Double Dip Method



Social Engineer An Item Twice From The Same Company.

Typically, when social engineering an online store with the Intention of obtaining a refund or replacement, It's performed against one particular Item and "only done once". When the SE'er succeeds, he'll usually move onto another company, and repeat the process. Regardless of the company and Item being SEd, It does require a good set of skills to succeed. Some social engineers actually SE "the same Item twice" In succession, which Is known as the "double dip method". This requires an exceptional degree of confidence and skill set, which Is usually done by advanced SE'ers. 

The Double Dip Method Explained:

As you're aware, a normal SE Involves getting a refund/replacement "once". As Its name Implies, "double dipping" Is repeating the process to get a refund/replacement "twice". It doesn't have to be the same method. However, to avoid raising suspicion, I strongly recommend using "two different methods" when double dipping. For Instance, If you're opting for the "DNA method", It's very unlikely that the package did not arrive twice In a row at your premises. If the company opens an Investigation with the carrier, the chance of a failed SE Is almost certain. Let's briefly see how the double dip method works.

The Double Dip Method In Action:

Let's assume the social engineer wants to SE "two AirPods" from the "same company", without paying a single dime for either of them. Firstly, he orders just the one pair and decides to use the "DNA" (Did Not Arrive) method. After satisfying the company that the Item was (seemingly) not received, they decide to send out a replacement- meaning another set of AirPods. The social engineer now has two AirPods, but only paid for one. This Is a standard SE. Next comes the double dip. 

The SE'er then calls the company and says that the replacement AirPods (that they just sent), are defective. After going through a few routine troubleshooting steps, the rep asks to send the Item back. The SE'er uses the "box method", thus only sends back the box without the Item. Remember, the social engineer still has two AirPods but only paid for oneThe representative thinks that the Item was stolen during transit, and "refunds the AirPods".

As a result of all the above, the social engineer has SEd "two AirPods"- one using the "DNA method", and the other using the "box method". In other words, he's "double dipped!". Because he was given a full refund, he now has both AirPods without paying a single penny for either of them.

In Conclusion:

The double dip method Is considered a little risky, namely for the fact that the SE'er must formulate and execute It to perfection, hence leave nothing to chance. As said, to significantly Increase the likelihood of a successful outcome, always use "two different methods" when double dipping. If you think this Is somewhat difficult to perform, wait until your read the "triple dip method!"




Comments


Popular Social Engineering Posts