Niflheim World

Welcome to Niflheim !

Log in Register
  • First 5 messages from new users (pre-moderated user) will be checked for flood/spam before being posted on the forum. Users will also be checked for a multi-account.
    If you want to communicate without delay, get a free Huscarl status (how to get - User Groups), or buy premium status (how to buy - Premium status)

SE What To Expect With Carriers And How To Protect Your SE.


Hiotcek

Hiotcek

Publisher
Staff member
Lenderman
Joined
Oct 8, 2020
Messages
4,659
Reaction score
3,086
NL COIN
23,594
1655724500121.png
What To Expect With Carriers And How To Protect Your SE.
Let's face It, we don't live In a perfect world and never will. When performing a certain task, there's always "at least one obstacle" that needs to be tackled and sorted out before things can start moving forward, and this certainly applies to social engineering. It doesn't matter who you're SEing, be It your doctor to Issue a medical certificate for time off work when you're not sick to begin with, or hitting online companies to the likes of Zalando and John Lewis by manipulating their reps to Issue refunds and replacement Items- your attack vector will never go according to plan 100% of the way. In order to maximize the chance of a successful outcome, It's paramount that you take "everything" relative to your target Into consideration, then analyse each detail and apply It to your SE thereafter. Notice how I've used "everything" as the operative word? There's a very good reason for It, which you'll see why In the paragraph after the next.

If you haven't already guessed, what I'm referring to Is "company manipulation and exploitation" and If you're part of an active SEing community, you'd know exactly what I'm talking about and the complexities Involved to having your claim approved. When selecting something that you want refunded or replaced, It seems to be normal procedure to predominantly focus on the company and the Item alone. For Instance, I've come across so many posts on a particular forum that asked for help along the lines of: "I'm going to SE Argos with Apple AirPods, what's the best method to use?". Whilst there Is absolutely nothing wrong with that, there's another very Important entity that over 70% of social engineers fail to add as part of their method preparation and attack vector- and that's "the carrier used to service the company's deliveries".

Having sound knowledge of who the carrier Is and the procedures they use when delivering packages, Is just as (If not more) Important as familiarizing yourself with the company that they're contracted to serve. Yet to this day, I'm still at a loss as to why the majority of SE'ers disregard It altogether, and then they wonder why their SE prematurely came to an end. That's what prompted me to write this article- to provide you with an exhaustive list of "what to expect with carriers, namely their Involvement, how they can Impact & complicate your SE and what you can do to manipulate them". Before I rip Into all that, allow me to briefly explain why It's vital to add the carrier company Into the equation when executing your SE. You may not realize It, but depending on the method used, you are In fact "performing two SEs" In the same session and your claim will only work In your favor "when both have been successfully SEd".

For example, If the method you're using Involves the carrier driver In some way, It's "the carrier" that you will always be SEing first, and then the "company". Such methods are the DNA (Did Not Arrive), Boxing, the flawed (and useless) FTID method and the missing Item method (ONLY when claiming that the Item was stolen In transit). Although you're Initially placing your order with the company Itself, "your actual SE" operates In reverse with each and every one of those methods- "carrier first", "company last". Let's see how It works when using the DNA method. You've decided to social engineer Amazon for a GHD professional hair straightener by using the DNA method, so you've placed your order and awaiting delivery. The driver arrives as expected and your Intention Is to simply sign for the package with a fake signature, and then contact the company saying you didn't receive It.

However, as the driver walks towards you, he kindly asks to open your front door and take a photo of the package by leaving It In the entryway of your home- that will be used to verify that the delivery made Its way to the correct address. Can you see what just happened? That's right, It's "the carrier that you need to SE first", before moving onto the company! If you allow him to go ahead and photograph your premises "In Its original state", It will have a significant negative Impact on your claim, to the point of being very difficult to prove that It's not your home In the photo. Only when you've SEd photo authentication, can you then move onto SEing the company. I've quoted "In Its original state" above, for a very good reason, meaning In the next topic, I will show you how to render carrier photos Inconclusive. So without further delay, let's make a start on what Is commonly expected with carriers. Because of the nature of this article, It's very detailed, so make yourself a couple of cups of coffee and start reading.

Driver Taking Photos:

In terms of verifying packages as being successfully delivered to their correct destination, there are many ways It can be done. Some carriers actually mark their deliveries as complete, by taking photos of the entryway of the property. At the time of writing, "DPD" who services Amazon and ASOS, does this by asking a household member permission to place the package In the doorway, then take a snapshot of It (and Its surroundings) and use the picture as proof of delivery. Other carriers also use a similar procedure, so you need to be well aware of It by researching the one you're looking to SE and once you've Identified It, there'll be a little bit of preparation Involved on your end BEFORE the driver arrives. So how do you stop him from taking photos? Well you don't, but rather use a very clever and calculated approach by "making It seem as though he didn't set foot on your property", and here's how you do It.

For this to work, your package must be sent via tracking, thereby you can see precisely where It Is, and when It's due to arrive. Remember: "You're giving the Impression that the driver never arrived at your home". Around 15-20 minutes before he's expected to come, rearrange your entryway by removing every bit of furniture and replacing It with rugs, chairs, tables etc from another room, and make sure everything Is clearly visible when the front door Is opened. What you've just done Is "give the appearance that It's NOT your home", so when the driver arrives and asks to take photos, allow him to do so. When he leaves, put your furniture back as per normal, then contact the company the next day and say that you're still waiting for your order. If they decide to visit your home and compare their photos with the current (and original) layout of your entryway, "they will not match", thus there's no evidence to suggest that your package made Its way to the right address! Expect the SE to work In your favor.

A Request For An OTP:

If you happen to be social engineering a high value Item, some companies require an "OTP" (One-Time Password) to verify the delivery. What this means, Is that the OTP will be sent to either your cell phone number or registered email address and when the carrier driver arrives, "you must tell him the password to accept your package". If you don't, he has every right to refuse the delivery. Now I cannot speak for each and every company, but what I can say, Is that "Amazon" tends to use this form of verification from time to time- to a greater extent In India for Items that exceed a certain cost. Depending on the company, some will send the OTP "after your Item has been shipped", hence If you were planning to use the DNA method by signing with a fake signature, your SE will come to an end before It had the chance to begin!

A lot of SE'ers continue to ask me how to stop a one-time password from being generated, but apart from the fact that you can't, It's not about that at all. The objective Is to "SE the carrier driver Into giving you the package without the need to read out your password". Given It's way beyond the scope of this article to document a complete tutorial on how to circumvent an OTP, I'll provide a couple of examples that relate to receiving a one-time password to your "cell phone" and "email address".

An OTP Generated To Your Cell Phone

The first thing you need to do, Is to purchase a very cheap second-hand phone that costs next to nothing and smash It by breaking the glass before the driver arrives. Though, don't overdo It- only enough to show that It's damaged and In particular, "nonfunctional". When the carrier comes and the driver Is walking towards you, make as though you're looking through your phone and ready to read out the password, but Instead, "purposely drop It" with a very distressed look on your face and then "attempt to show him the OTP" by putting your cell phone In his full view. This gives the Impression that you're not trying to hide anything. Then get on his good side by deeply apologizing for the Inconvenience caused.

Also, throughout the entire ordeal, refer to him by his first name (taken from his uniform)- people feel appreciated when you communicate and keep saying their name. Lastly, tell him that the package contains a home blood pressure monitor that's urgently needed to keep an eye on your mother's BP. Taking all the above Into account and If you've executed your SE effectively, there's a very high chance that the driver will simply pass the package to you! And If he requests a signature, you know what to do- fake It.

An OTP Generated To Your Email Address

As opposed to sending the OTP to your cell phone, some companies will send It to the registered email address on your account, which serves the same purpose- It must be forwarded to the carrier driver before the package can be handed to you. The Intention of this SE, Is to manipulate the driver Into thinking that you haven't actually received the password, and to also give the Impression that you're doing your utmost best to get It from the company you're SEing. So as the driver arrives and jumps out of his van, pretend that you're on the phone with a representative asking why he hasn't sent the OTP and to resend It, and be sure that the driver can clearly hear your end of the conversation.

Given carriers have a set delivery schedule and deadlines to meet by the end of the day, they generally don't like to be kept waiting, thus you will use It to your advantage as follows. Do remember that "you're seemingly on the phone", therefore It's obviously not a real conversation. Okay, tell the rep/agent that you're going to check your emails and pass the same message onto the driver. As mentioned, carriers don't like to wait around so rather than Instantly checking It on your phone, enter your home and pretend that you're looking at your messages on your computer- and make sure to take your time.

After a few minutes or so, come out and tell the driver that nothing's come through In your email and sincerely apologize for the delay and at the same time, ask the rep to send It again. If need be, repeat the process and at the end of It, give the driver a sense of reassurance by offering to sign for the package, as well as show him your ID (driver's license etc). Don't worry, carriers may look at your Identification but they won't take a photo of It, so It's useless to them! All In all and based on the above, there's a very high chance that you'll grab your package without the OTP.

The Driver Visiting Your Home Or Calling Your Phone:

Prior to making a start on this, do note that It only relates to the "DNA method", when saying the package (that the driver did In fact deliver), was not received by you nor any member of your household. Because carrier drivers are well aware that they've done their job properly by dropping off their deliveries at the correct address, they tend to take offense when people state otherwise. As a result, they'll take matters Into their own hands and visit the social engineer's home, or sometimes contact the SE'er by phone. Be It one or the other, the carrier driver will ask you all sorts of questions about the delivery, and why you said you didn't received It. If you don't answer your door or pickup the phone, there are Instances where they'll keep coming back until someone opens the door and the same applies by answering your phone.

I've personally experienced an entire week of my cell phone ringing up to 10 times a day from the same number and after calling It back from an anonymous service, you guessed It- the carrier was on the other end of the line. Sometimes they ring from a private/unknown number, so keep this In mind If you receive an Influx of calls to that effect. Now I'm not saying that the carrier "will" be In contact with you, but rather he "may" hassle you and as such, you need to be prepared for the unexpected visit or call(s). If you're living alone, that pretty much speaks for Itself. He can waste as much time as he likes knocking at your door and/or calling your phone- don't respond to either of the two. If It's your parent's house, simply tell them that you bought an Item but "legitimately" didn't receive It and show them the receipt/POP. They will definitely believe you over the driver.

A Request For A Signature:

Although this Is stating the absolute obvious, those who are new to the art of human hacking Inclusive of using the DNA method, will have very little knowledge of what to expect when packages are delivered by the driver. Every carrier company has certain protocols to follow and whilst some drivers couldn't care less and leave packages at the doorstep (which I've covered In the next topic), the most common form of verifying the delivery, Is to grab a signature from either the account holder or a household member. As an SE'er yourself, what you need to remember Is that just because you've signed, by no means does It conclude that "the signature belongs to you" or any person occupying your home.

Anyone, such as a passerby, could have scribbled on the driver's handheld device and walked away with your package. Furthermore, most carriers are In a rush and I can confidently say through my very own experience, that they tend to sign for It themselves- particularly when they're running late for the remainder of their deliveries. Although It can depend on who the driver Is and whether he operates strictly by the book, "FedEx" Is one carrier who's guilty of putting pen to paper on behalf of the receiver. Taking all this Into account, you can clearly see that a signature has little to no value when verifying consignments, so It's quite obvious what you'll do when asked to sign- write down anything that has no relevance to you whatsoever.

Driver Leaving The Package At Your Doorstep:

As you've just read above, every carrier has their own guidelines to follow when servicing their customers- some will ask for an OTP (One-Time Password), and others will request the package be signed before It can be handed over to the buyer. I'm sure you've heard of the saying: "Rules are made to be broken", and many drivers are certainly guilty of this, by neglecting to follow their policies & procedures with their day-to-day operations and "leave packages at the doorstep". Even though the benefit of this Is as clear as day, I still come across posts on an SEing forum that I'm registered with asking for help by posting something like: "Hey, I'm doing an SE on Zalando and DHL didn't even knock on my door, they just left the package and drove off. What method should I use?".

To be honest, I cannot fathom why a question like that Is asked to begin with- the answer to the "method" Is simply a matter of common sense, regardless of whether you've just started SEing only a few weeks ago. Think about It logically for a minute. The driver dumped the package at your front door and exited thereafter. The only thing that can confirm (and NOT conclude) that your package made Its way to the right address, Is the tracking details, which Is useless- namely because a "package that's marked as delivered", does not mean that "you personally received It". So based on all this, what method do you think Is almost guaranteed to work? Correct, It's the "DNA". They've basically DNA'd themselves (so to speak!), so you now know what to do In similar circumstances.

Driver Leaving The Package At A Safe Place:

To recap what's been discussed so far, there's a number of different ways that packages are verified on delivery- signatures, one-time password and photos taken of the home's entryway. That's what's typically expected with major online stores, who then work closely with their carrier company to service all deliveries by using any of the above options "when you're home to accept your goods". But did you know, that you can still have your package delivered when you're away from home- without the driver leaving a calling card In your mailbox with Instructions for alternative pickup or delivery options? This Is what's known as "safe place delivery" or some variant and although It's not applicable to all companies, those that do offer the service "seems" very convenient for SE'ers when using the DNA method.

I've quoted "seems" (just above) with good reason, which I'll cover In the next paragraph. As Its name Implies, the purpose of this type of delivery, Is to have the driver leave your package "In a safe place" either at your premises or with your neighbor. It's not good practice to get your neighbor Involved with your SEing activities, so I won't be discussing that. Now given It's your home, generally speaking, a safe place Is defined as a location within the confines of your property that's secure and protected from damage and most Importantly, theft. That being said, because the package will be left "outside your home", It's still susceptible to being stolen- Irrespective of having external gates locked etc. If a thief can get Into your house when It's under lock and key, It's a lot easier to steal something by simply jumping the fence and social engineers use this to their advantage with the DNA method by claiming their package was stolen.

However, there's a crucial element that a lot of SE'ers don't consider when using this delivery option. Allow me to explain It by referring to yourself as the social engineer. For the most part, If It's "yourself" who Instructs the company/carrier to leave your package at a location that you deem as being safe, then "you're the one who's liable for loss of goods", hence using the DNA method will put an end to your SE there and then. On the other hand, there are Instances where the company and/or carrier offer to drop It off at what they believe to be a safe place, thus under these conditions "they're held responsible In the event of theft". So If you're planning to use this option with the DNA method, It's of the utmost Importance to allow the company/carrier make that decision. Now I cannot speak for every entity, meaning some actually hold themselves liable regardless of the above circumstances (you can check by researching their terms) but to play It safe, let them suggest It.

Driver Personally Checking Goods:

What you're about to read doesn't happen too often and It predominantly depends on the carrier company's terms, conditions and protocol, but I'm the type of SE'er who covers all angles and leaves nothing to chance, therefore It's vital to bring this to your attention. When SEing a particular online retailer by using (for example) the "faulty Item method" and saying that the Item you've purchased Is no longer working, the rep/agent will go through a few troubleshooting steps, which you'll obviously say that It's still not functioning. When he's satisfied that what you're claiming Is true and correct, he'll Issue a refund or replacement, but "only when your (seemingly) defective Item Is returned". So far, this Is not a problem at all- you can use the "boxing/box method" by adding dry Ice as a weight substitute or If the Item Is extremely light and cannot be detected when weighed, simply send the box on Its own.

The objective Is to make the package appear as though It's been tampered with during transit, thus your Item was stolen and on the grounds that the company Is responsible for loss of goods when shipped, your claim will be approved thereafter. That's In a perfect world of boxing, however to make sure that your Item Is securely returned, some carriers will Instruct you to "leave the package open for the driver to Inspect Its contents" before It's sealed and dispatched. This request can be done by either picking It up from your home, or when you take your package to a designated collection point. I can confidently say that "DHL" Is one of a few carriers that (at times) does this and as such, It virtually puts an end to the boxing method. But as you're aware, "SEing Is all about manipulating your target to perform an action that they're not supposed to do", and this Is how you'll circumvent It.

Rather than trying to stop the driver from examining your package (which can be a very difficult task), you'll be using an alternative approach by focusing on "the reasons why you're physically not available to meet the carrier's request". In other words, you'll be manipulating the rep/agent as to why you won't be around when the driver arrives, therefore you cannot comply with how they're arranging your return. As a result, the aim Is to convince them that you're more than happy to use another carrier and to provide reassurance, you'll Immediately give them the tracking details. You can then use the boxing method with a carrier that does not check packages on pickup! Here's a few reasons that you can use for not being available for the carrier driver.
  • Working on-call, hence your work days are unpredictable
  • Away on a business trip for a couple of months
  • Sold your home and In the process of moving
  • Called for Jury service for a criminal trial and will be In court Indefinitely

In Conclusion:

Well, this article exceeded Its reading time by a lot more than what I anticipated, namely because I had to document "what to expect when dealing with carriers" and of greater value, "how to manipulate them, as well as the circumstances surrounding their presence". Although this entire guide Is by all means an exhaustive list of common happenings, there are a few bits & pieces that I've purposely left aside- It's simply not possible to cater for every event. Do remember that everything pertains to the "DNA method" and even though every topic will not apply to the SE you're performing at the time, at least one of them will have an Impact some time In future, so be sure to take every detail on board- you never know "when" you will need It.
 
You must log in or register to reply here.

About Us

Niflheim.top - is a community forum that suits basically everyone. We provide checking tutorials, tools, leaks, marketplace and many more stuff! You can also learn many things here, meet new friends and have a lot of fun! If you would like to contact us, you can send our staff team a message.

Information

FAQ
Upgrade
Advertising
Announcement

Online statistics

Members online
17
Guests online
904
Total visitors
921
Totals may include hidden visitors.
shape1
shape2
shape3
shape4
shape7
shape8
Top