The Discount Items Method

A Van Pulling Over Offering Discount Items.

Whether you're new to the social engineering sector or have been In the scene for quite a number of years to date, there's very little doubt that the preferred gateways to perform your attacks Is via a phone call, SEing companies online or simply using live chat. Depending on the entity you're social engineering at the time, each of these methods are equally effective when formulated and executed accordingly. Whilst these are commonly used at the time of this article, there's an old-school methodology that has an even better success rate, named the "Discount Items method".

It may not be used as often as It was back In the 80s and 90s, but I can assure you that It's still out there and going by personal experience, the likelihood of a successful outcome, Is greater than 95%!  That Is, over 95 of 100 people will be SEd by the "Discount Items Method". I will be referring to this from a "defensive and offense" standpoint. If you wish to adopt an offensive approach, then you're the SE'er. In terms of defense, this will help you from falling victim. So what exactly Is the "Discount Items method?". Let's have a look now.

Discount Items Method Defined:

There are a few ways to execute the Discount Items method, such as physically visiting companies, by offering them goods at a much lower cost than RRP (Recommended Retail Price), but the majority of organizations see this as your typical door-to-door salesmen, thus disregard their offer before they've had a chance to begin. "But their service Is NOT what you think It Is!". You'll see why shortly.

The one I will Introduce to you, Is social engineers who use a van that's loaded with all types of goods and offered at such a low a cost, that It's so enticing and very difficult to refuse. But as said above, "the Items are not what they claim to be!". For Instance, the van will contain the top of the range floorstanding Hi-Fi speakers perfectly packaged In their retail box- marked as brand new.

The unsuspecting buyer will open the box, check that the speakers match their description and pay the SE'er thereafter. However, upon arriving home and plugging them In to listen to some music, there's no sound- that's because the "speakers themselves have been taken out by the social engineer". Essentially, only the "speaker box" was Included and nothing else.

What the social engineer did, was purchase a brand new set of floorstanding Hi-Fi speakers, and "removed the Inner speakers and all wiring to keep for himself"- after all, that's the most expensive part and obviously all that's needed to function. He then used both the "retail box" and the "speaker box" (with nothing Inside) to sell to the buyer. Clever yes?

The same method Is used for "desktop computers", namely the tower. The SE'er will remove the GPU, SSD, CPU, Ram, Sound Card and PSU- basically leaving only the motherboard and network card enclosed. Whoever falls victim, will unfortunately end up purchasing only the case with the MOBO & network card. This Is highly successful, due to the fact that no one carriers a screwdriver set with them to unscrew the case and see what's Inside, nor can It be plugged In to see If It's working. So let's checkout how the Discount Items method Is performed.

The Discount Items Method In Action:

It's that time of year again, a week to go before Santa Claus makes his journey to every home with a bag full of gifts. Shopping malls are Inundated with customers doing their last minute shopping, and the social engineer Is well aware of the urgency of gifts, as well as countless bargain hunters. He's loaded up the van with an array of goods, and will be very selective with whom he targets. Then on a pleasant Sunday afternoon, the SE'er makes his way to the car park at the local mall.

After driving around for 20 minutes or so, he spots a young male walking out of TigerDirect. Perfect! The SE'er knows exactly what Item he will use to SE the young man- you guessed It, the "empty desktop computer tower". He calmly drives toward him, rolls down the window and says: "Excuse me, do you happen to know If there's a pawnshop nearby?". The guy replies: "I don't think there Is one around here". The SE'er says: "Oh damn, I have two desktop computer towers that I need to get rid of, because my customer's credit card payment declined and now my boss Is pushing me to sell them for whatever price I can get". The guy's attitude Instantly changes with excitement and replies: "I might be Interested, may I have a look?". The social engineer now has control of his victim.

He opens the side door to the van, shows the guy his fake delivery run and fake order form with the computer's specs, Inclusive of the cost that his customer (seemingly) was supposed to pay. The guy says: "The specs are great, but It's too expensive, I can only afford $650". The social engineer says: "I'll call my boss and see what he says". Of course, the SE'er does no such thing, only pretends to make the call. He then replies: "My boss said that the lowest he can go Is $670, but hey, If  you haven't got the extra $20 It's okay, I'll let It pass". The guy then says: "Man, you're a gentleman, I'll take It!".

Done deal! The social engineer has easily SEd an Innocent guy, by selling a desktop computer tower with nothing Inside, other than the motherboard and network card. Evidently, "to not allow any trace back to the SE'er, "cash was accepted as a form of payment" and as for the license plates on the van, well, I'm sure you can figure out "how they were obtained!".

In Conclusion:

Although only one example was demonstrated with the Discount Items method, you can use anything you like that can be manipulated In a way to give the physical appearance of a complete Item, but contain nothing Inside. This Is the "offensive approach- you're the social engineer". In terms of a "defensive standpoint to prevent falling victim", the equation Is pretty simple and quite obvious- do not purchase goods from those who come to you!. If they're legit, they wouldn't be driving around looking for potential buyers. Period.