The DNA Method



Claim That You Didn't Receive The Package.

In the social engineering world of "company manipulation and exploitation", SE'ers go to great lengths to get what they're after, meaning refunds and/or replacements for Items that they've either already purchased, or by using (for example) the "serial number method" and claim the refund whilst It's still under warranty. In order to do this successfully, It's of the utmost Importance to use a method that's based on the nature of the Item. For Instance, If you're planning to SE a "PS4" (Play Station 4) that weighs 2.5 Kg by using the "missing Item method", due to Its weight, It will obviously fail. As such, you'd simply opt for another method- the wrong Item received  or the sealed box  method will suffice.

Methods are the backbone and an Integral part of every SE, and determine the effectiveness of your attack/execution against your target. If you haven't chosen one that's compatible with your Item, your SE has failed before It had the chance to begin. But what If you're struggling to find a suitable method? Well, that's when the "DNA" (Did Not Arrive) comes Into action. If you're reading this as an advanced SE'er you'd know exactly what I'm referring to, but on the grounds that you've never come across It before, allow me to define It as follows.

What Is The DNA Method?

As you're aware, "DNA" Is an abbreviation of "Did Not Arrive" which (as Its name Implies), Is used by social engineers to say that the package they've been waiting to be delivered to their house (or a drop address) did not arrive. That Is, they've purchased something from an online store such as Currys or ASOS, and the carrier failed to drop It off at their premises. Of course, the SE'er did received It but will SE the company by stating otherwise. The best thing about the DNA Is that It's "carrier-based", hence considered a "universal method" that can be used with just about any Item you like.

Think about this from a logical standpoint. When ordering online, every package Is delivered by a given carrier Irrespective of what It contains, correct? Good, I'm glad you agree! Essentially, no matter what you've bought- be It a cell phone, a computer or a pair of trainers, It will be dispatched and sent to you. Clearly, you can now see why the DNA Is a carrier-based universal method. Its flexibility Is certainly a huge benefit, namely when you're having difficulties applying other methods, however the DNA Is not all sunshine and rainbows- It has one major disadvantage that you must familiarize yourself with, so let's check It out now.

The Disadvantage Of The DNA Method:

For the most part, there's no doubt that there will be some degree of difficulty when SEing, regardless of the method you decide on using. In terms of the DNA, It's more to the fact that It can lead to a lengthy claims process that can take (In some cases) weeks to finalize- and all this Is due to the company "opening an Investigation".

What this means Is, because the DNA Is carrier-based and given you're claiming that you did not receive the package, the company will contact the carrier and cross-check the consignment details to try and establish precisely what went wrong. If their findings are Inconclusive, they may ask you to file a "police report", by stating that everything you've said Is true and correct to the best of your knowledge,

All this Is part of company protocol and Is no cause for concern, but a lot of SE'ers stress over the Investigation Itself, and particularly whether they should put pen to paper on the police report. They even tend to try and falsify the report, which Is not good practice and should never take place. I can assure you that you have nothing to fear, so If you're asked to sign It, go ahead and do so.

Depending on the nature of your SE, Inclusive of the Item's (high) value, you may experience a high volume of calls and emails back and forth for days (If not weeks) during an Investigation, but be patient- the company Is simply processing your claim and nothing more. You'll find that the majority of Investigations, have a successful outcome In favor of the social engineer. Now that you have a very good understanding of how things operate, let's see when the DNA method should be used.

When To Use The DNA Method:

Although It can be used with "almost" anything you like, If there's another method that's well-suited to the Item you're planning to SE (particularly when Its success rate Is high), then use that Instead of the DNA. For example, AirPods are very light and barely register a weight during shipment, therefore the "missing Item method" Is predominantly used by SE'ers. Furthermore, the "box method" Is also used when (seemingly) sending the Item back for a refund- as It does not require to substitute the weight of the AirPods with extra packing or dry Ice. Evidently, you can still use the DNA, but you should always select a proven method as your preferred choice.

Notice how I've quoted "almost" In the above paragraph? That's because the DNA does have Its limitations, hence Is capped as to what you can and cannot SE. For Instance, If you're looking to social engineer a huge 700 litre fridge that weighs 200 Kg, the carrier driver will not leave It at your doorstep and walk off without requesting a signature. And If you're not home to accept It, then the delivery will most likely be rescheduled for a later date. So how do you determine what's best with the DNA? Well, the equation Is pretty simple- nothing too large, and anything of reasonable size and weight, Inclusive of very small Items .

Basically, use common sense and good judgment and don't opt for something like the fridge or a 85 Inch Smart LED TV! To give you an Idea of how It works and of crucial value, what you must do prior to executing It, checkout the example below. Be sure to read each and every word- It will give you a very good Insight of what's Involved right from the get-go, thus help you to apply your very own DNA with Incredible ease. To make It easy to follow, I've written everything In a numbered list form.

The DNA In Action:

  1. Let's say you're going to social engineer the latest IPhone from an online retailer such as Amazon or John Lewis.
  2. The first thing you do, Is research their terms to see who's responsible for loss of goods during transit. It's very Important to Identify this because If It's not the company, then they release themselves from liability and It's "you who will have to cover the cost", which there's no point going through with the SE.
  3. On the grounds that the company Is responsible, then you're good to go.
  4. Now you'll need to see the type of carrier they use, namely to establish If they request a signature on delivery or simply leave It at the doorstep of your premises.
  5. We'll go with the worst-case scenario, whereby you'll be asked to sign for the package.
  6. Now that you have all the details at your disposal, the SE begins.
  7.  You've already placed your order and It's expected to arrive In a couple of days time, so to avoid the hassle of rescheduling or leaving It with a neighbor, you've organised yourself to be home. 
  8. On the day, there's a knock at the door and the driver gives you the package and hands over his little hand-held device for a signature.
  9. You've signed "what appears to be your signature", but It's just a random name. You've made sure that this Is "clearly legible".
  10. To make It look realistic and not raise suspicion, you've made sure that you HAVE NOT "scribbled something that's consistent with an attempt to try and circumvent a real signature!"
  11. As such, this now gives the Impression that the goods were delivered & signed for accordingly.
  12. You've contacted the company "the next day" saying that the package did not arrive,
  13. They've opened an Investigation with the carrier to cross-check the details.
  14. They've tried to decline your claim on the grounds that It was delivered to the correct address.
  15. You told them however, that you did not personally receive It, and that the driver must have delivered It elsewhere. 
  16. You've also told them to check their records and see If anyone signed for It.
  17. The company checks It and reads out the name on the signature. 
  18. It's not your name! And you've advised them of the same.
  19. After a few more Investigations, the company Is satisfied that It's a delivery error on their end, and Issues you a refund.

It was as simple as that. The above Is obviously a general guide and not related to any specifics, but If you're new to the whole DNA process, I suggest you use It to help formulate your own SE,  by picking and choosing the things that're relevant to your environment.  

In Conclusion:

I can confidently assume that as a beginner SE'er, you would've learned a wealth of Information pertaining to the DNA method as a whole and If you've read this from an advanced standpoint, they'd be a few bits and pieces that were unbeknownst to you. In terms of the example above, I'd like to point out the key elements that ultimately led the SE to succeed.

  1. Researched the company's terms.
  2. Identified who was responsible for loss of goods during transit.
  3. Identified the type of carrier used by the company. 
  4. Did not raise suspicion by scribbling something Inconsistent to a real signature.
  5. Signed with a random signature that was clearly legible.
  6. Contacted the company the next day, and not at the time of delivery.
  7. Told them that you didn't "personally receive the package".
  8. The company established that the signature did not relate to your name.

All this significantly contributed to not only allowing the SE to run smoothly to some degree, but of paramount Importance, help It to head and finalize In the right direction- an outcome In your favor.






Comments


Popular Social Engineering Posts