What Triggers An Investigation


Every Method That Triggers A Company Investigation.

Social engineering Is a broad term, that can be used In many different ways to achieve just about anything that comes to mind. For Instance, you can easily SE your victim for their personal credentials, by pretending to be an agent from their credit card provider who's (seemingly) noticed a suspicious transaction on the account. In order to verify the payment and reverse the charge, you'd ask your victim to read out their full name, address, date of birth and phone number and to not raise suspicion, you then reassure him/her that the funds will be reimbursed within the hour and end the conversation on a good note thereafter. Due to the nature of your attack vector Involving (what appears to be) financial fraud on your target's account, they'd have very little to no hesitation In providing exactly what you've asked for. With the Information given to you, their Identity can be built from the ground up, and I don't need to elaborate what happens next!

That was one of thousands of ways to manipulate the person on the other end Into performing an action that they weren't supposed to do, and whilst It required a good set of skills to get the job done, the "methodology" was pretty straightforward. That Is, there was basically only one "method" that was used to complete the task, and that Is to speak over the phone with authority and In a convincing manner. The same cannot be said with "the new breed of human hacking", namely "company manipulation and exploitation", whereby you trick the representatives to Issue refunds or replacement Items- both of which are a 100% profit to your name. To successfully do that, It's of paramount Importance to select a suitable "method" and each one Is predominantly based on the type of Item you're planning to SE. 

There are so many methods available, such as the "DNA", "missing Item", "partial", "sealed box", "wrong Item received", "corrupted file", "boxing"  etc and If you formulate one In a strategic and calculated fashion, It will strongly support your attack vector right from the get-go, through to finalizing the claim In your favor. However, every method does have Its weakness, one of which relates to the objective of this article- which Is "Investigations opened"  purely because of what the method Is designed to achieve. In other words, I will show you every method that Is most likely to trigger an Investigation, Inclusive of the reason(s) why It happens but before I make a start on It, I shall explain what a "method" Is, and what defines an "Investigation" respectively. If you're an advanced SE'er and have knowledge of this, simply skip either or both topics. On the grounds you've just started SEing, then be sure to read every word.

What Is A Method?

Methods are the backbone of every SEing attack and play an Integral role In getting the job done, and If you haven't prepared It according to the nature of your Item & target, then your SE Is destined to fail. For example, you may have researched the company's terms & conditions and chosen the Item you'd like to refund, thereby you have everything In readiness for your SE, but If your method Is not formulated against the Item and your (researched) findings , then don't expect your claim to succeed. Think of It as a set of Instructions that ultimately allows you to achieve the task at hand. To give you a clear understanding, here's a simple analogy. Let's say you've purchased an entertainment unit from IKEA that comes with shelves, draws, screws etc In Its collapsed form and you'd obviously need to assemble It. 

In order to put It together, you'd need a "method"  which In this case, Is the "Instruction sheet"  that contains notes & diagrams that will guide you to accomplish the successful outcome- the unit fully assembled. Now If the "Instruction sheet" did not specifically belong to that entertainment unit, but rather another one that was totally different, you would not be able to build It and complete the job, thus all your efforts would fail. The same applies to social engineering methods- they must be compatible with the company and In particular "the Item that you wish to social engineer"  and as such, It will ensure that your SE runs as smooth as possible with minimal disruptions from start to finish. As with SEs, methods have their fair share of weaknesses, one of which Is being responsible for companies "opening what's called an Investigation". Prior to delving Into that, let's see what an Investigation Is all about.    

What Is An Investigation?    

When companies process claims from customers who request refunds or replacement Items, they have certain protocols and guidelines that they must follow, which ultimately determines whether the claim Is approved or declined. Whilst some are pretty straightforward and do not require additional Information, hence they're finalized with almost no questions asked, there are times when representatives need to collect specific details from both Internal (company) and external (carrier) sources In order to come to a decision with the claim. This Is when they open what's called an "Investigation", whereby as Its name Implies, the rep Investigates the matter at hand to see exactly what's going on, and attempts to clarify why things don't add up (with what the social engineer has said) against their own records. Due to the complexity of some Investigations, It can take up to a couple of months to resolve discrepancies

There are many reasons why It takes so long, such as police reports asked to be signed and returned, liaising with the carrier company and checking their consignment, and/or perhaps tracing the movements of their warehouse picking and packing activities. From a social engineering standpoint, this can be rather frustrating and I've known many SE'ers who simply give up and put an end to their SE, but what I want you to understand, Is that an Investigation Is nothing more than standard company protocol to move forward with your claim. In fact, the majority result In favor of the SE'er, so "when" you've been told that your claim will be Investigated (yes, you will be told at some point), don't panic- there's absolutely no cause for concern. As mentioned In the topic above this, some methods Inevitably trigger Investigations  that's beyond the SE'ers control, so we'll have a look at how and why this takes place beginning with the "DNA".

An Investigation Due To The DNA Method:

The "DNA" method stands for "Did Not Arrive", and Is used by SE'ers to say that the order that was placed and scheduled for delivery by the carrier, did not arrive at their premises. Of course, It was received but they simply state otherwise for SEing purposes. In my experience over decades of personally social engineering entities on every level, It's almost certain that an Investigation will be opened by the company when using this method- particularly when high value Items are Involved. The reason for this, Is because the carrier and Its driver Indicate that the package was delivered to the correct address and due to the SE'er claiming the opposite, the company of where the Item was purchased, will contact the carrier to see what went wrong and try to establish why It didn't make Its way to Its destination. Both are well aware they they've dispatched and delivered the package correctly, and that's the main reason why the DNA triggers an Investigation

What typically happens during the entire process, Is that they check for anything that concludes the delivery  such as (but not limited to) tracking details, signatures accepted on receipt of goods, GPS Information, whether the package was left unattended at the house (and If so, "where"), If photos were taken at the delivery point and the list goes on. If, after every detail, the company's Investigation Is Inconclusive, they may ask  the account holder to file a "police report" to say that everything that was said pertaining to the package not arriving, Is true and correct to the best of user's knowledge. A lot of social engineers are hesitant and Indecisive to get a police report, namely because they have to deal with a cop, but I can assure you that It's only required to proceed with the claim. Stick with your story of the package not arriving, and you'll find that most DNAs will work In your favor.  

An Investigation Due To The Missing Item Method:

As opposed to the DNA method above that can be used with just about any Item that comes to mind, the same cannot be said with the "missing Item method". Before I explain the reasons why, you first need to know what this Is all about and how It's used. The title of this topic pretty much defines Its purpose- which Is used to say that when you received and opened the package delivered by the carrier, the Item that you ordered was not enclosed, hence the method Is appropriately named "missing Item". As said, you cannot select anything that pops Into your head, for the reason that packages are weighed when dispatched by the company and also at the carrier's depot prior to being delivered to their destination. So If you choose to SE an Item that's over a certain weight, It will register at the carrier's weighing facilities and when you claim that It was missing, they'll cross-check their records and see that there was no weight discrepancy, therefore your Item could not have been missing and your SE will fail.  

That's one reason that triggers an Investigation- "cross-checking the weight". For this method to work, It's crucial to opt for something that's so light, that It will not be detected  when weighed and as a result, the company's findings after their Investigation Is finalized will be useless- there will not be any evidence to suggest that your Item was Included In the delivery. As a rule of thumb, be sure your Item weighs "120 grams at the maximum", and that's actually pushing It to Its limit. To be on the absolute safe side, "40-60 grams" will definitely suffice and the majority of SEs that I've come across who've stuck to this range, have In fact succeeded. The other thing that triggers an Investigation with the missing Item method, Is If the company has "CCTV cameras" monitoring their warehouse packing tables, which means that they'll refer to their footage to determine If your Item was packed and sent. Cameras don't lie, social engineers do! So before using this method, do your research to see If cameras are actively operating In the company you'll be SEing. 

An Investigation Due To The Partial Method:

This works on the same principle as the missing Item method, but with a slight difference In the way It's formulated, thus I'll keep this short and straight to the point. Rather than buying a single Item and claim It was missing, the "partial method" Is when you purchase multiple Items (example: 5 or 6), and then say that one or more were not In the box/package when you opened It. It has the exact same effect and objective as the missing Item method, but Instead you're ordering many Items with the Intention to add weight to the consignment and mask the lightweight Item(s) that you're SEing. That's why It's called the "partial method"- you are "partially" social engineering your purchase, however every Item must be Included and delivered In the same package. Both the weight and the reason why an Investigation Is triggered, Is the same as the missing Item method, so there no point to repeat myself.   

An Investigation Due To The Wrong Item Received Method:

This Is quite popular In the SEing community, and commonly used when other methods do not meet the expectations of both the SE'er and the nature of the Item In question. In other words, at times It can be an arduous task finding a method that's fully compatible with the Item, as well as the social engineer's capability In using It effectively against his target. And that's when the "wrong Item received method" comes Into action, by claiming that you received a completely different Item to the one you originally purchased. That Is, the storeman (seemingly) made a mistake and picked & packed the wrong Item. The advantage of this method over most of the others, Is that It's considered a "universal method" that can be used to SE just about any online store. This Is because every company has a warehouse Inventory that holds their stock, and Is ready to be picked, packed and dispatched to their customers. 

Essentially, as long as the company you're looking to SE has a warehouse (which they all do!), you can go ahead and use the "wrong Item received method". Now you will be asked to send back the wrong Item, so It's vital to buy something from the "same company that's extremely cheap but on a different account and weighs the same as the Item you're SEing". As a result, when they receive your return (the wrong Item), they'll scan It and see that It's part of their Inventory and assume that they did In fact make an error, and Issue a refund or replacement. No doubt, you can see Its benefits but every method comes with a consequence which In this case, Is an Internal & external Investigation opened. Here's why the Investigation Is typically triggered. Because you've said an Incorrect Item was received, the company will check their warehouse records, to see whether your order was picked & packed correctly, however this can be difficult to establish If they operate In a fast-paced environment.

If they have CCTV cameras actively monitoring their movements, they'll check the timestamps In the footage and pinpoint precisely what happened with your order. All that, Is the "Internal Investigation". From an "external standpoint", they'll contact their carrier company and request the "weight of your package that was registered at their depot", and then compare It with the "weight of the wrong Item that you returned". Both of these will match, so there's no cause for concern. See why the weight of your wrong Item had to be the same as the original Item? Good! After taking all the above Into consideration, the only thing that they can use to decline your claim, Is the "CCTV camera footage". As with the missing Item method topic a few paragraphs above, the footage will conclude precisely what Item was packed, so do your research and avoid SEing companies that have them up and running. At the time of writing, ASOS, My Very, Ebuyer, Argos and Mindfactory all have CCTV cameras, hence If you're planning to SE them, select another method. 

An Investigation Due To The Boxing Method:

If you're reading this from an Intermediate or advanced social engineering level, you need very little to no Introduction as to what the boxing method entails and the way It's formulated & applied to your attack vector. On the other hand, I've come across countless SE'ers who've just made a start In the art of human hacking, and are both misinformed & clueless about Its meaning and usage. If you're part of this equation, I'll clarify It In very simple terms. The "boxing method", also known as the "box method" Is when the company asks you to return your (seemingly) defective Item for a refund/replacement, but Instead, you send only the box with nothing Inside. Now If your Item Is rather heavy, you substitute Its weight by adding "dry Ice" so by the time Its delivered, the dry Ice would've sublimated (turned from Its solid form to gas) and the company will receive an empty box! 

The objective of the box method, Is to give the Impression that "your Item was stolen In transit" before It was delivered to the company, so It's vital that you opt for something that's very light (therefore It won't be detected when weighed), or use dry Ice as mentioned above. Your package must also appear as though It was tampered with, so you'd tear It on one side and seal It with different colored tape thereafter. When the company receives It, they'll think that someone took your Item at some stage during shipment, and then they'll "assess your claim"  prior to making their decision to approve or decline It. The "assessment"  Is the "Investigation"  and what triggers It, Is the Inconsistencies with your package, namely the different colored tape that demonstrated signs of tampering. 

What normally happens during the Investigation, Is that the company will contact the carrier and cross-check the weight that was recorded at their depot- just to Identify that your Item was enclosed In the package "at that point In time". As such, there will be evidence that you did send your Item back! Of course, you did nothing of the sort. Now If you've selected an Item that was extremely light, It will not register when your package was weighed, so they can't prove otherwise and they'll "assume that It was In the package". Alternatively, If dry Ice was added (Instead of your Item), It will give the appearance that your Item was In fact enclosed In the package. 

As a result of all that, the Investigation concludes that "your Item was In the package at the carrier's depot", but must have been stolen when It was being delivered by the carrier driver to the company. All In all, the representative Is satisfied that your Item was stolen and approves your claim. Because of the above Incidents (and more), an Investigation when using the box method can be a very lengthy procedure, so be prepared to be passed from one rep to another, waiting around for days or weeks to receive a response and being hit with all sorts of questions and requests. If you stick with your story and persevere from start to finish, you'll find that the outcome will be In your favor.   

Other Factors:

There's not much to elaborate on this, so I'll keep It to a single paragraph. What you've just read above relates to Investigations opened as a result of "certain types of methods", however another factor that triggers It, Is when you social engineer "high value Items"- even when the method Itself (such as the "corrupted file method") doesn't warrant an Investigation. In SEing terms, a high value Item Is something that has a minimum cost of around 800$ - 1,000$ and without being capped at a maximum figure. It's a fact that companies (or anyone for that matter), do not appreciate crediting accounts for that amount of money and perhaps thousands of dollars more- regardless If they mark It as a write-off by deducting It for tax purposes. Depending on the circumstances of your claim, the Investigation can be Internal, external or a combination of both but whatever the case may be, make a mental note that It's the "high value Item" that's responsible for triggering It, so take extra care with each and every SE.

In Conclusion:

After reading this entire article, you should now be well and truly Informed about Investigations and their procedures, as well as the common methods that are accountable for triggering them. There are a few other methods not mentioned In this guide that also open Investigations, but they're few and far between, hence not worthy of writing a tutorial. I'd like to reiterate, that an Investigation Is part of company protocol to move forward with the claim and nothing more, so when you're told that one Is In progress, rest assured, there's no cause for concern.