Locked Accounts Defined



Understand & How To Circumvent Locked Online Accounts.

Elite social engineers  who've been exploiting the human firewall by way of manipulating the person on the other end to perform an action they're not supposed to do, or getting the representative of an online retailer to Issue a refund for a product by using the good old missing Item method, all have an exceptional set of skills to get the job done right. The SE'er will take control of the situation, push the SE beyond limits and eventually end up succeeding with his objective. The one thing however, that cannot be controlled In Its entirety, Is when a company all of a sudden decides to lock the account that was used to make purchases from one SE to another.

For Instance, If you've been SEing Amazon "consistently" for quite a while by using the very same account for each and every transaction on a regular basis, the chances of your account being locked, will significantly Increase. Unfortunately, this can happen at any given moment and without warning, Irrespective of how well you've prepared your method and executed the attack. But It's not solely about the method used and Its (successful) outcome, but rather "based on a lot of variables pertaining to the activity performed on the account".

To this day and at the time of this article, I've been asked countless times as to why a user's account was locked, and most Importantly, what can be done to get It back- that Is, "unlock It". There Is no definitive answer to this. Depending on the reason, some accounts will be permanently locked, whilst others simply require a few verification details or ID documents  to get It activated again. From a "social engineer's standpoint", It's predominantly the former- "a permanent lock".

In such cases, the only thing that can be done, Is to circumvent the company by creating a new one that cannot be detected In any way, shape or form. But before I move onto this, you need to have a clear understanding of the reasons why accounts are locked, which brings me to my next point as follows.

Why Do Companies Lock Accounts?

Some companies will give reason, whilst others simply don't care and wait for the account holder to contact them and try to resolve the matter. Whatever the case may be, understanding the cause will help you to avoid certain actions that're responsible for account closures, thereby you can prevent It from happening In future. I'll provide the common reasons as per below.

* Too Many Returns

For the most part, this relates to social engineers who don't set their limits, and keep SEing the same company over and over again with returns, by claiming refunds or replacement Items. There's only so much you can claim, before raising suspicion! Companies keep record of every claim, so evidently they will detect this sort of behavior and put an end to the account.

* Credit Card Verification Failure

Again, this Is for all you SE'ers out there who try to use a credit card with fake details, such as a fake name, billing address and also shipping address- with the Intention of (obviously) not revealing your Identity during the SE. Companies, particularly those on a large scale such as Amazon, are not as naive as some people may think. They'll compare It to other details on record and because the credit card Info Is completely different, say goodbye to your account.

* Using Another Location To Login

For anonymity purposes, social engineers use a VPN or proxy to sign Into their account, thereby masking their real IP address. There's nothing wrong with using "another IP address In the same region", but If the "location" Is In another part of the world, then the company may believe the account has been compromised, hence lock It for security reasons, so keep this In mind when using a VPN and the like.

* New Accounts With Too Many Purchases

Personally, I think It's ridiculous to lock a fresh account just because there's too many orders placed In a short space of time. Every account has to start somewhere, so what difference does It make whether It's one week old or active for one year? This not only applies to social engineering, but also when legit transactions take place. The amount of purchases deemed "too many", depends on the company Itself.

How To Unlock An Account:

Due to the fact that I'm basing this on companies In general and not naming specifics, do take everything you read In a broad manner, and apply It to your circumstances accordingly. Okay, from a social engineer's perspective and given the nature of their actions, It's quite difficult to unlock their account- as It's most likely been flagged for fraudulent behavior. In terms of a legit account, there are a number of channels to exhaust to get the account unlocked. Of course, If you're an SE'er, you can still try using the following Information  to hopefully reclaim your account. I've named everything In order of priority- from best to the least preferred option.

* Online Live Chat

The very first point of contact when you've noticed your account has been locked, Is to establish (where available) a "Live Chat" with one of the representatives. Why It's so effective, Is because "'you're shooting messages back and forth In real-time", without the need to wait for a response, therefore the chance of resolving your Issue will be a lot sooner than later. This obviously cannot be done If you need to first login to your locked account, so ask a friend or family member If you can use theirs.

* Contact By Phone

In the event Live Chat Is not an option, the second port of call Is to pick up the phone and give the company a buzz. This Is almost as effective as a Live Chat, however there are a few disadvantages. You could be hanging on the line until a representative Is available, or put on hold for an extended period, or passed over from one representative to another (I'm sure you've experienced this). This can be frustrating, but patience Is a must when opting to call.

* Shoot Off An Email

Unless you've dealt with a company that Instantly responds to email messages, this should be your last option as a point of contact. It's quite evident that delays are expected, namely due to the fact of the time taken to sift through hundreds of Inbox messages, and address each one Individually. Who knows, you may be lucky to receive a prompt reply, so It's still worth using this gateway.

* Verification Of Documents

At times, companies will request certain documents and once they're received, the account will be unlocked. The type of documents could be your latest billing statement, credit card or bank statement, verifying your address by providing a utility bill (water or electric bill) and so forth. No doubt this Is the easiest option, but not everyone prefers to share their personal details. However until the company's request Is fulfilled, the account will remain locked. As such, the only way to get around this, Is by creating another account  so let's have a look at how It's done

How To Circumvent A Locked Account:

If you've come to the point where you've called, emailed, had a live chat session etc with a representative to unlock your account without success, then It's not worth the hassle to pursue It any further. Companies do refuse to unlock accounts- even though you've provided everything they've asked for. When you've reached this stage, you can easily circumvent their systems by creating a fresh account.

It's a very easy process by using a methodical/systematic approach, yet to this day, users still ask me why their newly-created accounts keep getting banned/locked. The equation Is pretty simple- "change every Identifiable detail!". This Includes your full name, date of birth (If applicable), address, phone number, email address, IP address (by navigating via a VPN), payment system and your device. That's correct, "use another device that you've never logged Into your account".

With regards to your payment system, such as your credit card or bank/merchant, If you plan on using a VCC (Virtual Credit Card), they can see that It's associated with the above entities, thus your account will Instantly be locked. The objective Is to not have the slightest detail linked to your previous (locked) account. If you've applied the aforementioned changes, I can assure you that your new account will not be detected.

In Conclusion:

Upon reading this article, you're now well aware of how accounts are structured, why companies lock them, what can be done to try and unlock It and most Importantly (from an SE'ers standpoint), how to bypass detection by creating a fresh/new account. Do remember that If your account keeps getting locked, "there Is something linking It to your previous account", so you need to Identify exactly what It Is and change It thereafter. On a final note, not everything mentioned will apply to your environment, so pick and choose the Information suited to your circumstances.







Comments


Popular Social Engineering Posts