SE The Reasons Why The So-Called FTID Method Will Fail.

[Hiotcek]

​

The Reasons Why The So-Called FTID Method Will Fail.
If you've just stumbled across this article from a beginner's social engineering standpoint, and have either just started your career or only performed a handful of SEs, I'd say It's very safe to assume that you're at a loss as to what the "FTID method" denotes, Inclusive of Its objective. The same can be said for Intermediate and some advanced SE'ers - there's quite a bit of confusion pertaining to how It should effectively be formulated and used against a given target and the reason for that, Is because the method Is flawed and contains an array of Inconsistencies that puts the SE In a vulnerable position, whereby It (predominantly) leads to failure - even In the most favorable circumstances.

In terms of the SEing side of things, If you haven't worked It out already, I'm referring to hitting online retailers like Argos, John Lewis and ASOS by deceiving their representatives to credit accounts or dispatch replacement Items at their expense - and If you use the FTID on "those companies", you'll be very disappointed when your SE comes to an end before It had the chance to begin. So what exactly Is the "FTID method?". I'm so glad you've asked! It's an abbreviation of "Fake Tracking ID", that's the biggest load of garbage to hit the social engineering sector and If you're trying to make sense of It by name, don't bother - It's totally Incorrect and misleading which further adds to the perplexity and futility of Its purpose.

The "tracking ID" Is not fake at all, but rather the "shipment" Is manipulated to represent a fake consignment. The author of this piece of trash can't even get the title right, which Is quite embarrassing for someone who claims to be In the refunding scene for many years to date. That aside, the Intention of this article Is to make you aware of "the flaws of the so-called FTID method, and the reasons why It will fail" against almost every company who operates with the state of the art logistics, and also complies with their protocol & guidelines when processing returns and assessing claims strictly by the book. What I won't be discussing "In detail", Is how the method Is supposed to work - you can read about It In my post here, and although there are many variations In the way It's executed, they're pretty much based on the same principle, so use my tutorial as a general guide.

Now before I move onto the method's failures, I want to make one thing perfectly clear. I'm not suggesting It doesn't work In Its entirety - It would be unwise and literally Impossible to speak for the way each and every company, Inclusive of their carrier partner(s), handle goods with their day-to-day operations. In fact, the so-called FTID method does succeed with entities who have brain-dead employees working In their Inwards goods/receiving area, or carrier drivers that neglect to scan and deliver packages based on the tracking Information, as well as administration departments who completely overlook records that detail precisely how & where consignments are travelling In transit until they're ultimately "physically received by the correct recipient".

On all (or a few) of the above circumstances, yes, the so-called FTID method does have a chance to work In your favor, but "executing It and relying on the Incompetency and mismanagement of others", Is not how methods are structured and formulated to succeed. If It were as such, the art of company manipulation and exploitation wouldn't exist! Every traditional method to the likes of (but not limited to) the DNA, the missing Item & partial, the wrong Item received and the boxing method, Is designed to circumvent companies of all shapes & sizes, regardless of the measures they have In place when processing returns and evaluating claims.

The FTID Is quite the opposite - basically execute It and hope for the best. Because It's very limited with the companies/postal services It can be used against, the majority of social engineers who support the FTID are "selective with whom they SE", meaning once they've Identified a few companies here and there who're naive and clueless thus vulnerable to the method, they'll focus on them alone, and then brag about the amount of times they've received a refund Into their account.

That's the main reason why you hear and/or read of Its success, but If they give It a shot with companies and carriers who are alert and not half-asleep on the job and also those "who do NOT process refunds the moment they scan the return at the service point or otherwise", It's a different story altogether - failure Is Inevitable. Okay, now that you have a clear understanding of this flawed piece of junk and on the grounds that you've read my guide, let's rip Into all the events of why It fails.


The Driver Delivers Based On The Scanned Consignment:

As mentioned a few paragraphs above, there are a number of ways that the method can be used, one of which Is to modify the shipping label by "removing every Identifiable detail that's associated with your order" (RMA, your sender Info, order number etc), and change the receiver's address to another random destination. The only thing that remains Intact, Is the "tracking number and Its respective barcode and the edited receiver's address". The objective of this, Is for the driver to scan your package (thereby It will be recorded as been sent to the correct address), but "he delivers It according to the details written on the label" - being the random destination that you've documented.

As such, the package will be marked as delivered (as per the tracking Info), but the company will not physically have It In their warehouse - "It was delivered to the random address", therefore they will most likely open an Investigation to try and locate It, but evidently their efforts will be fruitless. As a result, they'll have no choice but to credit the SE'ers account with a full refund. Unfortunately for the so-called FTID method and the author behind It, we no longer live In the 50s when scanning systems were non-existent and carrier drivers purely delivered packages, parcels and envelopes by reading the Information on the shipping label.

Nowadays and In terms of freight distribution from consignor to consignee and vice versa, just about everything works on an automated scanning system. For example, given carriers operate by scanning goods at the "collection point", the same with checking In packages "at their depot" and also at the "drop off point/receiver's address", how on earth Is the so-called FTID method supposed to work? That's "three Individual scans" from sender to receiver based on a local delivery service. Does the author of this piece of garbage, honestly believe that the driver will forget to scan the package three times, and deliver It solely on what's written on the shipping label? If he's lost touch with reality or perhaps forgot to take his antipsychotic meds first thing In the morning, then that's understandable (LOL). Under normal conditions, the outcome Is obvious.


The Carrier Company Reprints The Label:

Further to the topic (above), I've come across countless social engineers who think that editing the shipping label by "stripping all their personal and order Information" and putting a fake receiver's address, Is enough to mislead the carrier driver Into dropping off the consignment to another location. Moreover, some SE'ers use disappearing Ink (or a similar variant) that does exactly that - gradually fades and disappears after an hour or two of being applied to the label, hence the package will be unidentified and "lost In transit", thereby the tracking will show It's been delivered to the correct recipient but the whereabouts of the package Itself, Is unknown and will not be found.

Whatever the case may be with manipulating the shipping label, It's pretty much useless when used with carrier companies who follow protocol and transport freight on a large scale. How so, you ask? Well, I'll use "DHL" as the example - as they're known to be meticulous with how they handle freight. It also applies to many other carriers, but It's way beyond the scope of this article to cater for the lot. Okay, generally speaking, when they're checking In pallets, skids, cartons, envelopes etc at their depot In readiness for each Item to be placed In their designated storage area, the very first thing they do, Is "check and scan each consignment" - which may be done more than once before It's loaded Into the van/truck.

Because they do It a hundred/thousand times over each and every day, they're well and truly aware of the appearance of their very own shipping labels - namely the way they're formatted. Given you've completely removed your order details & personal Info and only left the tracking number, barcode and fake receiver's address, tampering will be Immediately noticed and to fix It, "a new shipping label will be printed based on the Information that was recorded when It was scanned". As for the disappearing Ink scenario, well, I don't need to elaborate on that - a blank label speaks for Itself! So If you're planning to use the so-called FTID method by modifying the label with carriers who're excessively pedantic, prepare yourself for disappointment.


Inwards Goods Thoroughly Check Returns:

Another way that a lot of refunders use the so-called FTID method to their advantage, Is to basically "rely on the laziness and stupidity of employees" working In the Inwards goods/receiving area of the company they're SEing - with the Intention to have the "envelope" they're returning, thrown In the trash and a refund Issued a little while later. I've used "envelope" as the operative word for a very good reason - as It's (supposed to be) a crucial element to the method's success. Here's how It's meant to work. As you know, the (main) purpose of the so-called FTID, Is to show that the return has been delivered "by Its tracking number", however there's no physical record of It.

The way It's done In this case, Is to prepare an "envelope" by (once again) removing all Identifiable details, and only leaving the tracking number & barcode In Its original form - as this Is required to demonstrate that It reached Its destination. Prior to sending the envelope, you'd make It look as though It's an advertisement by placing stickers that represent some type of ad, such as "Peter's roof & gutter repairs" or perhaps "Marcy's nails & hair salon with 15% off the first visit" and send It thereafter. When the guys In the Inwards goods department receive It, they'll see that It's an advertisement and toss It In the waste basket, thus when you contact the company asking for your refund, your return cannot be physically located and verified. Due to their mismanagement of your return, your funds will be reimbursed.

Let's think about this logically for a minute, and from a viewpoint of those Individuals who are "employed to do their job by making sure every return Is Identified, allocated and processed Into the company's Inventory" to be assessed shortly afterwards. Are people really that dumb to throw away an envelope that's "marked to their attention with a tracking number", regardless of Its appearance? Furthermore, who sends an advertisement to a random company via "tracking?" Personally, every ad that I find In my mailbox/letterbox at home, Is either hand-delivered, or sent with a normal postage stamp and I'm sure the same applies to you and everyone else who deals with advertisements.

After all, It's junk mail that's sent to thousands of businesses that (the sender) may only get a handful of customers, so why would anyone In their right mind spend thousands of dollars on tracking? The equation Is pretty simple - the purpose of utilizing a tracking service, Is to have sensitive documents or Items of value monitored throughout their journey and of paramount Importance, to ensure they arrive to the correct destination. Companies are obviously also well aware of all this, therefore their staff In the receiving area of the warehouse, "will scan all Incoming deliveries that contain tracking and process them accordingly" - which puts an end to the SE'ers poor attempt to SE with the so-called FTID method.


Weights & Dimensions Taken On Consignment:

If you're the type of social engineer who's solely attained your skill set by learning from others' experiences, and then putting your knowledge Into practice by hitting companies on every level, you'd have a clear understanding of how It all works on your end. However, If you have never been employed as a storeperson or perhaps a logistics manager In a warehouse environment, you'd be at a loss as to how goods are processed - from the time an order Is received, to the way pickers grab each Item by description and quantity, and then pass everything onto the packing team who will arrange the boxes/packages to be dispatched to their respective customers.

That's an example of a typical stores area, and without the aid of robots carrying pods of stock and transporting It through the building to make the picker's job easier to handle and quicker to process. Included In this and unbeknownst to you, Is the fact that "weights & dimensions" are taken of each and every /box/package/pallet etc for both record keeping and cost of freight, and then the company's carrier partner (or any third-party service) does the same - weights & dimensions are documented of all "Incoming & outgoing deliveries". If you haven't worked It out by now, the company & carrier can Identify each shipment by Its size, weight and tracking ID.

All they need to do Is punch In the tracking details that were scanned earlier, and It will show the description (box, package or otherwise) and the size & weight. So let's say you're SEing a "15 Inch laptop that's big and heavy" by using the faulty Item method, and you've contacted the rep/agent and told him that It's lost power and Is not booting up. He'll then go through a few troubleshooting steps and when he's satisfied that It's defective, he will arrange a refund but ONLY when you return It. Instead of using a method that has a very good chance of success like the disposed of the faulty Item, you've opted for the flawed so-called FTID and sent an "envelope" In the same manner as described In the topic (above) that you've just read.

We'll give the so-called FTID method the best-case scenario as follows. The storeman (somehow) disposed of your envelope, hence the company does not physically have your return In their warehouse. After a few days/weeks, you called the representative, enquired about your refund, and questioned why It hasn't been credited Into your account. Because they couldn't locate your Item, they opened an external Investigation by liaising with the carrier who serviced your return and "cross-checked the weight & dimensions of your consignment".

Do I need to explain the outcome of their findings? If you can't figure It out, your "envelope" was small and light as a feather, and the "laptop" that you were supposed to return, was quite the opposite - thus an Instant fail for the so-called FTID! Even though I gave the method the best opportunity to succeed by demonstrating a brain-dead rep who tossed the envelope In the trash, It still failed In the most favorable circumstances, so that In Itself, speaks a thousand words of Its flaws and Inconsistencies.


PayPal Awaits Delivery Confirmation Prior To Refunding:

Before I discuss how the so-called FTID method Is used with PayPal, It's Important to know how PayPal Itself operates, and why It's used by SE'ers as their preferred payment system. Basically, and without going Into too much detail, It protects your purchases by offering what's called "Buyer Protection" and here's how It works. If something goes wrong with the purchase, such as the package didn't arrive (the DNA method) or a different Item was sent (the wrong Item received method), you'd file a "dispute" and that will get escalated to a "claim". PayPal lists the dispute/claim as "INR" (Item Not Received = DNA) and "SNAD" (Significantly Not As Described = Wrong Item Received).

PayPal then collects Information (from the company you're SEing) relating to your claim, and assesses It In an Impartial and unbiased fashion. If they come to the conclusion that what you've said about your claim Is true and correct, they will refund your account. Put simply, If the rep/agent Is a total as*hole and your SE Is declined because of his BS and stubborn attitude, you'd use PayPal to reverse the transaction and reimburse your funds Into your credit card or bank account. If the wrong Item received method was used In the SE, refunders and social engineers alike, will return the product for a refund by using PayPal's "SNAD" (Significantly Not As Described) policy.

Rather than selecting a method that has a strong track record of circumventing the return, like boxing the company, SE'ers unfortunately choose the so-called FTID method and here's why. PayPal has been known to refund accounts, only when they receive tracking confirmation that your package Is on Its way (In transit) to the company. In other words, all they require Is the "tracking number" (for the refund) that shows the sender & receiver details, and they "assume" that you've done the right thing by returning your product - even though the company hasn't received It as yet.

That's when SE'ers use the so-called FTID - hoping that the envelope/package they're returning will get lost In transit "without a label reprint", or be delivered to another address by "a driver who has no brain cells left", or maybe thrown In the dumpster by "a 16-year old female employee who was too concerned about her nails and neglected to scan the return". As already discussed, social engineers look for these types of attributes In a company and rely on their Incompetency, mismanagement and Incapacity to follow protocol and check returns, and then they boast about how many times the so-called FTID succeeded.

Well, guess what? Every company with state of the art warehouse and logistics facilities who've trained their staff to manage and assess claims efficiently and effectively, will monitor the tracking as It's travelling through the carrier's network, and expect packages to physically arrive to their warehouse at a given time and day. As a result, "PayPal will await delivery confirmation/receipt of goods from the company" and when they're told It has been received, "only then will they process the refund" - which essentially deems the so-called FTID method a complete waste of time and effort.


A Summary Of Every Event:

This article has exceeded Its reading time by a lot more than what I anticipated and with good reason - the FTID method contains an array of flaws that must be brought to every social engineer's attention, therefore It's vital to cover each one In fine detail. Due to the length of each topic and on the grounds you've read everything from a beginner's standpoint, or perhaps had a few difficulties Interpreting Its content every step of the way, I've provided a summary below that can be used as a stepping stone to understand the topic In question.

But be sure to only use each summary purely as a tool to help comprehend the topics (above) to Its fullest extent. To make It easy to follow and serve Its purpose as a summary, I've documented It In point form that runs In chronological order and also "added a few extra bits & pieces" - just to give you an Insight of how things operate In today's world of logistics and freight distribution. Okay, without further delay, let's make a start.


The Driver Delivers Based On The Scanned Consignment

1. Every major carrier company to the likes of FedEx, UPS, DHL, DPD etc scan consignments.
2. Deliveries are based on the sender & receiver details generated by the scan report.
3. Many carriers also have "QR Codes" to ensure goods are accurately transported from sender to receiver.
4. If the scanner fails to read the normal barcode, the QR code will be scanned or manually entered.
5. The QR Code (or the normal barcode) tells the driver precisely where he'll be heading with his delivery.
6. The consignment accurately reaches Its Intended destination as per the tracking Information.
7. Using the so-called FTID method by modifying the address on the shipping label Is useless.
8. The consignment was sent based on the "scanned details", and not what was written on the label.

The Carrier Company Reprints The Label

1. Pallets, skids, boxes, packages etc are collected and transported to the carrier's depot.
2. Every consignment Is checked & scanned prior to allocating It to Its designated storage area.
3. If the laser beam reader on the scan device Is not working, the carrier manually enters the tracking Info.
4. Due to familiarization of their shipping labels, any Inconsistencies will be noticed.
5. If the consignor & consignee details, order & Invoice numbers etc are missing, the shipping label Is reprinted.
6. The details on the new shipping label are generated when the Item was Initially scanned, or manually entered (due to a faulty scanner).
7. The Item Is placed In storage In readiness to be dispatched on a given day and time.
8. The driver delivers It according to the Information recorded (by the scan) on his mobile delivery device.
9. As such, using the so-called FTID method by changing the receiver's details on the label Is a waste of time.
10. Using disappearing Ink Is even worse - as a blank label will Instantly show signs of tampering.

Inwards Goods Thoroughly Check Returns

1. The SE'er Is very selective with the company he plans to SE, and chooses one whose workers are half-asleep on the job.
2. He also researches the company and makes sure they don't follow protocol with returns.
3. The SE'er then uses the so-called FTID by preparing an envelope as though It's an advertisement.
4. The SE'er only leaves the tracking number & barcode - as this Is needed to show that It reached Its destination.
5. The social engineer's objective Is to have the envelope disposed of by the employees In the receiving area of the company.
6. As a result of the above scenario, there's no physical record of the return but the tracking shows It's been delivered.
7. In "theory", a refund should be given based on tracking confirmation to the correct recipient.
8. Unfortunately for the so-called FTID method, companies who operate with state of the art logistics and comply with protocol are not stupid, hence check and scan every return.
9. The scan result established that a random envelope was returned, Instead of the original Item that was ordered.
10. The social engineer's poor attempt to SE with the so-called FTID method, came to an end way before It had the chance to succeed.

Weights & Dimensions Taken On Consignment

1. The social engineer uses the same approach with the envelope as stated In the topic above.
2. Along with an array of other Items, the envelope makes Its way to the carrier's depot.
3. The storemen then places the packages/boxes etc on a conveyor belt - ready to be checked.
4. As each product moves along, It's automatically scanned according to how It's positioned on the conveyor belt.
5. Weights & dimensions are recorded of all goods and the details (with the scans) are entered Into their systems.
6. The consignments are segregated Into their respective locations ready to be delivered.
7. The driver loads his products Into the van/truck and delivers each one prior to close of business.
8. The employee at the company's Inwards goods center was half-asleep and threw the envelope In the trash.
9. After a few days/weeks, the SE'er contacted the company asking why he hasn't been refunded.
10. The company opens an Investigation with the carrier and cross-checks the consignment's weights & dimensions.
11. It was determined that the original purchased Item wasn't returned, but rather something consistent with the weight & size of an envelope.
12. The rep was satisfied with the above evidence and declined the claim. The so-called FTID failed big time.

PayPal Awaits Delivery Confirmation Prior To Refunding

1. The SE'er was told by another social engineer, that PayPal Is known to refund only with the tracking Information showing that the return Is on Its way (In transit) to the company.
2. The SE'er contacted PayPal and Informed them that he received a wrong Item, and used PayPal's SNAD (Significantly Not As Described) to dispute the claim.
3. PayPal advised that he must return the wrong Item to the company and the transaction will be reversed thereafter.
4. Instead of opting for a method that works, the SE'er (unfortunately) decides to use the so-called FTID method.
5. He prepares the method by leaving the tracking number & Its barcode as Is -just to show that he's (seemingly) returning the product.
6. The SE'er then modifies the shipping label with a different receiver's address - hoping the carrier driver has lost touch with reality and delivers It there.
7. The driver does his job as expected, by scanning the package and delivers It according to the details of the scan - namely to Its correct destination.
8. In the meanwhile, PayPal Is awaiting delivery confirmation from the company (that's being SEd).
9. An employee of the company contacted PayPal, and said that they received a package with a tampered shipping label that did not contain the purchased Item.
10. PayPal Immediately declined the social engineer's claim, which (from an SEing standpoint) was a direct result of the so-called FTID method.

User Comments & Thoughts About The FTID Method:

Although the so-called FTID method has only been around for a few years or so, what you've just had the pleasure of reading thus far, Is based on my very own personal experience of over three decades In the social engineering sector - Inclusive of being heavily Involved In warehousing, logistics and freight distribution - Importing, exporting, local consignments - you name It! I've been there, done that and continue to share my knowledge and advice to all readers on this blog.

Apart from myself, evidently countless SE'ers have also used the so-called FTID method - the majority of whom have wasted their time and resources trying to achieve a successful result, and others who have simply expressed their view after researching It thoroughly. So what I'd like to share In this topic, Is the comments and thoughts of a few users who are registered on an Internet forum/board, and posted their messages by either creating a thread, or responded to other SE'ers - all pertaining to the so-called FTID method and Its flaws. For privacy and security purposes, I've removed their usernames and any other Identifiable details. Depending on the device you're viewing this on, some text may appear a little small, so just click on the Image to expand It.


























As you can see In the messages above, many relate to what I've already discussed such as removing Identifiable details associated with the order, packages delivered to another address, as well as the carrier reprinting the shipping label when noticing signs of tampering. There were a lot more posts commenting on the flawed so-called FTID method, but If I were to Include each and every one, this article would exceed 50+ pages. You get the gist of this topic, so I don't need to elaborate any further.


In Conclusion:

What prompted me to write this article, Is because there are so many social engineers who either have absolutely no Idea of how this piece of rubbish supposed to work, or they've been misinformed by other SE'ers about Its purpose. Furthermore and as already mentioned, the method's title Is not a representation of Its (apparent) objective. "If the Tracking ID Is fake" how on earth can a consignment (that's based on the tracking Information) "be marked as delivered?". The term "fake" Is defined as making something up to seem as though It's the real deal, but Is In fact fictitious/false, so how does a "fake tracking ID" register the sender & receiver details? I'll answer It for you - It's Impossible.

In closing, I'd like to reiterate that the so-called FTID method has succeeded against "selected companies & services", such as post offices who Immediately Issue refunds when the envelope/package Is scanned at the counter. Or companies like Amazon whose employee was Inundated with returns and didn't have the time to check each one, thus disposed of It and the rep/agent generated a refund after a given time frame of not being able to locate It - usually 2 weeks or so. However, that's not due to the effectiveness of the method, but rather their rep's laziness, stupidity, lack of awareness and their neglect to perform the job they're paid to do. Enough said!