Excuse To Not Return Items



Excuses To Not Return Items As Requested.

As a social engineer yourself, be It manipulating small retailers In person at your local mall or huge organizations online to the likes of Zalando or Logitech, you'd be well and truly aware of the challengers that you Inevitably face during the stage of a given SE. This of course, relates to social engineering companies for refunds or replacement Items. Unless a representative Is half asleep and simply approves your claim with no questions asked, there will always be some degree of difficulty- Irrespective of the method used at the time.

That said, the complexity can be significantly minimized If you've played It smart by researching the company's terms, preparing your method based on your findings and executing your attack accordingly thereafter. As such, you maintain an element of authority to ensure a favorable result, however there's one thing that you have no control over- and that Is "when the representative asks you to return an Item" as part of the claim's process.

This Is a commonality when using the "serial number method", whereby you grab a serial from (for example) a seller on eBay for an Item that's still under warranty, and you social engineer the representative by claiming that It's defective. The rep will go through a few troubleshooting steps and when he's satisfied that It's not functioning, he'll ask you to return It- usually via their nominated carrier. Obviously, you don't have the Item, hence you cannot send what you haven't got.

The same applies to goods that you've already purchased, such as a computer monitor. When asked to return It, due to Its size and weight, you cannot box the company therefore you'd need to seek an alternative to this. Whatever the case may be (serial or purchase), how do you bypass a return request? Well, I've been asked this question countless times In a social engineering community I'm registered with, and that's what prompted me to write this article. I will provide you with quite a number of options to choose from, so select the one suited to your circumstances. So without further delay, let's get this started.

Disposed Of The Faulty Item:

I must say that every method and option that you will have the pleasure of reading, this one Is the most used In the SEing sector and when performed effectively, It has a pretty good chance of success. As Its name Implies, when the company asks to return the Item, you simply say that you've disposed It "for health & safety purposes". It's very Important to mention the latter- as companies must comply with health & safety regulations, thus they cannot Immediately dismiss your claim without first considering all factors Involved. The only limitation, Is that It must warrant the Item you're social engineering at the time- It cannot be a sports jacket or a pair of trainers.

For Instance, It must be an Item that entails some type of functionality, or contains components that are an Integral part of Its usability. Allow me to clarify this. If It's a Bose Home Speaker that operates with batteries, In this case, the SE'er will say that It leaked and because he had young children present at the time, he threw It In the trash due to health & safety concerns. Another excuse, Is saying that the laptop you've purchased, caught fire to the point of setting off the smoke alarms In the family home, so you did the very same- quickly disposed of It to prevent damage and personal Injuries. Whatever you decide on using, be sure to Include some element of "health & safety".

Carrier Does Not Accept Dangerous Goods:

Given the majority of companies are well prepared for returns of just about anything and everything, this Is not used very often at all but when It Is, the SE Is almost guaranteed to work. As with the above method pertaining to the leaking battery, Instead of throwing away the Item, the objective Is to say that you cannot send It back for the fact that the carrier refuses to accept dangerous/hazardous goods. This Is on the grounds that the company's carrier has this protocol In place, or they give you the option to choose one of your own. Evidently, you'll opt for a carrier who doesn't deal with hazardous material.

Now you need to be selective with the nature of the Item you're SEing. Why Is that you ask? Well, the representative will simply tell you to remove the battery and only ship the Item  and If you're new to SEing, this might seem like It's Impossible to avoid but believe me, It can easily be manipulated. For the purpose of simplicity, I'll demonstrate how It's done by using a laptop. There's two ways you can do this. The first Is to tell them that the battery Is not removable, but rather an Internal part of the laptop Itself.  Most are nowadays, so this makes perfect sense. The second one Is saying that when the lappy caught fire, the battery fused Into It, hence cannot be taken apart. Both options are equally effective, but for this to work, remember that "the carrier cannot accept dangerous goods".

Not Home Due To Work Commitments:

When you're requested to return a package and "you" need to send It back to the company  In question, as you've just read (and will continue to view more methods further down), there are many ways that you can work around this. However, not all returns operate In this manner- you will Inevitably experience that a representative will try to arrange a pickup from your residential address via one of their carriers. Essentially, and In a legit environment, you'd organize a mutually convenient time and date and the driver will drop by, grab the package and take It to Its destination. From a social engineer's standpoint, this will ruin everything. Have no Illusions, as with every SE, there's always a way to bypass every obstacle that comes your way and this Is certainly no exception.

There's a couple of clever and very logical solutions that are In fact very convincing, and for the most part, have a successful outcome. The first, Is to "say that you're away on a business trip for the next 8 weeks or so". It's also Important to mention that "you live alone" and as such, there'll be no one home to fulfill the driver's needs. Pretty cool, yes? I think so too.

The second one works on a similar principle, but on this occasion, "you tell them that your job Is on-call", meaning your hours are not scheduled, thereby you have no Idea of the times and days that you'll be attending your shifts. I actually recommended this to a particular member on a forum, and It worked like a charm. If you're reading this now, you know who you are! And feel free to drop a comment below. Ultimately, both the first & second option have the same result- you will not be home for the pickup.

The Item Contains Blood- Using The Blood Method:

If you're totally new to social engineering, the sound of this may seem a little scary, but unlike some other methods, this also applies to legit claims and that's what makes It seem real. As with the "disposed of the faulty Item" that you've read above, the "Blood Method" Is also used to not return Items, by using "health & safety" regulations to your advantage. Its objective Is simple, and can be used with an array of Items. In short, when the company asks the Item be returned for a refund, you use the excuse that you cut yourself whilst opening the box, and the Item Is covered In blood.  This can happen with basically any product you handle, and that's what makes this method believable.

Even If you tell the representative that you've (seemingly) cleaned every bit of blood, the chances are that he'll refuse to accept the Item for health & safety purposes. The good thing about It, Is the variety of Items that It can be used on, as well as Its success rate- quite high, even when performed by beginner social engineers. Now because of Its broad usage, I'm not going to create a list of Items, but rather state that the blood method Is compatible with anything shipped In a box  (yes, even "paper cuts" produce blood!), and any Item that has a sharp/rough surface or edges and/or detachable parts. Just use common sense when selecting an Item- It's not difficult at all.

Box The Company- Use The Box Method:

Before I begin with this, I'd like you to have an understanding of what the "Box Method" Is designed to achieve- because If you've never heard of this, you'd be at a complete loss just by reading Its title. Put simply, when you're told to return the Item, you only send the box with nothing In It, by tearing It on one side and sealing It with different colored tape. The Intention, Is to give the Impression as though the Item was stolen during the delivery  and when the company receives the package, they'll see that the box has been taped and think that It was actually taken, and give you a refund/replacement thereafter. A method using "dry Ice" can also be used with this, but It's beyond the scope of this guide to elaborate on that.

Packages are always weighed when being delivered and as a result, the Item that you'll be SEing must be extremely light to not register a weight on consignment, so you cannot use this method with anything you like- you need to use something that's suitable. For Instance, let's say you're planning to SE an "SSD" (Solid State Drive) that only weighs around 50 grams. Given It's so light, when you send back the box without the SSD enclosed, It will not be detected that It's missing at the carrier's weighing facilities and when the company receives It, they cannot prove that the SSD wasn't In the box to begin with. On these grounds, they'll have no choice but to approve your claim. To reiterate: only opt for very lightweight Items when using the box method to return goods - this Is relative to this topic, and not In general. 

Use A Drop Address/House:

From a beginner's perspective, you'd have no Idea what this relates to just by viewing the title of this topic, so I'll quickly explain what a "drop address" pertains to prior to moving forward. Also known as a "drop house" or simply a "drop", It's an unrelated home (to the social engineer), that's used to accept deliveries when SEing online stores. The SE'er will look for a house that's listed for rent/lease, and put It as the receiver's address when placing orders. Since It's up for rent, It will be vacated awaiting tenants, therefore he can organize packages to be sent to the drop house and once the carrier delivers his goods, the SE'er will accept It and disappear- leaving no trace of his real address.

Here's how It works from your standpoint. When a company, such as HP, offers an "AR" (Advanced Replacement) they'll ship the new product In advance and when It's received, the defective one must be sent back. Failure to send It, will result In your account being billed. To avoid all this, you'd create a fake account and have the Item sent to the drop address. As such, there are no Identifiable details linked to you, so they cannot debit your account, nor can they locate you by address. The drop house Is mostly used by social engineers with Advanced Replacements, so If you're In this scenario, you now know what to do to avoid sending back the Item.

Using The Sealed Box Method:

This Is a very effective method that has a significant chance of success, but It requires a very good set of skills to apply It In a strategic manner. Getting straight to the point here, the representative will ask you to return the Item and when he receives It, a refund will be Issued. This Is pretty much standard practice with most companies- as they want to check the return prior to approving the claim, but In this case, you're going to circumvent checking of the Item Itself by using the "sealed box method". The aim of this method, Is to replace the original Item (that you ordered), with anything else that you have lying around the house that's around the same weight as your purchased product. Then you seal the box In perfect condition as per the manufacturer's packing

When you send It back, the Inwards goods/receiving section of the warehouse will see that It (seemingly) hasn't been opened, and they'll scan It and place It back Into stock. The administration department will then approve your claim for a refund or replacement Item. As said, you must be very careful when resealing the box- any signs of tampering may result In a failed SE.  It's human nature for reps (or anyone for that matter) to check for Inconsistencies at the top/opening of the box, so I suggest to "open It at the bottom". Also, It's good practice to take a photo of how the box Is originally packed & sealed and compare It with your finished result. 

Believe It or not, you can even use the "sealed box method" with a "laptop". If you've purchased one and would like a refund, contact the company saying that you've received the same one as a gift, hence you don't need two laptops. Then pack anything that weighs the same- such as a pack of A4 copy paper, and "seal the box perfectly". Send It back within their return policy time frame. Barring any unforeseen circumstances, your account will be credited before you have the chance to hit the power button on your new machine!

In Conclusion:

I do hope you've read this entire article word-for-word because If you did, I'd say It's very safe to assume, that you now have the knowledge to bypass a company's return request by using any of the above methodologies. You may find that more than one method/option Is suited to your SE, so select the one that you're most comfortable and confident with. As always, be sure to research and familiarize yourself with the company's return, refund and replacement policy prior to formulating and executing your attack.  






Comments


Popular Social Engineering Posts