The Partial Method



Use The Partial Method For Refunds Or Replacements.

Every time you think of social engineering an entity, be It purposely being employed as a janitor to physically grab personal Information from paperwork disposed In waste baskets, or hitting a major online retailer by manipulating their representative to refund a pair of trainers, you must not only research your target but of the utmost Importance, have a strategy of how you're going to execute your attack. You cannot perform what I call a "blind SE", whereby you have very little to no Idea of the steps required to formulate your plan In an efficient and effective manner, and expect the SE to succeed thereafter. If you haven't worked It out already, what I'm referring to Is "Methods"- of which each and every SE must have In place, Irrespective of what you're aiming to achieve.

For the purpose of this article, this relates to SEing companies to the likes of Zalando, Amazon, John Lewis and so forth- with the objective to obtain a refund or replacement for an Item (or two) that you've already purchased. There are many methods that you can choose from, and for the most part, each Is based against the nature of the Item you're planning to SE.  For example, If It's a 10.2 Inch Apple IPad that weighs 495 grams and you're planning to use the "missing Item method", then your SE will more than likely fail. How so? Well, It's too heavy for the said method, hence If the company opens an Investigation with the carrier and cross-checks the weight on the consignment, they'll see that It was In fact dispatched and received as such.

Now there are times where representatives are half-asleep on the job and simply approve claims with no questions asked, but do you really want to depend on the laziness of reps, when (for example) social engineering an Apple IPhone 11 that you paid $1,300 for? Neither do I. I'm the type of SE'er who covers all angles and leaves nothing to chance, thus the likelihood of success Is "almost" guaranteed. Notice how I've quoted "almost?". That's because there are just too many variables Involved with SEing, therefore It's not possible to be 100 percent certain that It'll work In your favor. What you can do to significantly Increase a successful outcome, Is select a method that's conclusively suited to the nature of the Item, such as the "partial method", so let's check It out now.

What Is The Partial Method?

If you're actively registered In a social engineering community, like an Internet forum or perhaps communicating on a Discord server, I'd say you would've come across posts discussing the use of the "partial method" or simply worded as "partial". As an advanced SE'er, no doubt you'll be well aware of what this entails but as a beginner, you'd be hitting a Google search to no avail. As Its name Implies the partial method pertains to ordering a bunch of Items from an online store, but claiming that your order was partially fulfilled. In other words, one or more Items were not Included when you received the package from the carrier. It's very similar to the "missing Item method"- but Instead of buying a single Item and SEing that alone, you purchase multiple Items on the same shipment, and then say that one or more were not In the box/package when you opened It.

For this to work, It's of paramount Importance to be methodical with the Item(s) that you'll claim as missing. A lot of  SE'ers make the mistake of believing that If they place an order for five or more Items, then any one of those can be claimed as missing- regardless of Its weight. That Is, they think that the extra Items will mask the ones they're SEing. Let me tell you that this Is not the case at all. Why Is that you ask? Well, If the dispatched weight from the company Is compared to the weight recorded at the carrier's depot (just before the package Is loaded Into the van/truck) and "they both match", then everything was shipped correctly. This Is on the grounds, that the Item(s) are heavy enough to Identify that they are In fact enclosed when delivered to your doorstep.

For this very reason, "the partial method Is always based on the weight of the Item"- with the Intention to be extremely light, thereby circumventing detection at both the company & carrier's weighing facilities. As a result, when you contact the company and speak to one of their reps/agents advising that your order was Incomplete when received, there's no possible way that they can state and conclude otherwise. Their Investigations with the carrier by referencing all shipping documents to try and establish whether your Items were sent as a whole, will be absolutely useless. You're probably wondering the type of Items that should be used with the partial method, and rightly so. Rest assured, I've got you covered as per the topic below.

Items Suited To The Partial Method:

Before I make a start on this, the major thing that you need to perfectly understand, Is that the partial method Is "always used to SE Items that are very light and compact". It doesn't matter how heavy the other Items are (that will be Included In the same shipment as the partial Items)- as long as the ones you'll be SEing cannot be detected when the package Is weighed, then you're good to go. I've experienced many SE'ers posting messages saying something like: "I want to SE a light Item, will the partial method work?". This tells me absolutely nothing about It, and If you've asked for assistance In a similar fashion, then be sure to not make the same mistake again! The question Is, "what's defined as lightweight?". For the best chance of success, It's Imperative to be specific.

As a rule of thumb, I recommend opting for Items that're no greater than 120 grams (each) In weight, and this Is pushing It to Its limit. Sure, If the company doesn't open an Investigation, you can probably get away with much heavier weights, but It's not good practice to assume the actions of others- always play It safe by applying the method accordingly. In terms of the Items suited to the partial method, here's a general list that gives you a good Indication of similarities that you can use with your very own SE. These relate to the "Item" (net) weight  and not the shipping (gross) weight.

  • AirPods Pro with charging case. Weight: 56.4 grams
  • AirPods (Previous Model) with charging case. Weight: 46 grams.
  • Versace Bright Crystal Toilette 10 ml. Weight: 45.1 grams.
  • Crucial 240 GB SSD (Solid State Drive). Weight: 60 grams.
  • AMD Ryzen 12 Core CPU. Weight: 45.4 grams.
  • Fitbit Versa 2 Watch. Weight: 38 grams.
  • Ray-Ban Justin Rectangular Sunglasses. Weight: 28.4 grams.
  • Giorgio Armani for men 100 ml. Weight: 95.2 grams.

As you can see, all of the above Items, are well and truly within the weight capacity of the partial method's requirement. Do note that apart from the cologne & perfume, It's the "Item" that you will claim as missing, and not the entire box/package with the Item enclosed. On the other hand, If you happen to find something with a "shipping weight" that's less than 120 grams, then you'd be SEing the lot- "Item and It's packaging". Makes sense? Good! Although the partial method Is very effective when used In Its proper context, there are Instances when complications are Inevitable, so let's have a look at one commonality of when It should be disregarded altogether.

When Not To Use The Partial Method:

Every method has Its pros and cons and as such, It's vital to research your target  before selecting and formulating It In readiness for the execution. The partial method Is certainly no exception, and whilst It can be used with just about any online store, there Is one obstacle that will not only cause significant Issues during the claims process, but will most likely result In a failed SE. What I'm referring to, Is the use of "CCTV cameras", that are used to verify that orders have been picked & packed correctly by those working In the warehouse. The majority of companies do not have cameras In place but those that do, will make your task as an SE'er, extremely difficult to complete, therefore It's best to not use the partial method under these circumstances.

Prior to briefly explaining how CCTV cameras operate In a typical warehousing environment, I'd like to point out that this pertains to "the Item and Its box/packaging" as stored In the racking and not the Item Itself.  For example, If you buy Apple AirPods  from whoever It may be, you'll receive a "box containing the goods Inside"- which Is precisely how It's located In the store's department of the company. On the grounds that you're SEing this, the storeman will grab It from the shelving, pack It with the rest of your order and It will be dispatched thereafter.

Essentially, CCTV cameras record picking & packing operations by the warehouse staff- with the aim to ensure that the correct Items and quantities are sent to all customers, In this case, yourself. Now If you're using the partial method, by claiming you did not receive "the box containing Its contents", then they'll refer to the CCTV camera footage. If their Investigations demonstrate that the storeperson did In fact pick It from the shelving, then your SE Is destined to fail. "Argos" Is one company who has such cameras actively monitoring their Inventory, so If you're planning to SE them, then expect a very lengthy process and possibly an unsuccessful outcome.

The Partial Method In Action:

Now that you're aware of what the partial method Is, Inclusive of the nature of the Items that're best suited, It's time to perform your SE. It's a pretty straightforward procedure, hence I'll keep the details down to a minimum. Unless you know the company well and have SEd them before, the first thing you need to do, Is "research the one you're going to SE to see whether they have CCTV cameras". Obviously, this Is not stated In their terms, so perform a "practice run" (trial SE) by purchasing a number of very cheap Items (only a few dollars all up), and use the partial method on one of them. If It succeeds without any mention of cameras, then you're ready to start your real SE. Of course, you can use the partial method on a couple of Items (or more) but for the purpose of this guide, I'll leave It at just the one.

You've chosen to social engineer Amazon, with the Item being a Thomas Sabo sterling silver bracelet to the value of 59.00$, and only weighing "1.6 grams". To add to your order, you've selected 5 more Items of need- their weights are of no relevance whatsoever, they're simply used to add weight to the consignment and make It appear less suspicious. Naturally, everything will be sent In the same package and after a few days, the carrier delivers It to your home and you gladly accept and sign his hand-held device. You're very calculated with the execution of your SE, by waiting 15 minutes (which gives the right amount of time to check your goods) before speaking with the company's representative and advising that the bracelet was not among the rest of the Items. 

He says that he'll get back to you In two business days. In the meanwhile, behind the scenes, an Investigation has been opened  to see exactly why your bracelet was (apparently) missing. The carrier has been contacted and Instructed to check the weight of your package against their shipping documents- with the objective to report If a variance Is found. Given your bracelet Is only "1.6 grams", It's literally "Impossible" to confirm If It was/wasn't Included In the delivery. Moreover, there are no CCTV cameras In the warehouse so this too, cannot verify any details. As a result, the company has no choice but to credit your account with a refund. A job very well done Indeed.

In Conclusion:

I'd say It's very safe to assume, that you can clearly see the effectiveness of using a very lightweight Item with the partial method, namely something that will not be detected when weighed and dispatched by the company, and at the carrier's depot. Do remember that the partial method Is not limited to SEing  only a single Item- you can opt for two or more, however you'd need to calculate their "combined weight" (not only the one) and make sure that they will not be noticed during shipment. If you formulate your SE as described In this article, you can't go wrong- expect the result to work In your favor.





Comments


Popular Social Engineering Posts