How To Choose The Right Social Engineering Method

How To Choose The Right Social Engineering Method


The term "social engineering", Is rather broad and covers an extensive amount of methods and attack vectors, such as grabbing confidential Information from an employee In the head office of a Fortune 500 company, or SEing the representative at John Lewis to obtain a refund for a pair of AirPods by boxing them. This article Is based on the latter, by way of social engineering any company on any level- be It online or In-store, makes no difference whatsoever. As an SE'er yourself, I have no doubt that you've SEd at least a handful of retailers, so you will certainly relate to what you're about to read. On the other hand, If you're new to the art of exploiting the human firewall, then please allocate enough time to fully understand this guide!

As per the title of this post, It's of the utmost Importance to "choose the right method", prior to even thinking about how to prepare It, let alone execute It against your target. How so? Well, It's one thing executing your attack In a very effective manner, however It has very little to no effect If the "method" that you've chosen and formulated, Is Inappropriate and does not suit the nature of the SE. For Instance, let's say you're planning to claim a refund for a wool mix coat from ASOS, that weighs around 1 kg by using the "missing Item method". Given this will definitely register a weight on consignment, If It's cross-checked against the carrier's manifest, then the SE will fail. In this case, "another method that's suited to the coat", should have been selected.

If you haven't figured It out already, It's not as simple as applying the first method that comes to mind, and hitting your SE thereafter. In doing so and on the grounds It Is Incorrect, It's destined to have a negative result. Have you ever wondered why social engineers fail with their attempt to get a refund/replacement for an Item, even though they've (seemingly) covered every angle? One of the main causes of this, Is "because their method was NOT based on the nature of the Item". For this very reason, I will show you how to be selective with your method, and why It's suited to the Item you're looking to SE. So let's get this started.


The DNA Method:


This Is an abbreviation for "Did Not Arrive", which Is pretty self-explanatory. Put simply, when your order an Item from a given company online and you do In fact receive the package, you then claim that It wasn't delivered and that "you did not personally accept the package". The DNA Is carrier-based, thus considered a universal method that works with just about any company. By using this, It doesn't matter what Item you're SEing- be It a bulky laptop that weighs 3 Kg, or a CPU with a weight of 45 grams. The point Is, "the package did not arrive", so It's common sense that "this method can be used for basically any Item" as well as "any company" that (obviously) utilizes a carrier service.


The Wrong Item Received Method:


As with the above (the "DNA method"), this Is also a universal method, but does require a methodical and strategic approach when formulating your SE. This method works by ordering your Item and when your package arrives, you call the company and claim that you've received something completely different- hence "wrong Item received". However, It's paramount to play It smart by being systematic In "the type of wrong Item you select, and the account that's used to purchase It".

For example, let's say you're SEing a computer keyboard. The objective Is to purchase a wrong Item (from the SAME company) that's significantly cheaper, and around the same weight as the keyboard. "This must be done on a different account". As such, the company cannot link the keyboard and wrong Item to the same account holder. Also, "be sure that the wrong Item belongs In the same or nearby section of the warehouse as the keyboard". Why? Well, It's highly unlikely that the storeman will pick an Item that's located In a completely different department to where he's working at the time, yes? I think so too.

For the most part, the company will request the return of the wrong Item and "when they receive It, they'll scan It and see that It's part of their Inventory". As a result, they'll assume that they did In fact pick, pack and dispatch an Incorrect Item and Issue a full refund or replacement. You can clearly see the Importance of being selective with the wrong Item.


The Boxing Method:


This Is yet another method that requires careful planning and most Importantly, the nature of the Item you're looking to SE, must be suitable- you cannot just pick any Item and expect It to work. More on this shortly. So what exactly Is the "box method?" When you SE a company by claiming that the Item you've received Is (apparently) defective, they'll ask to return It for a refund or replacement. Instead, "you send the box without the Item", by making It look as though It's been tampered with- such as cutting It on one side, and sealing with different colored tape. This gives the Impression that the Item was stolen In transit, before the package was received by the company.

Now as mentioned above, It's not as simple as using any Item that comes to mind. For Instance, packages are weighed on consignment, so If you've chosen something that's rather heavy and returned the box with nothing In It, then the SE will fail. You'd need to substitute the weight, such as using dry Ice. Refer to my guide here on how to do this. On the other hand, If the Item Is extremely light, such as AirPods that barely register a weight, then you can send the box on Its own without adding anything to It. So when boxing a company, you must take the Item weight Into account, and decide If It can be done with or without extra packing.


The Missing Item/Partial Method:


I'd say this Is one of my favorite methods, namely because It's very effective "when the correct Item Is chosen". That's right, It's absolutely crucial that you opt for something that supports the method, otherwise expect a failed outcome with your SE . As Its name Implies and put simply, you claim that the Item you ordered was missing when the delivery was accepted. Now there's a couple of ways you can use this- one Is to order just the one Item and say that you didn't receive It, and the other Is to order a bunch of Items (on the same consignment) and say that one Item was missing, but the rest were fine. The former Is known as the "missing Item method", and the latter Is the "partial method".

It's Imperative to use the appropriate Item. Why? Well, as you're aware, goods are weighed at the carrier's depot so If you've ordered (for example) a ski jacket that weighs around 1.2 Kg and claim that It was missing when you opened the package, the company will most likely open an Investigation and check the carrier's manifest. They will then compare the "dispatched weight" against the "delivery weight" and If both match, then your jacket could not have been missing! For this method to work, you'd need to "choose a very lightweight Item", that will not record a weight on the carrier's shipping notes. As such, It cannot be deemed delivered and the company will have no choice, but to Issue a refund/replacement.


In Conclusion:


There are many more methods that should be used and applied according to the nature of the Item, however It's way beyond the scope of this article to cover the lot. I'm sure you get the gist of how each one should be formulated, so use everything you've read as a general guide when selecting the method and Its respective Item. Sure, some SEs do work without taking the method & Item Into consideration, but this Is mainly due to the laziness of the representatives, the carelessness of the carrier or the company Itself neglecting to comply with their very own protocol. It's always good practice to cover every angle and leave nothing to chance, so do exactly this with everything you've learned from this article.​