Research Company Terms



How To Research Company Terms & Conditions.

Whether you're Intending to social engineer someone who's working In a small family-owned business to obtain their login credentials, or physically gain unauthorized access to a restricted building of a huge Fortune 500 company, It's of paramount Importance to "research your target before you even think about preparing your SE". It serves very little to no purpose In trying to formulate your method In readiness for the execution of your attack, when you have absolutely no Idea what you're up against. And SEing companies such as SteelSeries or Logitech with the objective to manipulate their representatives to Issue a refund or replacement Item, Is no exception- you "must have a clear understanding of how they operate".

I've come across many SE'ers (both beginners and advanced) who jump straight Into the SE without any form of research, and then they're In a scenario of dealing with emails back and forth, being passed from one representative to another only to find that It ultimately failed. A major contributing factor to this, Is because they performed what I call "a blind SE", meaning they had no knowledge of how the company was structured, Inclusive of the way they handled and processed their claims. Here's something that you can personally relate to. If you've been Invited to a Christmas party In a remote location with only an addresses to work with, how do you know how to get there "without researching Its directions?". Enough said.

If you haven't already realized, the aim of this article Is to provide you with the very best measures to "research the company you're planning to social engineer, specifically their Terms and Conditions", In a systematic and very effective fashion. Given every SE Is based on Its merits and each company differs (to some degree) with their overall operations, everything that you'll have the pleasure of reading, Is written on general terms and not targeting anything In particular. As such, you can apply what you've learned to any company, be It on the Internet or In-store, Is of equal significance. For the purpose of this guide, I'll be referring to online stores to the likes of Amazon, Currys, ASOS and so forth.

The first thing you need to do, Is (obviously) navigate to their "Terms and Conditions", which can be accessed via a simple Google search. As a beginner, there's no doubt that you'll be somewhat at a loss as to what you should take on board, but rest assured, I've got you covered. What you're about to read, Is titled according to Its respective topic and to avoid congestion, Is only a single paragraph per subject. So assuming that you're located at the company's terms and conditions, let's get this started.

On What Grounds Are Replacements Issued?

Every company varies, but the first thing to look for, Is If there's a time frame  on which you can claim for your Item to be replaced. Some have a 10-day or 20-day policy from "the time your Item was delivered". Also checkout "the reasons required to warrant a replacement", such as faulty/ non functional Items and accidental damage. The latter (accidental damage) Is very Important from an SE'ers standpoint because If you're claiming as such, you need to make sure that you specify that It was In fact an accident, and not done on purpose. Also establish If It's "like-for-like", meaning another Item of the same type.

When Do Refunds Get Issued?

The principle on which refunds are given, Is quite similar to replacements as stated above. Though, there are a few major differences and requirements. For example, almost every company requires to return the Item "In Its original unused package/ box" as per the manufacturer's state. If you've already opened It, then use the "sealed box method" when returning It. Another point, Is that they will not accept certain Items like jewelry and food, so take this Into account when SEing. Of course, you are required to claim for a refund within a particular time frame, hence make sure not to exceed It.

What Type Of Carrier Is Used For Deliveries?

I'd say this Is the most crucial part of your research, namely If you're going to use the "DNA" (Did Not Arrive) method, for the reason of checking how packages are delivered & accepted at the premises. For Instance, a carrier named "DPD" who services Amazon, ASOS and a few others, tends to take photos at the drop off point- being your home, which can complicate the SE If you're not already aware of this. Also, check If the driver will In fact ask for a signature  and If so, prepare yourself to sign with a fake name. Whilst all this won't be stated In the company's terms, knowing the carrier they use, will help you to research via other online means.

Who's Responsible For Loss Of Goods During Transit?

When the company requests an Item be returned, It's a commonality for social engineers to use the "box method", by sending back a box with nothing Inside, and making It look as though It was tampered with during shipment. The objective Is to fool the company Into thinking that the Item was stolen at some point during delivery. Before using this method, It's Imperative to Identify If "the company Is responsible for loss of goods" and If they are, then you're good to go with the box method. Due to a package (seemingly) going missing with the "DNA method", this topic applies to that as well.

Do They Offer Advanced Replacements?

Often abbreviated as "AR", an "Advanced Replacement" Is when the company will send you the Item before you return the one that was purchased from them that's (seemingly) defective. When you receive their replacement, you're supposed to send the defective one back. Evidently, being the social engineer that you are, you'll do nothing of the sort, but rather (for example) box them. Not many companies offer an "AR" but having knowledge of those who do, will help you to make an Informed decision with the type of Item and method to select when SEing.

Do They Bill You When The Item Is Not Returned?

Further to the topic right above this pertaining to the "AR", you'll find that the majority of companies who offer this type of service, will actually bill/debit your account If you don't return the defective Item. HP does In fact do this, whereby you have around 15 days to return It and If you don't, then they'll withdraw the funds from the account that was used to purchase the original Item. You shouldn't have any difficulty finding this In a given company's terms so If you're looking to use the "Advanced Replacement" with your SE, use a "drop house/address" and a fictitious account.

Who Covers The Cost Of Freight?

Although this does not have an Impact on the progress of your SE, It's good practice to see who covers the delivery charge of the Item that you will be returning, Inclusive of carrier pickups. If It's yourself, and the cost of freight Is greater than the cost of the (low value) Item that you're SEing, then It's not worth pursuing. Almost every major company on a large scale, such as John Lewis and Amazon, take care of the bill, however If they deem that they're not at fault, then they may deduct the shipping charge from your refund. This can easily be found In the company's return policy.

Where Is The Company's Return Center?

When receiving goods that're sent by customers for refund or exchange purposes, a lot of companies do not have their own return centers. Instead, to reduce cost, they use third-party entities to accept and store every return. For Instance, Amazon (In some locations) Is partnered with DHL, thus everything Is stored at their facilities. If It's offsite, It can work to the SE'ers advantage particularly during the busy time of year, such as Black Friday Deals & Christmas. As a result and due to the Influx of returns, there's likely to be a communication breakdown between the company and the return center, or In some cases, the company will simply not have the time to thoroughly check, so you can perform your SE when the busy period arrives.

How Long Is The Warranty Period?

This may seem like It's pretty much stating the obvious, but warranty (or "guarantee") periods do differ from one company to another, and It also depends on the nature of the Item- even when It relates to the very same company. For example, Amazon's "Fire Tablets have a one-year warranty" whilst their "LED light bulbs are covered for 3 years". In terms of a different store, "John Lewis has a two-year warranty for their laptop and desktop computers". So when formulating your SE, check the company's terms to make sure that you're well and truly covered.

Do They Repair Or Replace The Item?

This predominantly pertains to Items that you're SEing for a "replacement". I've actually personally experienced this many years ago when I (seemingly) returned a DVD player to be replaced, only to find that the company's policy was to "repair It" within their warranty period. When SEing for a replacement, by "boxing the company", you'd obviously want another one sent out. If they only repair and not replace, then your SE Is pointless. This Is not common at all, but there are companies like "ASSOS" (not "ASOS"), that have It In their terms.

Is PayPal Accepted As A Payment Method?

Regarding all major retailers, like SteelSeries, Logitech, Best Buy, John Lewis, Argos and so forth, there's no Issues with the types of payment methods that you can use to make your purchases. They accept all major credit cards, as well as PayPal, however not every company accommodates the latter, namely PayPal. Social engineers use It very often to get refunds, by filing a dispute through Its Resolution Center and If need be, escalating It to a claim and SE them to reimburse their funds. If you're Intending to do the same, go through the company's payment terms to see If PayPal Is accepted prior to moving forward with your SE.

In Conclusion:

What you've just read, outlined the very basics, yet detailed the most relevant aspects of what to look for In a company's terms and conditions. My aim was to prepare you with a clear understanding of how companies operate when dealing with claims as documented In their refund and replacement policy. The good thing about this type of research, Is that they must comply with their very own terms, so If you've formulated your method and executed your SE based on your findings, the company cannot state otherwise- they have no choice but to abide with what's stated on their website. Evidently, It's beyond the scope of this article to cover everything there Is to know, so expand your own research as needed.





Comments


Popular Social Engineering Posts