Niflheim World

Welcome to Niflheim !

Log in Register
  • First 5 messages from new users (pre-moderated user) will be checked for flood/spam before being posted on the forum. Users will also be checked for a multi-account.
    If you want to communicate without delay, get a free Huscarl status (how to get - User Groups), or buy premium status (how to buy - Premium status)

SE IN DEPTH METHOD SELECTION


Hiotcek

Hiotcek

Publisher
Staff member
Lenderman
Joined
Oct 8, 2020
Messages
4,659
Reaction score
3,086
NL COIN
23,594
1655724234050.png
How To Effectively Select Your Method With Every SE.
If you're a regular reader of this blog, you would've sifted through countless articles and tutorials pertaining to different types of "methods" used to deceive representatives Into crediting accounts, and dispatching replacement Items at their expense, while you still get to keep the original one. What this refers to of course, Is the new breed of human hacking known as "company manipulation and exploitation", whereby social engineers hit online retailers by choosing an Item and preparing their method for the attack - with the objective to push reps to their limit, and (preferably) receive a refund without raising any suspicion whatsoever. As such, the SE appears legit and the same company can be SEd at a later time with minimal cause for concern.

What you've just read, will only take place If you Implement "Item and method compatibility" before executing your attack, meaning the method must be suited to the nature of the Item you're planning SE and although It's such a simplistic task, many social engineers fail to understand why It operates as such. For Instance, I continue to come across users on a particular board/forum asking for help to the effect of "I'm going to SE amazon, what method do you guys recommend?". It's like me asking "How long Is a piece of string?". I can't answer that, nor can anyone else! Another SE'er who responded by offering his assistance, replied with "I suggest using the EB (Empty Box) method".

Mind you, the Item In question was a laptop weighing around 2kg, so how on earth can the EB, also known as the missing Item method, possibly succeed? I can assure you that If an Investigation Is opened, the SE will fail there and then - without a shadow of a doubt. Now It's not my Intention to belittle fellow SE'ers In any way, shape or form, but rather guide them In the right direction with "the steps they need to take to ensure that the method they've selected, Is well and truly compatible with the Item they're SEing, as well as the structure of the company per se". As a result, It will significantly Increase the likelihood of a successful outcome, regardless of who the company Is, and the type of Item that has been chosen.

In a nutshell, the purpose of this article Is to provide you with the expertise on how to effectively "put together your SE all on your own" so by the time you've finished reading Its entire contents, the need to request assistance will be down to the minimum. If you're a beginner social engineer, believe me, your skill set will Improve beyond your expectations! Every topic below, runs In chronological order - starting with the very first step of your SE, and then working towards finalizing It on your end In readiness for your attack vector. This tutorial Is quite detailed, so make yourself a few cups of coffee and absorb every bit of Info from this point onwards. Okay, without further delay, let's rip Into It.


Understand The Company You're SEing:

The very first thing to do with every SE, Is to have sound knowledge of how the company functions from both an "Internal" and "external" standpoint. Evidently, this Is on the grounds that you've either never dealt with the company beforehand, or only SEd them on the rare occasion. The former (Internal) relates to everything that occurs within the confines of the company's environment that can potentially have a negative Impact on your SE, and the latter (external) Is relative to happenings with their carrier partner(s). You cannot perform what I call a "blind SE", whereby you have no Idea what you're up against- the probability of failure Is almost a certainty.

For example, If you've opted for the wrong Item received method by social engineering a UK retailer named "ASOS", and didn't bother to delve Into their picking & packing procedures, you'd be disappointed when your claim Is ultimately declined- for the fact that they have "CCTV cameras actively monitoring their warehouse", hence their camera footage deemed that you did receive the correct Item. Or perhaps you've decided to use the DNA method on "Amazon" for a high value Item worth In the thousands of dollars, with the Intention to sign with a fake signature and then claim that you didn't personally accept the package. However, you were later Informed that an OTP (One-Time Password) will be required on delivery, which put an end to your plan to DNA It.

As you can see, the nature of the company and the carrier used to service their deliveries, play an Integral role when "selecting an appropriate and suitable method", so It's of the utmost Importance to be well acquainted with both the company and the carrier Itself. So how do you Identify and establish the Inner workings of each entity? I'm glad you've asked! Now It's not possible to cater for each and every one, so what you're about to read Is based on general terms- with the objective to perform "In depth Information gathering" by navigating to their website's terms & conditions.

Inclusive of the above, you will be doing a little detective work on your own- namely to collect Info that's not available online. Don't worry, where applicable, I've explained It In a straightforward and easy to understand manner. To simplify the entire process for you, I've listed everything In the subtopics below, followed by a brief description for each one and finished with the source of where you can obtain the details In question. Do note that this topic In particular, "Is very lengthy" and although you may be familiar with some details, I strongly suggest reading every word - as there will be Information unbeknownst to you.


On What Grounds Are Replacements Issued?

Every company varies with their replacement policy, so you need to be aware of the time frame on which you can claim for your Item to be replaced. For Instance, some have a 10-day or 20-day (or more) policy from the time your Item was delivered or Invoiced. Also checkout the reasons required to warrant a replacement, such as faulty nonfunctional Items and accidental damage. The latter (accidental damage) Is very Important because If you're claiming as such, you must specify that It was In fact an accident, and not done on purpose. Yes, this Is very much stating the obvious, but It's easy for any SE'er to slip up- especially when the SE Is complex and Intense.

Source: Website's terms & conditions.


When Do Refunds Get Issued?

The "principle" on which refunds are given Is quite similar to replacements, but there are a few major differences and requirements In the way they're "processed". For example, some companies ask for a POD (Proof Of Destruction) by emailing them an Image or video of the product being destroyed, while others request the Item be returned "In Its original unused package/box" as per the manufacturer's state. Also, many companies do not accept returns on certain goods like food, health & beauty Items and cleaning supplies, so keep this In mind when choosing your method.

Source: Website's terms & conditions.


Do They Have CCTV Cameras In Place?

If you've never SEd a particular company and you're looking to use the missing Item method, the partial or perhaps the wrong Item received, It's crucial to establish If their warehouse activities Is monitored by CCTV cameras- being their picking & packing procedures. If so, and apart from the partial manufacturer method, It's almost guaranteed that your SE will come to an end, not long after your claim was assessed. The reason Is because they'll refer to their CCTV footage, and see that your Item was picked & packed correctly. If the company you're SEing has cameras In action, as opposed to the above methods, opt for one that won't be affected, like the sealed box or the boxing method.

Source: Perform a practice run to Identify If cameras are In use.


How Can The Company Be Contacted?

Every social engineer has their strengths and weaknesses, whereby some have the gift of the gab and have no Issues "communicating In real time over the phone", while others are quite the opposite and prioritize "shooting off an email" as their preferred gateway- hence have all the time In the world to think of an appropriate response before replying to the representative's message. Where available, "Live Chat" also favors some SE'ers, namely those who're quite confident and responsive when translating their thoughts onto the computer keyboard. If your method Is known to trigger an Investigation and subsequently require a police report be filed & returned, due to the complexity of those events, choose a communication channel that you're proficient In utilizing.

Source: Usually located and accessed on the website's homepage.


Do They Offer Advanced Replacements?

Often abbreviated as "AR", an Advanced Replacement Is when the company will send you a replacement Item "before you return the one that was purchased from them" that's (seemingly) defective. When you receive your replacement, you're supposed to send the broken one back. Being the social engineer that you are, you'll do nothing of the sort and Instead use (for example) the boxing method. For your reference, "HP" and "Dell" offer advanced replacements, with Dell defining It as "Advanced Exchange". You can clearly see how the company's claims management, can affect the type of method that will ultimately be used with your SE.

Source: Website's terms and conditions.


Do They Bill You When The Item Is Not Returned?

Further to the above topic pertaining to an "AR", you'll find that the majority of companies who offer an advanced replacement, will actually bill/debit your account If you don't return the defective unit. Do remember that the Item Is not faulty- you're only saying that It Is for the purpose of the SE. HP Is one of a handful of companies that bills accounts and as such, you need to plan ahead with how to circumvent sending the Item back or avoid being billed. In terms of not returning It, I suggest SEing something that can easily be boxed by obviously using the boxing method. As for keeping your funds Intact, checkout my guide on Protect Your Payment System.

Source: Usually found In the site's terms & conditions, or ask other SE'ers.


Check The Type Of Carriers Used

With regard to using the DNA (Did Not Arrive Method), It's paramount to know "which carriers actually service the company's deliveries"- specifically to determine what type of verification (If any) Is required when accepting packages at your premises. For Instance, a carrier named "DPD" who's partnered with Amazon, ASOS and a few others, (sometimes) takes photos of the drop off point (being your home), and uses the photographic evidence to mark their consignments as successfully delivered. If you're not aware of how to bypass It, your SE may fail. Other things to look for when receiving your goods, Is "signatures" and an OTP (One-Time Password).

Source: Website's terms and conditions and/or a practice run


Does The Company Respond To PayPal Disputes/Claims?

For one reason or another, your SE can fail at the best of times and when reps refuse to budge with their decision to decline your claim, you can "file a dispute with PayPal and then escalate It to a claim". If you don't have a PayPal account, navigate to their site and create one now! The Intention of a dispute/claim, Is for PayPal to reverse the transaction and credit your account for the cost of the purchased Item. In order to do that, they'll contact the company and get details about your claim, but some companies do not respond to PayPal, which means the SE will finalize In your favor. To maximize Its success, It's vital to flawlessly formulate and execute your method, hence If the company somehow happens to reply, It will support PayPal's assessment of your claim.

Source: Only through your own experience, or alternatively ask other SE'ers.


Is An OTP Required On Delivery?

If (for example), you're SEing a high value Item such as a TAG Heuer Men's watch from Amazon that retails for around 10,000$ by using the DNA method, an OTP (One-Time Password) will most likely be required to verify that the package not only made Its way to the correct address, but was also "personally received by yourself (the SE'er), or another authorized recipient". What this means, Is that the OTP will be sent to your cell phone or email address and when the driver arrives, you must tell him the password to accept your package. If you don't give him the OTP, he has every right to mark the consignment as undelivered. Although (for the most part) you're told In advance about the OTP, If you've planned the DNA method before being Informed, It may well ruin the entire SE- particularly when you have no Idea how to manipulate the driver to hand over your package without the password. You can read my guide here on how to bypass It.

Source: If you're not told beforehand, simply contact the company as a legit enquiry and ask what type of verification will be required on delivery.


Does The Driver Accept Signatures?

Even though this Is part of just about every carrier's policy to request a signature on delivery, I've experienced countless drivers who leave packages unattended at the doorstep, or sign their very own hand-held device. When this happens, they've basically DNA'd themselves, thereby the SE Is already over 75% complete without even contacting the representative and saying the package didn't arrive. How so, you ask? Well, there Is no evidence to conclude that "you personally received your package"- It only marks It delivered to your "address" and not to "you", thus anything could've happened to It In your absence- a passerby stole It, or perhaps your neighbor or the driver himself did the same thing. Either way, It's perfect DNA material.

Source: No need to gather any Information. If you experience the above scenario, hit the DNA method.


Does The Driver Leave Packages At A Safe Place?

In the event you're not home to accept your delivery, one option that a lot of carriers have In common, Is to leave the package "In a safe place" either at your residence or with your neighbor. Generally speaking, a safe place Is defined as a location within the confines of your property that's secure and protected from damage and most Importantly, guarded from theft. Many SE'ers use this to their advantage with the DNA method by saying their package was stolen, but there's one crucial element that they overlook. If It's "yourself" who Instructs the carrier to leave It In a safe place, then "you" are responsible for loss of goods, therefore the DNA will fail there and then. On the other hand, If the carrier/company makes the decision, "they're held accountable". It's pretty much self-explanatory, so I don't need to elaborate further.

Source: Website's terms and conditions or a Google search by entering the company/carrier In question.


Does The Carrier Offer A Non-Tracking Service?

Companies that utilize a carrier to service their deliveries, predominantly use "tracking Information" to keep an eye on their consignments as they travel through their network, and ultimately mark each one as delivered when It reaches Its destination. Although tracking cannot be used to verify deliveries, for the fact that It only deems the package was sent to the "address" and not "personally received by the SE'er", If tracking can be avoided altogether, It will be one less thing to deal with during your SE. Some carriers such as "Royal Mail" have the option of a "non-tracking service", which will allow you to use the DNA method to Its full potential. Alternatively, If the same applies to returning goods, then the "LIT" (Lost In Transit) method would be a breeze to execute.

Source: Website's terms and conditions.


Does The Carrier Accept Dangerous Goods?

When using the leaking battery method, whereby upon receiving your Item you've contacted the company and told the rep/agent that the battery was leaking the moment the box/package was opened, he will more than likely ask you to return It, and only Issue a refund/replacement when he receives It. Obviously, there's nothing wrong with your Item, but you're stating that there Is for SEing purposes. Moreover, you have no Intention to comply with the rep's request, hence a very effective way to circumvent the return, Is to make sure "the carrier does not accept and transport dangerous/hazardous goods". Under certain conditions, there are carriers like Royal Mail who will actually dispose of the package (or part of It) If It's a prohibited commodity. Be sure to keep all this In mind when using the leaking battery method.

Source: Mostly stated In their website's terms but If not, research or call the company as though you're making a legit enquiry.


Familiarize Yourself With Every Method:

Now that you've realized the Importance of establishing how companies and carriers operate, and why their management (when handling your goods and processing claims) plays an Integral role with the type of method you're planning to use, the next step Is to "familiarize yourself with every method used In the company manipulation and exploitation sector". Even If you're an advanced SE'er who's been hitting companies for many years to date, or perhaps using your skill set as a refunder by offering your service to those who lack the knowledge to SE on their own, there will be at least one method that you're not entirely sure on the "Ins and outs" of how It serves Its purpose. And If you believe otherwise, you're under a total misapprehension- It's simply not possible to be 100% aware of the "Intricate details" of every method.

For Instance, on the grounds that you haven't come across this blog as yet, and during your online travels you happened to read a message about the Indirect SEing method or maybe someone pointing out the benefits of universal SEing methods, I'd say It's very safe to assume that you're clueless as to what each one entails, correct? I thought as much. That's because It was "myself" who put those methods together and named them as such. As a result, "they're not recognized by their title", which essentially means that unless their contents are openly discussed In a particular community, you'd have no Idea what they denote purely by name.

Given I was able to formulate the methods, any other SE'er can do the same with theirs, thus being well acquainted with every method you can get your hands on, Is first and foremost. That's where I come In. I've not only documented the ones that are used by SE'ers of all shapes & sizes, but have also Introduced a few that're rarely put Into practice, yet quite effective In serving their objective. To avoid congestion, I've referenced/linked each method (as highlighted In blue, so simply click on It) to my very own tutorials on this blog, as well as provided a short description of the method Itself and how It relates to your SE, so strap yourself In and enjoy the ride.

  • The Boxing Method - Used to circumvent the need to return your Item as requested by the rep/agent. Can be done with or without dry Ice.
  • The Broken Glass Method - The glass was smashed to pieces when the package was delivered. Very hard for the company to prove otherwise.
  • The Corrupted File Method - Purposely rendering a file useless and sending It to the company, with the Intention of getting a refund by putting them at fault for not being able to open It. Tends to be a lengthy process.
  • The Corrupted Video Method - As above, but rather than using a file, the URL of the video Is manipulated accordingly.
  • The Double Dip Method - Used to SE the same Item twice from the same company. Not suited for beginner social engineers.
  • The DNA Method - An abbreviation of "Did Not Arrive", the SE'er claims he didn't receive the package from the carrier driver. When prepared with precision, It has a very high success rate.
  • The Gift Method - Claim a refund by saying the Item was given as a gift. Excellent to bypass a request for a POP (Proof Of Purchase).
  • The Fake Receipt Method - Creating a fake receipt to verify the purchase when the SE'er does not have the Item to begin with.
  • The Cross Shipping Method - The company ships a replacement Item and at the same time, the SE'er (seemingly) sends his defective Item. The SE'er will Instead send (for example) an empty box and anonymize his address by using a drop to accept the delivery.
  • Disposed Of The Faulty Item Method- Used to bypass a product return by saying that the Item was disposed due to health & safety concerns.
  • The Partial Manufacturer Method - The social engineer claims that upon opening the box, a part of the Item was missing. For Instance, he ordered a CPU, but only received the fan/cooler and cable without the CPU Itself.
  • The Missing Item Method- As Its name Implies, the Item was missing when the box/package was opened. At the time of this post, AirPods have a very high success rate, particularly with Amazon.
  • The Partial Method - Same as above, but rather than SEing a single Item, you'd purchase multiple Items and claim that one or more (of those Items) was missing. The extra products add weight to the shipment, with the objective to take the attention away from the Item(s) being SEd.
  • The Sealed Box Method - Replace the original Item with something completely useless, and seal the box as per Its factory state and send It back for a refund. For the method to work, It must be formulated to perfection.
  • The Similar Item Method - Swapping the original Item with a like-for-like (similar) product, and return It for a refund or replacement. It's best to hit the SE when the company Is Inundated with orders and claims, therefore they will not have enough time to thoroughly check the return.
  • The Stale Food Method - Suited to beginner SE'ers, this method Is very easy to apply and almost guaranteed to succeed by saying that "you felt extremely sick Immediately after eating (or drinking) the product you ordered".
  • The Wrong Item Received Method - An Incorrect Item was received to the one that was placed on order. It's considered a universal method, for the fact that It's compatible with every company who has an Inventory of stock.
  • The FTID Method - Short for Fake Tracking ID, It's the biggest load of garbage to hit the SEing sector. The author of the method can't even get the title right- the "tracking ID Is not fake", It's the "label that's manipulated to represent a fictitious shipment" that defines the method's Intention. Read my article for clarification. That being said, one way It "may" work, Is when PayPal only requires the tracking ID that shows the package Is being delivered, but that's due to PayPal's mismanagement and not the effectiveness of the method.
  • The Serial Number Method- Exploiting the manufacturer's warranty by locating a valid serial number of a particular device, and solely using the serial to have a replacement Item dispatched. It can be a lengthy and arduous process at times, namely when companies like Logitech, Lenovo and SteelSeries ask for a "POP" (Proof Of Purchase) and refuse to budge until It's received.
  • The Wrong Item Sealed Box Method - A variation of the wrong Item received & the sealed box method, the SE'er claims that upon opening the factory sealed box, there was a totally different product to what was meant to be enclosed. The key to Its success, Is to remain adamant with your story of finding another Item In the box.
  • The Indirect SEing Method - If a product Is very difficult to SE, that's when the Indirect SEing method comes Into action by opting for an easier Item of equal value and SEing that for a refund. You'd then purchase the (difficult) Item that you originally wanted.
  • The Leaking Battery Method - This Is when an Item was delivered by the carrier with Its batteries (seemingly) leaking. Because It could've happened at any time from when the package was dispatched prior to when It was received, both the company & carrier cannot provide evidence that the Item made Its way to Its destination In perfect condition.
  • The Faulty Item Method - The moment the social engineer receives his Item, he'll get In touch with the rep and say It's not working. The rep will ask to return It for a refund, and the SE'er will use the box method to avoid sending It back.
  • Universal Methods - There are three methods that're classed as "universal methods", being the DNA, the wrong Item received and the sealed box- for the reason that they can be used with any company that has an Inventory of stock and utilizes a carrier partner to service their deliveries. Generally speaking, they're not specifically tied to any Item, thus either one can be used when other methods are not suited to the SE In question.

Research The Nature Your Item:

So far, you've learned how to gather an array of details about the company you'll be SEing, and then read about every traditional method that's frequently used by (some beginners), Intermediate and advanced SE'ers. Although It will take some time to go through and understand how each of the above methods operate, you will eventually become familiar with the lot, hence the next stage Is to "research the nature of the Item" you're planning to SE. I've already mentioned the Importance of "Item and method compatibility" In the second paragraph of this article, and It's now time to see exactly why It's the backbone of each and every social engineering attack vector.

In other words and simply stated, apart from the universal methods that are generally not Item-specific, (almost) every other method's success, heavily relies on the "Item's packaging" and "how the Item Itself Is structured". Be It factory sealed In a box and shipped as such, or come In a clear resealable polypropylene poly bag, It's of the utmost Importance to Identify how "the Item and Its packaging" Is manufactured. For example, let's say you'll be using the sealed box method, by replacing the original Item with something useless that you have lying around the house. The Intention Is for the company to receive your return, assume that It hasn't been touched and place It back Into stock with a refund Issued thereafter.

However, you neglected to take the "weight" of your useless Item Into consideration and when the representative checked It against the consignment, It did not match with the original Item, which concluded that your sealed box did not contain the correct product. Furthermore, the box was manufactured with a small clear film on one side and Its contents can be viewed without opening It, thereby your useless Item was Immediately noticed- which Is yet another reason why your SE failed. Can you see why It's crucial to know all there Is to know about your Item, "before" choosing and formulating your method? Good! To help you with all that, I've listed a number of methods below that require the nature of the Items to be taken Into account as part of their preparation, and outlined only the vital elements that "must be applied".

  • The Boxing Method - If the Item Is extremely light (under 120 grams) send the box on Its own, otherwise dry Ice or another weight substitute must be used.
  • The Broken Glass Method - Stating the obvious, It's only suited to goods manufactured with glass. If possible, choose something that's quite fragile.
  • The Double Dip Method - The Item depends on the methods used for the double dip. For example, using the missing Item method for a 1kg speaker will fail there and then.
  • The DNA Method - This purely Involves receiving packages, so the weight & size of the Item Is not relevant, but be realistic with the SE. Check my tutorial for further Information.
  • The Gift Method - Will require to box the company, therefore the Item weight must be calculated to see whether It can be performed with or without dry Ice.
  • The Partial Manufacturer Method - It's very Important that the Item you're claiming as missing, does not register a weight on consignment. Keep It under 120 grams.
  • The Partial Method - As above for only one Item. When SEing multiple Items, each weight must be combined Into a single figure.
  • The Missing Item Method - Be sure to keep the Item weight < 120 grams. For a 95% success rate, work with a weight of roughly 40 grams.
  • The Sealed Box Method - The box must be fully enclosed In cardboard, and the weight of the random/useless Item must match the original Item.
  • The Wrong Item Sealed Box Method - Same as the sealed box method above, with both the Item weight and Its packaging.
  • The Similar Item Method - Given the original Item will be replaced with something similar, there cannot be a significant variation In weight between the two Items.
  • The Wrong Item Received Method - The wrong Item should be purchased on a different account, and from the same company that's being SEd. Its weight should also be the same as the ordered Item.

In Conclusion:

Well, this article exceeded Its reading time by a lot more than what I Initially anticipated, but I'm the type of SE'er who covers every angle and leaves nothing to chance, hence Its length Is well and truly justified. What you've learned from each topic, Is how companies are structured and the effect their operations have with your method selection.

You also have knowledge of each traditional method used by social engineers of all shapes & sizes, and the Importance of researching the nature of your Item against the method you're planning to use. All In all, you're now well-equipped to prepare your SE all on your own with minimal complications In readiness for your attack vector. Evidently, you won't remember each and every detail, so use this article as a point of reference as the need comes to hand.
 
You must log in or register to reply here.

About Us

Niflheim.top - is a community forum that suits basically everyone. We provide checking tutorials, tools, leaks, marketplace and many more stuff! You can also learn many things here, meet new friends and have a lot of fun! If you would like to contact us, you can send our staff team a message.

Information

FAQ
Upgrade
Advertising
Announcement

Online statistics

Members online
20
Guests online
802
Total visitors
822
Totals may include hidden visitors.
shape1
shape2
shape3
shape4
shape7
shape8
Top