It's a given, that social engineering Is a complex form of exploitation to successfully manipulate a particular entity Into performing an action that they're not supposed to do and one wrong move, can end the attack In the early stages of the SE. Be It grabbing someone's credentials over the phone by pretending to be an agent of their credit card provider who's noticed an unauthorized transaction on the account and requires the victim's personal details for verification purposes, or deceiving representatives to reimburse funds Into the SE'ers account or dispatch a replacement Item at no extra charge - they all require fine attention to detail to achieve the objective at hand.
No matter what It Is you're looking to SE and who you decide to be your next target, the job cannot be done unless you've already prepared a calculated and strategic plan, which In today's world of "company manipulation and exploitation" Is known as a "method". If you're reading this from an Intermediate or advanced level In the SEing sector, I'd say It's safe to assume that you need very little Introduction on what methods entail, but from a beginner's standpoint, I'll briefly explain It with an analogy that you can relate to as follows. We'll say that you bought a computer workstation that comes with shelves, draws, cabinets etc In Its collapsed form.
To put It together, you'll need the "assembly Instructions" and If they happen to be missing or "belong to another unit", your project will fail before It had the chance to begin! The same principle applies to social engineering - the "assembly Instructions" Is the "method" and It must "belong (be suited) to the company and Item you're SEing". For Instance, If the "missing Item method" Is used on a product that weighs 900 grams, and the company Is ASOS who has CCTV cameras monitoring their warehouse activity, then don't expect a favorable outcome. Why? Well, If an Investigation Is opened, the Item Is far too heavy for the missing Item method. Moreover, the company would refer to their camera footage and conclude that your Item was In fact picked, packed and dispatched correctly.
In contrast to the above scenario, you're probably thinking of the time when your SE was approved on the spot with no questions asked, but I'm not talking about brain-dead reps who can't think for themselves, but rather those who work strictly by the book and follow company protocol when assessing claims. As such, It's Imperative to cover every possible angle with your method and of significant Importance, are those that're "based on the weight of the Item" for the SE to succeed. As per the above paragraph, you've just read why the weight of the missing Item method Is a crucial part of the attack vector, but for one reason or another, many SE'ers find It difficult to comprehend - Inclusive of Identifying If a given method relies on the Item's weight.
If you're part of that equation, that's where I come In. What you will learn from this article, Is the traditional methods that require the weight of an Item as part of their preparation, as well as how and why the actual weight plays an Integral role with where your SE Is heading - namely whether your claim will end up with a refund or replacement. There are quite a number of methods used by SE'ers of all shapes & sizes, however It's way beyond the scope of this guide to cater for the lot. What I have done In the topics below, Is list those that are commonly used and preferred by almost all SE'ers and at the end of each topic, I've outlined why the weight Is relevant to the method Itself. So without further delay, let's get this started beginning with the "sealed box method".
The Sealed Box Method:
The good thing about the sealed box method, Is that It can be used on a broad range of products that are manufactured and packaged In a box containing a factory seal, and for the fact that the likelihood of Its success Is extremely high - but "only when It's applied In a systematic manner". You'll see what I mean shortly. This method Is not only suited to online stores to the likes of John Lewis, Logitech, Amazon etc, but It can also be used with "In-store SEing" by returning the box In person at the customer service counter" - which In my experience, has a very good chance of success due to the way (at times) returns are handled by placing the box under the counter and dealing with It at a later time. This often happens when the store Is Inundated with customers, hence they don't have the time to check It there and then.
Okay, here's how the sealed box method works, and "why the weight must be taken Into account during Its preparation". Let's say you're planning to SE a "CPU cooler with fan" from Amazon, that weighs around 500 grams. You can send It back for a refund, by using their return options (example: bought by mistake, no longer needed, etc) but rather than returning the CPU cooler, you'd pack anything that you have lying around the house, and send that Instead of the CPU cooler. However, It's not as simple as throwing something In the box, sealing It, and dispatching It thereafter. First and foremost, "the weight of the useless Item that you'll be packing, must match the weight of the original Item that you're SEing at the time".
Why Is that, you ask? Well If the company contacts the carrier who handled your return, and checks the weight that was recorded at their depot and there's big variance, then they'd determine that your original Item was not enclosed, thus your SE will come to an end. So the first step, Is to be sure that the weight Is applied as mentioned above and when you have that under control, you'll prepare the sealed box method as follows. It's paramount to seal the box precisely as per the manufacturer's packing, with the objective to not show any signs of tampering with how you opened and resealed the box. As such, when the company receives It, they'll assume that It hasn't been touched and put It back Into stock and refund your account without hesitation.
Another vital element Is that "the box must be fully covered In cardboard on all 6 sides", thereby Its contents cannot be viewed externally, which essentially does not give the rep/agent any reason to Investigate your return. Now some products like the latest IPhone (at the time of this guide) are wrapped In clear film, so when taking the Item out, "only peel a portion of the film that's just enough to slide It out". Then Insert the useless Item and reseal It by using either a heat gun on the lowest temperature, or clear glue that does not leave any residue behind. Alternatively, a much better option Is to use a "heat sealer machine" from here or here, and also purchase the factory film from this site. On the other hand, some products such as laptops, are solely packed In a box with a factory seal on the top and bottom.
If It's easy to peel, fine, otherwise do not target the seal when opening the box - as this Is the first place the representative will look when checking your return, and will Instantly notice If It's been tampered with. Instead, focus on "where the box Is joined" - to Identify the weakest and easiest point where It can be pulled apart without causing damage. After you've added your random Item, resealing It Is simply a matter of gluing It back together as per Its original state. Bear In mind, you're not working to meet a deadline, so take all the time you need to complete your project. If need be, take an entire week! All In all, If there's no Inconsistencies with the way you've sealed the box, expect the SE to succeed.
The Weight Factor: The method Itself Is (basically) not limited to a certain weight. The only Implementation, Is the weight of both the useless/random Item and the original Item must match, or have a variance of no more than 40 grams.
The Wrong Item Received Method:
The biggest advantage of the "wrong Item received method", Is Its versatility, meaning It's compatible with every company that has a warehouse full of stock. Unless you're SEing a car (so to speak!) there's almost no restrictions with the type of Item to be SEd, hence Is classed as a "universal method" that can be used with just about every online store. Allow me to elaborate how the wrong Item received method works In a very simplistic fashion. As Its name Implies, you buy a product from (for example) Amazon and upon opening the package that was delivered by their carrier driver, "you received the wrong Item". That Is, you got something completely different to what was originally paid for. Naturally and stating the obvious, this Is not the case at all.
Now before you go ahead with the method Itself, you first need to "purchase the wrong Item that you're pretending to have received" - for the reason that you will be required to send It back, and a refund will only be processed when the company has It In their possession. Makes sense? Good! Okay, when buying the wrong Item, do so "on a separate account" by changing every Identifiable detail (thus It's not associated to your main account), and "make sure It's purchased from the same company you're SEing". As a result, when they scan the return, they'll see that It's part of their Inventory and assume that they did In fact dispatch the Incorrect Item to your home address, or whatever location you've used to accept the delivery.
Furthermore and given goods are weighed on consignment, It's crucial that "the weight of the wrong Item Is as close as possible to the Item you're SEing". As such, If the company decides to liaise with the carrier (who serviced your delivery) by cross-checking what they have on record, there will not be a discrepancy In weight, therefore your claim of receiving the wrong Item Is well and truly justified. Also, to make the SE worth your while, be sure that the wrong Item only costs a few dollars or so, hence you will make a very considerable profit. When you've applied everything that you've just read to your method and finished preparing It as stated, simply contact the rep/agent, Inform him of the error and a refund/replacement will be forthcoming.
The Weight Factor: The original Item that was ordered and dispatched, Is supposed to be the wrong Item, so the weights of each one must be equal or as close as possible - no more than a 40 gram variance.
The Missing Item & Partial Method:
Although both of these methods are titled differently, their formulation Is much of a muchness so rather than creating separate topics, I've decided to Include them here. Let's first begin with "the missing Item method". Social engineers use this to say that "the Item they bought from a particular company, was missing when they opened the box/package" when It was delivered by the carrier. For Instance, we'll pretend that you purchased one stick of Ram/Memory from a UK retailer named Currys, and had It sent to your home by their carrier service. Upon "opening the box", you'd call Currys and tell them that nothing was Inside - meaning the Ram Itself was missing. Alternatively, you can say that when you "opened the package", there was nothing Inside - meaning the entire box and the Ram was missing.
I'll explain how both of these alternatives work. When using the missing Item method, It's either a "warehouse error" or a "manufacturer error". The former (warehouse) Is when you opened the "package" and It was empty. That Is, the box and Its contents were not enclosed. This happens when the storeman has totally forgotten to pick your Item from the shelf/racking. In terms of a manufacturer error, you'd claim that when you opened the "box", the Item was missing. Essentially, the manufacturer neglected to put the Item In the box and sent It to the company, therefore only the box was delivered to you. In order for the missing Item method to succeed, the weight must be light enough to not register during transit. I recommend a maximum of 120 grams, and that's pushing It to Its absolute limit. For a > 95% success rate with minimal complications, stick to a figure of around 40 grams.
As for the "partial method", It's very similar to how the missing Item method works, but with a slight variation In the way It's executed as follows. Instead of ordering a single Item, you'd order a bunch of Items and then get In touch with the rep/agent and say that your order was partially filled when you received It. In other words and purely as an example, you Initially purchased 5 Items, however you "only received 3 or 4 of those Items". Put simply, the missing Item method Is used to SE only the one product, but the partial method Involves "buying multiple Items on the same shipment", and then saying that "one or more of those Items were not In the box/package". If you've applied the weight (as stated In the above paragraph) for each Item you're SEing, there's every reason to expect a successful outcome.
The Weight Factor: The weight must not exceed 120 grams when using the missing Item method but to maximize Its success, where possible, opt for a 40 gram limit. When hitting the partial method, the weight of each Item being SEd, must be combined Into a single figure.
The Boxing Method:
There are quite a number of ways that the "boxing method" can be formulated and executed, but for the purpose of this tutorial and to keep It simple, I'll demonstrate only the one example. Okay, after your Item was purchased and the carrier delivered the package to your premises, you'd contact the company a little while later and say that the Item you've received, Is not working. Evidently It's fine, but you're claiming It Isn't for SEing purposes. The representative will then go through a few routine troubleshooting steps - to try and Identify why your product Is not operating as per Its factory state and everything he asks you to do, you'll remain adamant that It's still not functioning.
When he's satisfied that It's defective, he'll arrange a refund or replacement but "only when your broken Item Is returned". Obviously, you have no Intention of sending It back, and that's when the "boxing method" comes Into action by returning your box/package without the Item, and making It look as though It was tampered with during shipment. To do that, cut It on one side and seal It with different colored tape, so when the company receives It, they'll think that your Item was stolen at some point from when you sent It, prior to when they received It. Now If they're responsible for loss of goods, they're liable and obligated to cover all expenses, thus they'll Issue a refund or dispatch a replacement.
As easy as It may sound, the boxing method must be prepared by leaving no room for error and here's how you do It. First and foremost, you must grab the "precise weight of your Item" - as this will determine how the method will be formulated and depending on how heavy It Is, you will be using one of two procedures to put It together. If your Item Is extremely light (under 120 grams), you'd send the box on Its own with nothing Inside. Do remember to cut It on one side and seal It with different colored tape! On the other hand, If the weight Is significant enough to be detected at the carrier's weighing facilities, you'd substitute the Item with dry Ice. Whichever option you've chosen and on the grounds you've applied the method accordingly, you can begin celebrating your SE's success.
The Weight Factor: An empty box can be sent when SEing products that are under 120 grams. Dry Ice must be used as a weight substitute with anything significantly over that figure.
In Conclusion:
What prompted me to write this article, Is the fact that a lot of social engineers are somewhat confused about whether the weight of a particular Item, should be taken Into consideration when preparing It against any of the aforementioned methods. Although It's blatantly obvious that the weight Is one of the first things that must be taken on board with each and every SE, for one reason or another, SE'ers of all types are still at a loss as to why It's an Integral part of each method formulation and attack vector. My objective Is to clear such Indecisiveness, and given you've read and absorbed the contents In every topic, I'm sure the majority (If not all) of your questions and concerns have been answered efficiently and effectively.
