Any Company Can Be SE'd


Any Company Can Be Exploited And Social Engineered

There's no doubt that every social engineering attack vector Is different from one another and even If you've selected the same Item, used a matching method and executed It without variation, It will not be a carbon copy of another SE that you've already used or one that you're planning to use at some point In the future. For Instance, provided you have the awareness, skill set and know-how to the point of SEing on an advanced level, you basically have control of every action you take on your end, however the same cannot be said with the way reps/agents decide to handle and process your claim. Things like Investigations opened, police reports requested to be filed and returned and the need to verify your purchase by providing a POP, are all Inevitable and way beyond the scope of your ability to prevent such matters from taking place. That's what differentiates one SE from the other, and "not the methodologies that you've personally applied"

If you haven't worked It out, this article relates to "company manipulation and exploitation", by using systematic and calculated tactics to fool representatives Into Issuing refunds and replacement Items. In order to successfully do that, the SE'er must research the company's terms & conditions, as well as formulate the method against the nature of the Item, see to It that the execution of the attack Is performed flawlessly, right through to making sure the SE heads In the right direction - an outcome In favor of the social engineer. That being said, many SE'ers don't bother to put In the time and effort Into checking out the company they're looking to SE, but Instead they either rely on the Information of others who've already SEd them, or think that the company Is too hard to manipulate - based on what they've read on various sources on the net. 

I've personally experienced members on forums asking for help to the effect of: "Has anyone social engineered (company name)? If so, how?". And If they don't receive a response, they'll forget about hitting the company, and opt for another one that they're familiar with. As an SE'er yourself, If you have this type of attitude, then look for something else to occupy your time. Just because they've yet to SE the company In question and no one shared their thoughts, does that mean that It cannot be successfully exploited? Absolutely not! Let me tell you that without a shadow of a doubt, "every company can be SEd", Irrespective of the measures they have In place to secure their operations, but "you must be prepared to put In the hard work by gathering everything there Is to know about them" - and that's where I come In. 

I will show you how to transform a company that was once completely unbeknownst to you, Into one that you'll be fully familiarized with, thus you will have the tools and knowledge to SE them with minimal disruptions along the way. What you're about to read, runs In chronological order of what you need to do prior to executing your SE against the company. In other words, It puts you In a position where you'll be well and truly ready to tackle every obstacle that comes your way. Now If you're already Informed about one particular topic or more, feel free to skip to the next one but for Informative purposes, I suggest reading this entire article. Okay, so without further delay, let's make a start. 

Research Company Terms:

Given you haven't SEd the company and have very little to no Idea of how they refer to their protocols and guidelines, the first port of call, Is to navigate to their website and "research their terms & conditions". Every company operates differently to some degree, so It's paramount to familiarize yourself with "the most Important elements that will have a positive Impact on the Item you're planning to SE". Depending on whom you'll be SEing, you may find that there's pages of documentation to sift through and you will be somewhat at a loss as to what should be taken on board, hence to save you the hassle of wasting your valuable time with collecting Irrelevant/unneeded details, I've listed a few points that apply to every company. As such, you can use the following Info as a template and general guide when performing your research.

  • On what grounds are refunds & replacements Issued? (example: change of mind ).
  • Check the time frame of when Items can be refunded/replaced (example: 30 days).
  • Who's responsible for loss of goods during transit (vital for the DNA and boxing methods).
  • Do they offer Insurance and If so, at what cost? (this Is self-explanatory).
  • Who covers the cost of freight for returning goods? (again, self-explanatory).
  • How long Is the warranty period? (very Important to claim before It expires).
  • Do they offer advanced replacements? (If so, use a drop house).
  • Do they bill you for non-returned Items? (If so, use a drop & fake account or VCC).
  • Is PayPal accepted as a payment method? (good for filing a dispute/claim).
  • Do they repair or replace the Item (If they repair, opt for a refund ).
  • Does the company use an OTP to verify the delivery? (see my guide on how to bypass It).

Although some of the above, such as whether they repair or replace the Item, won't directly affect the outcome of your claim (success or failure), It's still beneficial to take Into account - In this case and as mentioned, choose a refund If they repair the Item. After you've become fully acquainted with their terms & conditions, the next step Is to see the type of carrier they use to service their deliveries.  

Research The Carrier Used:

This Is an Integral part of every social engineering attack vector and Is on par with researching the company's terms, and although It's Ignored by many SE'ers, It must be Included In your SEing toolkit. There are no Ifs, ands, or buts about It! For Instance, have you ever wondered why the missing Item method failed when you covered every angle In your method & execution? Could It have been, that the carrier's records Identified the Item was enclosed by cross-checking the weight on their consignment? As you can see, that was "carrier-based" and was enough to decline your claim, so It's Imperative that you "research who the carrier Is, and how they typically behave when delivering packages". Do note that some of what you're about to read Is not specified In their terms, so you will need to extend your research via other means. It's not difficult to locate Information, thus I'll leave It In your capable hands. Every point below speaks for Itself, therefore there's no need to elaborate.

  • Does the driver accept signatures on delivery?
  • Are signatures mandatory for Items over a specific value?
  • Does the driver take photos of the delivery point? If so, where?
  • Does the driver actually ask for the OTP, or leave the package at the doorstep?
  • Does the driver personally visit your home when claiming the DNA?
  • Is It the same driver for every delivery where you reside?
  • Is the carrier responsible for loss of goods during shipment? 
  • Is It the same carrier company with each and every delivery? 

The above Is not an exhaustive list, but my objective Is to demonstrate the commonalities that you're likely to experience when using the DNA method. There are some points that have been duplicated with the company's research, such as "Is the carrier responsible for loss of goods during shipment" and the reason for that, Is If the company Isn't and the carrier Is, then you're good to go with the DNA. This Is one of many reasons why you must research both the company & carrier, and form a profile of each one that outlines what will have a positive & negative Influence on your SE. Obviously It's the company that you'll be social engineering, so It's crucial to have a clear understanding of how they operate Internally, which brings me to the next topic.  

Establish How The Company Operates Internally:

When you use a particular method to SE an Item, there's a lot happening behind the scenes that's unbeknownst to you and, If you're not aware of at least the basics of how the company operates when they cross-check Information and the way they process claims, then your SE can prematurely come to an end. For example, have you given any thought of how their warehouse "picks and packs" customer orders? Probably not, and If you were unfortunate enough to SE Argos, EBuyer, ASOS or My Very, then It's almost guaranteed that they'd decline your claim, namely because they have CCTV cameras actively monitoring their packing facilities. Essentially, when you said your Item was missing, they would've looked at the camera's footage and established that It was packed and dispatched correctly and no matter how hard you try to state otherwise, your attempts will be futile. Videos don't lie, social engineers do! And when It's your word against a piece of footage that clearly shows your order being packed without error, then you don't have a leg to stand on. 

So how do you know If CCTV cameras are In use? Simply perform what I call a practice run ("trial SE"), by ordering a very cheap Item that costs only a few dollars, and use the missing Item or partial method. If there's no mention of cameras and your claim Is approved, that's your answer. Evidently, you need to check out a lot more than just the cameras, such as (but not limited to) whether they Issue affidavits, the steps taken when processing claims, the questions they generally tend to ask and If they perform Internal Investigations like cross-checking a fake "POP" (Proof Of Purchase). All that can be verified by hitting a "practice run", but this time, using a method that warrants the Information you're looking to collect. For Instance, with regard to the fake POP, you can use the serial number method by giving them a serial (that's still under warranty) for an Item that you obviously don't have to begin with. 

In order to generate a refund/replacement, the majority of companies ask for the POP - just to verify the purchase. If the one you're SEing with the "practice run" doesn't request It, then you can go ahead and use the serial number method with your "real SE". Now I'm the type of SE'er who leaves nothing to chance and no room for error, so what I recommend doing In this case, Is a couple of practice runs at the minimum. Why? Well, you must be certain that different reps/agents handle and process claims In the same manner. Sure, there will always be times when reps do as they please and take other measures with claims, but I'm basing this on "probabilities" (most likely to happen) and not "possibilities" (may happen). All the above, will significantly help to Identify the core of the company's Internal operations, but they also deal with external sources, so let's have a look at that next. 

Establish How The Company Operates Externally:

Every time a company receives a claim with some type of discrepancy on the order, they have certain protocols and guidelines that they need to comply with - which not only helps to process the claim with minimal complications, but also ensures that their customers are dealt with In an Impartial and unbiased fashion. However, In order to conclude and finalize everything, there are times when they liaise with other entities, such as the carrier who was serving their deliveries at the time. What I'm referring to Is "external Investigations", whereby they'll submit a request to the carrier company and ask to confirm a few details. Allow me to provide an example as follows. Let's say you're going to use the missing Item method by saying that upon receiving your delivery, the Item you ordered was not enclosed. 

Due to the nature of the method, they "may" open an Investigation with the carrier, by checking the weight of the package that was recorded at their depot's weighing facilities. The Intention Is to establish whether your Item was In fact Included In the package. If It was extremely light (example: 50 grams), It will not register a weight on consignment, hence their findings will be Inconclusive and your claim will be approved. On the other hand, If you've selected something that's pushing the limit (a little over 120 grams), It could be detected, therefore your SE will fail. Notice how I've used "may" as the operative word In the first line above? That's because not every company opens an Investigation, namely with low value Items - the cost of the Investigation and manpower used, will outweigh the cost of the Item, so they won't bother with It and simply Issue a refund/replacement. 

Now If you're planning to SE a low value Item (100$-250$) by using the missing Item, partial, or box method (without adding a weight substitute), the absolute limit Is 120 grams - but at times this can be detected resulting In your claim being declined. As such, you need to determine and clarify If the company you're SEing does open Investigations with low value Items and the way you do It, Is with the good old practice run (trial SE). If you've read the topic named "Establish How The Company Operates Internally", you'll be well and truly aware of how to apply It. When you're going to hit the practice run, do It with an Item that weighs around 150 to 200 grams - the weight Is almost certain to be detected. If your claim Is approved with no mention/Indication of an Investigation, then you're good to go with your real SE. 

Identify All Vulnerabilities:

When you're looking to exploit a given entity via technical attack vectors, you'd need to Identify weaknesses that allow you to gain access. Many hackers use what's called "penetration testing", whereby they evaluate their target for security flaws and use the findings to compromise the network or computer system. The same principle applies to social engineering - once you've Identified your victim's vulnerabilities, you'd then use It to your advantage by manipulating them to perform actions according to your objective. "Every company (and their personnel), Is vulnerable and susceptible to exploitation" and It's your job as an SE'er, to find a gateway that you can successfully penetrate and get the result you're after. Don't think for a minute that a particular organization cannot be manipulated - It can and It will If you apply your skill set to circumvent their defence mechanism.  

Here's what I'm referring to. I'll provide a simple example on how to spot three vulnerabilities with In-store SEing, meaning I'll physically enter the store and get a refund for an Item by using the sealed box method. If you're not familiar with this method, please read my tutorial here. Okay, to make It easy-to -follow, I've briefly written each one In point form as follows.

  • First Vulnerability
As with every SE, the first thing I did was "research" the store and established that their busy period where they're Inundated with customers, Is around 5:00 pm every Friday just before close of business. This Is the perfect time to hit my SE - they're too busy to thoroughly check returns which suits my method to a tee.

  • Second Vulnerability
Upon walking through the store's main entrance, there's two customer service counters, but I've noticed that each one Is different In the way they're handling their procedures. One of them has customers waiting In a long queue and everyone (Including the employees) seem somewhat frustrated, so I've decided to join them - for the reason that they'd be processing returns extremely quick and neglecting to follow store protocol

  • Third & Final Vulnerability
There's three employees serving at the counter that I'm waiting at, so I've analyzed both the appearance and behavior of each one. I've decided that I'll SE the one being a young female who looks distressed and agitated - girls In their teens are usually gullible and naive and along with being stressed, she's the perfect target. I've approached her and kindly asked that I'd like a refund on my return and at the same time, I've purposely knocked over the Eftpos machine, leaving her to pickup the pieces. To cut a long story short, this added to the existing out of control environment, hence all vulnerabilities, helped SE the female Into Issuing a refund - no questions asked.

What you've just read, Is actually based on my very own personal experience, but for the purpose of this guide, I've altered a few details. Now you're probably thinking something along the lines of: "How Is this relevant to SEing stores that offer a delivery service?". Well, checkout John Lewis' Exchanges and Refunds policy, with particular attention to their following statement:

If you wish to return an item of jewellery or a watch which has a value of over £500, please take it back in person to a selected John Lewis & Partners shop.

No doubt, you can apply a similar attack when physically returning goods to a John Lewis store. That aside, the Intention of this topic, Is to use It as a general guide with any company that you'll be social engineering. I cannot possibly cater for every SE'ers needs, so just remember to analyze every detail that may potentially lead to vulnerabilities at some stage of the SE.  

Check How The Company Can Be Contacted:

You may have formulated your method to perfection and executed your attack flawlessly, but It serves very little to no purpose If you cannot communicate with your target effectively throughout the entire SE. Everything you say, has an Impact on where your SE Is heading and once you've said what you had to say, It cannot be taken back, so It's of the utmost Importance to first check how the company can be contacted and then select a gateway of communication that you're comfortable and confident with. Generally speaking, there are three ways that you can get In touch with a company - (where available) "live chat", "shooting off an email" and stating the obvious, the good old "phone call". In terms of dealing with the representative and the overall progress of your claim, each has Its pros and cons but from an SEing standpoint, It's paramount to opt for one that you excel at.

So what Is the best way to get your point across? Well, there Is no "best", but rather selecting one that's suited to your communication skill set and will allow you to tackle the conversation In an efficient and successful manner. Let's have a brief look at each gateway as per below.

  • Phone Conversation
Speaking over the phone Is Instant, It happens there and then In real time and without delay, so anything you've said, cannot be reversed. It Is all well and good If you have the gift of the gab and know precisely how to react with each question asked, but If you're hesitant about how to respond and cannot provide the appropriate reply, It can work against you and give every reason for the rep/agent to decline your claim. Because of that, phone calls are not your strength, so you'd need to choose another point of contact, such as "live chat", so let's check It out next.

  • Using Live Chat
Before you decide on using this, do note that not every company supports "live chat", so research your target to see If they offer the service prior to moving forward. If your reaction time Is quick when It comes to translating your thoughts onto your computer's keyboard, and It's done by replying to the rep's message with precision, then live chat Is your strong point and should be used as your first preference. The good thing about this, Is that If you do happen to have a momentary lapse of concentration and don't know what to say next, you can stall the session for around 20-30 seconds and then hit the "Send button". In other words, It's up to you when to generate your message, but don't abuse your delay In response - as It may appear deliberate.

  • Shooting Off An Email:
At the time of this article, seldom Is there a company that does not deal with emails when communicating with their customers during the claims process, and although It can be time consuming when sending & receiving replies, a huge advantage Is that there Is no sense of urgency to reply to a given message. That Is, you basically have all the time In the world to thoroughly read It, and think of  the most effective response prior to transmitting It back to the rep/agent. Now If you're completely clueless about the context of the email message, you can ask for help by creating a thread on a forum and outline your questions and concerns. This type of gateway (emails), Is suited to SE'ers who are not proficient In real time communications as per the above - phone calls and live chat.

Selecting The Correct Method:

Now that you have performed your research by collecting an array of Information and evaluated the details to Identify the company's vulnerabilities & flaws, as well as established your very own strengths & weaknesses, you have everything you need to start "formulating your method". But you cannot choose any method that comes to mind - It must be based on the type of Item that you'll be SEing. Sure, you can opt for the DNA which Is a carrier-based method and Is compatible with just about any Item, however even that has Its fair share of problems, like carrier drivers taking photos of the entryway of your home to confirm the delivery, or those that ask for an OTP (One-Time Password) before the package can be handed to you. All this may never happen with the DNA but If It does, then you'd need to select a method that's suited to both the Item and your level of expertise.

The first thing you need to do, Is take note of the Item's "weight & dimensions" - as this will give you a foundation to work on, thereby you can start looking at the availability of methods and make an Informed decision with your selection thereafter. For Instance, we'll assume you're going to SE a Giorgio Armani for men 100 ml fragrance that's 5.10 cm x 5.10 cm x 15 cm In size, and weighs around 95 grams. Due to these specifications, you have a few methods to choose from, such as the missing Item and partial, the boxing and the broken glass method. As you can see, you're not restricted and tied to only a single method, hence you can opt for the one that you're comfortable and confident In using. On the other hand, If you're SEing a 17 Inch gaming laptop with a weight of 5.30 pounds, because of Its size, weight and nature, you cannot use any of those methods. Instead, the sealed box method Is one of a few (methods) that will suffice. 

See why It's Imperative to first take the Item's specs Into account, and then look for one or more suitable methods? Good! Now what If you're In search of a method, but fail to find one that satisfies the nature of the Item that you're planning to SE? For example, the Item could be too big to box the company, or too heavy for the missing Item method or perhaps the packaging doesn't fit well with the sealed box method and so on and so forth. Well, the answer Is pretty simple - you'd choose what's called a universal method namely the wrong Item received, by saying that upon opening the package that was delivered by carrier, there was something different to what you originally ordered. What deems this a universal method, Is that every store/retailer has an Inventory full of stock ready to be sold and dispatched, therefore you can use the "wrong Item received method" with just about any company that operates In that fashion! You're now finally at the stage of executing your attack against your target, and I'll show you how to do It efficiently and effectively In the topic below.

Executing The Attack - Push The SE To Its Limit:

Irrespective of the company you're social engineering, there will be the need to tackle and circumvent a number of obstacles before you reach the point of having your claim approved for a refund or replacement Item. Sure, sometimes reps are half-asleep on the job or can't be bothered following protocols and generate refunds with no questions asked but for the most part, you will experience Issues - some of which can be quite difficult to manipulate, but by no means Is It "Impossible". The execution of your attack Is the most crucial part of the entire SE that determines "where It's heading, whether It remains on track and most Importantly, If It works In your favor- a successful outcome". You may have researched your target perfectly and prepared your method flawlessly, but It means nothing If you cannot handle everything thrown at you by representatives.

In regard to lengthy procedures, things like Investigations opened that Involve requests for police reports, shooting off countless emails to no avail and phone calls back & forth with very little achieved, are rather common, but the key to defeat such actions and have the SE approved, Is to not take "no" for an answer and push It to Its absolute limit. You cannot control the behavior of reps/agents - If they notice even the slightest bit of Inconsistency, they will do anything to try and decline your claim. Why do you think some Investigations take months to complete? It shouldn't take longer than a few days or a week at the most to liaise with the relevant departments and collect Information, but companies purposely take their time with the Intention to put an end to your SE, or hope that you've had enough of the BS and end It yourself

Think about It logically for a minute. If your claim was legit, would they put you through months of stress and anxiety before coming to a decision, or would they act on It promptly by treating you In an unbiased manner and resolve your concerns quickly, possibly within a day or two? I think your answer Is obvious and I certainly share the same opinion. Don't be mislead and fooled by their tactics! Your job, as a skilled social engineer, Is to ensure a favorable result by "always being one step ahead", "taking control of the situation", "being adamant & persistent" and "persevering with a high level of confidence" until you get what you're after. You must reverse the process by taking an offensive approach, and If you do It by applying the above attributes, you'll find that they'll dance to your tune (so to speak) more often than not. In short, "push the SE beyond Its limit" from start to finish. 

In Conclusion:

On the grounds that you've read each topic (If you haven't, do so now and come back when you're finished!), you have all the Ingredients to successfully SE any company on every level. I've come across so many SE'ers who're Intimidated by certain online retailers - just because they've either failed to succeed on one occasion, or they've heard stories from fellow SE'ers saying that they're too difficult to social engineer. 

Let me tell you, that nothing could be further from the truth. From your target's standpoint, the human mind Is the weakest link In the security chain. Manipulate It by applying what you've learned In this article, and the degree of difficulties will be kept to a minimum.


  1. I knew someones birthdate and old address. Tried to get his new address by calling his ISP and if they had 'my' nrw addy correctly. They asked me for the new Postalcode which I didn't have. My first time trying. But then I got his new address through some other indisclosed way. Hm.


Post a Comment