What To Expect With The DNA

 



What To Expect When Using The DNA Method.

On the grounds that you've been social engineering online stores to the likes of Logitech and Amazon, you'd be well aware that they all use a carrier service to dispatch and deliver goods to their customers and as such, there are quite a number of methods to choose from when SEing a given Item. This of course, relates to "company manipulation and exploitation", whereby representatives are manipulated Into Issuing refunds and replacements as a result of a calculated and strategic approach by the SE'er. In order to successfully execute the attack vector, right through to ensuring the result works In the SE'ers favor, It must have a "method" In place that's perfectly suited to nature of the Item and the environment of the SE Itself- particularly the company's terms and conditions. For Instance, you wouldn't use the "box method" If the company/carrier Is not responsible for loss of goods during transit, nor the "missing Item method" on something that weighs around 2 Kg.

If you've never heard of a method and how It's used when SEing, I'd say It's very safe to assume that you're at a loss as to what I'm referring to, so allow me to briefly elaborate on what It entails. In simple terms, It's the backbone of every SE and without It, you cannot move forward with your attack. Think of It as a set of Instructions that guides you from the "starting point", to the "progress of the task at hand" and until It finally reaches Its "destination". Here's an example with the "DNA" (Did Not Arrive) method, that's used to say that you did not receive your package that was scheduled for delivery by the carrier. The starting point, Is when you contact the representative Informing him that your package didn't arrive. The progress of the task at hand, Is when the rep asks you to check If the neighbors have received It (obviously you say they haven't), and the destination Is when they finally approve your claim. 

There's more Involved with the DNA, but I've simply provided a general example of how It's structured and operates- just to give you an Insight of how It travels from beginning to end. As with every social engineering method and attack, things don't always go according to plan and the main reason for this, Is If they suspect that something Is not right, they'll try everything to decline your claim. Because of this, you have no control of the actions that reps decide to take, but you can certainly adapt to changes along the way If you know "what to expect during your SE", thereby you can effectively tackle problematic Issues. 

I've come across many posts In a particular SEing community, where members have asked something along the lines of: "What happens when I use the DNA method?", which Is a very good question to raise- namely due to Its complexities when Inconsistencies are Identified by the company. It's that very question that prompted me to write this article, with the objective to give you a clear understanding of the most common Incidents that "are likely" to take place. I'm not saying that It will happen, but more to the fact that It's a "probability". In other words, I will show you what you're "likely" to experience when hitting the DNA, as well as the best course of action to keep the SE moving In a positive direction, so without further delay, let's get this started.

An Investigation Opened:

Due to the fact you're claiming that the driver neglected to deliver the package to your premises, unless you're SEing a very low value Item that's not worth pursuing, It's almost certain that the company will open what's called an "Investigation". So what exactly Is this? Put simply, they'll liaise with the carrier by cross-checking the consignment with their records to try and establish the whereabouts of the package and why It didn't reach Its destination. What they look for (but not limited to), Is anything that will conclude the delivery such as tracking details, signatures accepted on receipt of goods, GPS Information and basically any type of Info that suggests you're not telling the truth- which mostly happens when suspicion Is raised on your part. As such, they'll purposely take quite a long time with their Investigation, Inclusive of not replying to your concerns In a timely manner with the Intention to reject your request for a refund or replacement.

The key to succeeding with the DNA, Is to remain firm with your story and "never change It at any stage"- as this will Instantly result In a failed SE. I'd like to also point out a very Important element that will significantly Increase the likelihood of a successful outcome, even If you've actually signed when your purchase was handed to you. Do remember this: "A package that's marked as delivered, does not mean that you personally received It". Sure, their records show that It was dispatched to the correct address, however by no means does this confirm that you personally accepted It, nor any member of your household. In terms of a signature, anyone could've put pen to paper and walked off with your package. And If the driver left It at your doorstep, well, they've SEd themselves! (so to speak). As far as you're concerned, It was stolen by a passerby  which does In fact happen on legit grounds. The majority of Investigations work In the SE'ers favor and If you apply what you've just read, there's every reason why your claim will be approved. 

A Police Report Requested:

If you've just began your career In the art of human hacking and used the DNA for the very first time, only to find that you've received an email from the company In question asking you to file a police report, you'd probably be very confused as to what you should do about It. It's also common for advanced SE'ers to feel the same way- all because they read the word "police" and automatically predict that they're In some sort of trouble or perhaps the Feds will bust their door down at 5:30 am. I can assure you that nothing could be further from the truth. Law enforcement agencies have better things to do, than to waste their time and valuable resources on a "one-off Incident" that's simply claiming a delivery didn't arrive!  So why do companies request a police report, and what do they do with It once they've received It? I'm glad you've asked! I'll answer all your concerns and put your mind at ease.

It's basically nothing more than a bit of paperwork to say that everything that you have said, Is true and correct to the best of your knowledge, hence predominantly used for administrative purposes to move forward with your claim. Here's an analogy to give you a better understanding. If you've been Involved In a minor motor vehicle accident, you'd contact the police and when they attend, they'll ask you a series of questions pertaining to the events that took place. To claim the cost on Insurance, you'll then file a police report and they'll put It on record, thereby your Insurer can use It (with other bits of paperwork) to process your claim and fix the repairs on your car thereafter. Given there wasn't anything to suggest acts of unlawful behavior, everything went smoothly and you're back on the road In no time at all. This Is no different to filing a police report when SEing- as long as It appears legit, then there's no cause for concern.   

The Driver Contacting You:

One of the main reasons why many social engineers do not like to use the DNA method, Is the possibility of the carrier driver contacting them either by phone or physically attending their home, asking questions about why they've reported the package as not delivered. Although this doesn't happen often, there are occasions when the driver will do whatever It takes to get In contact with the SE'er, and If It means generating 20 phone calls a day or continually visiting the premises until someone answers the door, then he'll do exactly that on a daily basis. I've personally experienced very similar circumstances, whereby my cell phone had ex-amount of missed calls and the sound of my doorbell became quite annoying throughout the entire day. There are times when the driver will go as far as speaking to the neighbors, and If you don't have a good relationship with them, they can say things that will work against you.

It's not my Intention to put you In a state of panic, but rather point out that the above-mentioned events are certainly realistic and "may" (not "will") come your way at any given moment. Now you're most likely thinking what you can do to prevent It, however due to the nature of the DNA method, It's just not possible to fully safeguard your SE from such Incidents but what you can do, Is be prepared If and when the driver decides to contact you. For example, If you're living alone, It pretty much speaks for Itself- don't open your door and also refrain from answering unknown/private phone calls, but at the same time, be sure It's not a family member or friend trying to get In touch with you for an emergency. On the other hand, If It's your parent's house, then simply "tell them that you legitimately purchased an Item and didn't receive It". It's very Important to tell them It's "legit". As such, they'll have no reason to question you nor the driver, which puts you In the clear!

The Driver Losing His Job:

As you're well and truly aware, Irrespective of the Item value and the measures you've put In place to help minimize suspicion being raised, social engineering companies on every scale Is quite risky and can have serious consequences as a result of your actions- one of which Is the carrier driver losing his job. It's one thing when you SE for personal gain by way of refunds and replacement Items and not affecting anyone around you, but If your behavior contributes to a company's carrier driver finding himself on the unemployment list, then that's just totally unacceptable. No one should be fired at the expense of your SE- they too have bills to pay and a number of mouths to feed, hence It's vital to social engineer In a sense that It will only have an Impact on yourself, and to also make sure that It remains that way.

So how do you ensure that your SEing affairs stay within the confines of your very own environment, and do not play any role with the carrier driver and his deliveries? Well, you cannot control what the company decides to do with your DNA claim, but you can do one thing on your end to significantly decrease the risks  as follows. On the grounds It's the same carrier & driver who services your area, and you SE on quite a regular basis, It's of the utmost Importance to "never befriend the driver". Why? Well, every driver has a set run with their delivery schedule, whereby they'll attend to the same locations each day. Because of this, a degree of friendship and trust will develop between you both and you'll find that the majority of times, he'll drop off the package at your doorstep, or sign for It himself. If this Is repeated and you take advantage of It by DNA'ing many times In succession, then I don't have to explain what happens next. Be a responsible SE'er  by respecting the driver for "who he Is", as opposed to what he does.

The Carrier Taking Photos:

Regardless of whether It operates on a small or large scale, every carrier has the same thing In common, and that's the procedures they use to deliver & pickup goods from one address to another. As handling requirements Inevitably change due to unforeseen circumstances, so too do their protocols and as such, they must comply with new measures that have been Implemented Into their policy. For example, at the time of this article, a nasty virus (that's contagious by physical contact) has Infected the entire globe and has forced many carriers to restructure that way they collect and drop off packages. An International service named "DPD", has been affected to the point of not accepting signatures on delivery. Instead, the driver will ask you to open the front door and he'll put the package In the entryway/doorway, and take a photo as proof of delivery. On the rare occasion, he may ask you to stand next to the package and be Included In the photo, but you're not obliged to do so.

In the eyes of the carrier company, It's just as good as having a signature and the photo Is used to verify that the driver fulfilled his role by dropping off the package at the correct destination, however as with every SE, this can easily be circumvented. So how do you stop the driver from taking such photos? Well you don't, but rather use a very clever and calculated approach by "making It seem as though he didn't set foot on your property", and here's how you do It. If your order Is sent via "tracking", you can check Its shipping status to see precisely where It Is at any given time. Around 15-20 minutes before It's due to arrive, rearrange your entryway by putting rugs, chairs, tables etc where they're clearly visible

What you've just done, Is give the appearance that It's not your home  so when the driver knocks at your door, allow him to go ahead with the photos. When he leaves, place everything back to Its original state and then call the company the next day (don't do It on the same day- you're not supposed to know that your package arrived!) and tell them that you're still waiting for It. In the event they decide to visit your home and compare their photos with the current layout of your entryway, they will not match, hence there's no evidence to suggest that your package made Its way to the right address- your premises. Based on this, there's nothing to support their decision to try and decline your claim, so a refund or replacement Is forthcoming. 

Request To Sign An Affidavit:

Of all the probable events that you've read so far, I'd say that this Is significantly more concerning, namely due to the nature of the document and the ramifications that could affect you personally- should the company decide to take matters further with legal proceedings. So what Is an "affidavit?". Put simply and without the legal jargon, It's a legally binding document and once It's signed, It can be used as evidence In a court of law. For the most part, an affidavit Is Issued when using the DNA method and as with a police report, you're asked to sign It to confirm that what you've claimed with the DNA, Is true and correct to the best of your knowledge. Now It may only be needed to move forward with the company's Investigation and nothing more, but they do have the power to go beyond that- legally. Now I'm not saying they "will", but rather they "can"

There are no hard and fast rules as to why an affidavit Is requested. Perhaps your method had a few Inconsistencies that raised suspicion, or the representative had nothing better to do and decided to be a complete nuisance- unless stated, you'll never know for sure. The question I keep getting asked Is: "should I sign It?". Let me begin by saying that In my career spanning just over 30 years In the social engineering sector, I've only come across one Incident where a particular organization filed a lawsuit against the SE'er, but that's "one Incident too many". Furthermore, that's based on what I was aware of at the time, so who knows whether there were more without my knowledge. If you're SEing a low value Item, It's highly unlikely that the company will take It further- the cost of litigation will outweigh the cost of the Item by thousands of dollars. On the other hand, high value Items are quite risky, so that speaks for Itself. I always recommend not to sign an affidavit. Ultimately, It's your call. 

In Conclusion:

There are a few other bits and pieces that take place when using the DNA method, however this article has exceeded Its reading time by a lot more than what I anticipated. Also, It's not possible to cater for each and every detail, thus my objective to list only the most common Incidents, will suffice every SE'er who has the pleasure of reading this article. I'd like to reiterate the topic pertaining to the carrier driver losing his job. As an SE'er yourself, don't let greed get In the way of your morals, whereby you're the cause of the driver getting fired. "You're accountable and responsible for your actions", so be sure to keep your behavior In your own environment- all without having an Impact on others. 



Comments


Popular Social Engineering Posts