Timing Every SE Accordingly



Plan Every Subsequent SE With Good Timing.

For the purpose of this article, I will use the example of social engineering online stores for refunds and/or replacements. Obviously this applies to every SE, such as obtaining usernames & passwords from a given organization "several times" by SEing various employees, but It's beyond the scope of this post to cover the lot. 

If you've been social engineering companies for a number of years, even If you've created another account at some point, there's no doubt that "you have used the same account to some extent with each and every SE". I'd say It's safe to assume, that quite a few SEs have failed along the way, correct? I thought as much. There are many reasons why an SE fails, one of which Is not allowing a sufficient gap from one after another. Let's see why this Is so Important.

The Timing Of Each SE Is Vital:

When a social engineer submits a claim for a refund or Item replacement "multiple times on the same account and from the same company In succession", the "timing" between each SE Is crucial. Allow me to explain. Let's say the SE'er claimed that his package did not arrive. Then a few days later, said that the Item was missing on another order. A couple of days after that, he decided to use the wrong Item received method when ordering another Item. 

That's "three claims In a space of one week". The probability of this happening "on legit grounds", Is extremely unlikely and If the company decides to Investigate It further, the last SE will most likely fail and every SE after that will do the same, If performed within the same timing. The question I often get asked Is: "How long should I wait before I hit another SE?". I will happily answer this for you.

Best Practice From One SE To Another:

The first thing you need to understand, Is that there are no hard and fast rules when It comes to social engineering- each one Is based on Its merits. Due to the Influx of claims, some companies (namely those on a very large scale), are less likely to take note of how often a user submits a request for a refund/replacement. However, this certainly doesn't mean that they won't. As such, you must play It safe by being patient and allow a sufficient gap In-between each SE.

I usually recommend "waiting a few weeks at the minimum", preferably a month and possibly a little longer. This gives the account some breathing space, and helps divert attention away from the account holder's activity. Remember, It's all about "not raising suspicion on the account". If you simply don't care, the last thing you need, Is for your account to be flagged and banned thereafter, thus losing every pending refund and replacement and more.

In Conclusion:

Social engineering, requires a good set of skills to make sure the SE results In a successful outcome. A part of this equation that plays a significant role, Is the subject of this article- "timing every SE accordingly". There's no rush whatsoever, so don't become fixated on the number of Items you're SEing within a given week or two. "You will lose your perspective" and your SEs will most likely fail. Play It smart, by formulating a strategy based on what you've just read and stick to It! 





Comments


Popular Social Engineering Posts