSD. The cost of the adapter Is only 10.99$, as opposed to the SSD being 214.99$, therefore you'll be making a nice profit. The carrier driver has delivered your package and after around 15-20 minutes, you've contacted the company's representative and said that upon opening the box, much to your disappointment, It contained a different product to what you've ordered. The rep asked for the description of the Incorrect Item (Inclusive of make and model) and when you told him It was a USB WiFi adapter, he said to return It and advised that he'll look Into your claim and get back to you In 3-5 business days.
Behind the scenes, they've opened an Investigation to see what's going on by cross-checking the weights with the carrier's manifest but because the Items are extremely light, they did not register on consignment, so they've decided to refer to their warehouse packing facilities- namely the "CCTV cameras and scales". The recorded weight (less the packaging) matched with what you told them you received- being the USB adapter, hence the next course of action Is to view the camera footage. They've done exactly that, and established that "the correct box was packed", however they "could not Identify what was Inside". To conclude the Investigation, the rep scanned your return (the USB adapter) and It was In fact "their stock Item". All this was enough to deem that "the manufacturer packed the USB WiFi adapter In the SSD box" and as such, a refund was Issued Into your account. Congrats with the success of your SE!
In Conclusion:
Well, this article took a lot longer than anticipated but my objective was to cover the most Important details about "how CCTV cameras operate In a modern warehousing environment", as well as the way their departments pack, dispatch and refer to orders when discrepancies are brought to the company's attention. Do remember, that this does not apply to each and every warehouse. I cannot possibly cater for every stores department and distribution center, so before you start asking questions regarding variances and Inconsistencies, have a good think about what you've just read. As a closing note, you can clearly see that CCTV cameras have their limits during the packing & verification of goods, so use my guides to your advantage and manipulate Its contents according to the nature of your SE.
