Perform A Practice Run



Perform A Practice Run Prior To The Real SE.

In terms of social engineering companies on any level with the Intention of obtaining a refund or replacement for a given Item, you need to know exactly what you're up against for the best chance of a successful outcome. If you perform a "blind SE" without any prior knowledge of the company's terms and conditions, namely the grounds on which they actually approve claims, then your SE Is destined to failure.

As a result, I always recommend to thoroughly "research their return, refund and replacement policy" before formulating and executing your attack. This way, you know what you're dealing with and what to expect throughout the entire claims process. However due to the Inevitable changes of company protocol, sometimes your research will fail to get the Information you're after, no matter how much time you've spent gathering the company's details. 

In such cases, It will have a significant negative Impact on your SE as a whole. So what else can you do to Increase the likelihood of success? Simply perform what I like to call a "practice run". This Is extremely effective In helping to Identify how the company operates from a claims management standpoint, so let's see precisely what this means.

What Is A Practice Run?

Regarding an SE that you'd normally do to obtain a refund for a particular Item, Irrespective of how well you've manipulated the company's representative, there's always a possibility that It may fail. This Is not very comforting when SEing a high value Item. A "practice run" however, Is quite the opposite. 

Its purpose Is to gather as much Information about the company, by using a "very low value Item" (only a few dollars) to perform a "bogus SE". This Is done BEFORE your real SE and should It fail, you have nothing to lose and everything to gain- by collecting an array of details about the company during the practice run. Though, you must apply yourself In an effective manner, which brings me to my next point.

What To Look For During A Practice Run:  

Given every company differs to some degree In how they operate, there are no hard and fast rules when hitting a "practice run". The objective Is to grab as much detail as possible about the company you're SEing- regardless of whether you think It's relevant or not. This will significantly help with the preparation, execution and success of your real SE. 

Generally speaking, take note of the questions asked, how they expect to be answered and of the utmost Importance, the way the representative(s) handle your claim from start to finish. The majority of companies, have certain "protocols and guidelines that they must comply with" when processing claims. It's your job to Identify what they are  whilst engaged In your practice run. Once you've gathered everything there Is to know, you're all set for your real SE.

In Conclusion:

I'd say It's very safe to assume, that you've realized the benefits of utilizing a "practice run" prior to performing your real SE. Do remember to "use a low value Item", and be sure that the method Is the same as the one that you're planning to use In your real SE. Also note that a practice run Is not required with each and every SE, but rather used when you're finding It difficult to collect Information about the company In question. 






Comments


Popular Social Engineering Posts