Investigations And Methods


Events That Methods Trigger During Investigations

Before I make a start with this article, I'd like to point out that It does not relate to the "old-school type of social engineering" you're most likely acquainted with, where (for example) you'd enter a restricted building by pretending to be someone who works there, Infect a computer network with malware and gain remote access, or perhaps posing to be a bank representative and tricking your victim Into handing over their credit card details. All that Is not too difficult to perform, and Is pretty much based on common sense and good judgement, hence even an absolute beginner SE'er can execute a given attack vector and achieve their objective with relative ease. 

Nowadays, a much more elaborate and sophisticated kind of SEing has populated the globe, which Is what I've personally titled as "company manipulation and exploitation". As Its name Implies, It's used to exploit companies and manipulate their reps/agents to carry out actions that they're not supposed to do - credit accounts where It's not warranted, or dispatch replacement products at their expense while you still get to keep the original one. 

Unlike old-school social engineering, hitting online retailers such as the largest eCommerce company being Amazon, as well as others that operate with state of the art logistics and freight distribution, It takes an exceptional set of skills to get the job done - specifically when representatives follow protocol and work strictly by the book when assessing claims. Sure, there are times when Instant refunds are generated by chat bots and brain-dead reps, but for the most part, complications will Inevitably be experienced.

If you're reading this from an Intermediate or advanced standpoint, you'd know precisely what I'm referring to, and the reasons why things don't always go according to plan - namely when your SE has left your local environment and Is In the hands of the company's agents. As such, you have very little to no control of the series of events that take place behind closed doors, of which an "Investigation" Is a big part of the equation. Many SE'ers are somewhat clueless of why an Investigation Is opened, and the methods responsible for triggering It, and that's what prompted me to write this tutorial.

Put simply, what you will learn today, Is five common methods that're used by social engineers of all shapes & sizes - In particular the DNA, boxing, missing Item, partial and finishing off with the wrong Item received, Inclusive of (and on-topic of this guide) the events that each one triggers to cause an Investigation. To make It easy to follow and comprehend, I've Introduced the above methods In that very same order, and each topic concludes with a title appropriately named "Events That Trigger An Investigation". But first, It's Important to familiarize yourself with what an Investigation entails, so let's check It out now.     

What Is A Company Investigation?

When companies process claims from customers who request refunds or replacement Items, they have certain guidelines and procedures that they must follow, which ultimately determines whether the claim Is approved or declined. While some (claims) are pretty straightforward and do not require gathering additional Information, there are times when reps/agents need to collect specific details from various sources before a decision can be made. This Is when they open what's called an "Investigation", whereby the rep Investigates the claim to see exactly what's going on.

For Instance, we'll say you've used the "missing Item method" (more on this further down the page), by Informing the company that your product was missing from the box after It was delivered by their driver. One of the first things they'll do, Is contact the carrier and check the weight recorded at their depot. If your Item was rather heavy, It would've been detected at the carrier's weighing facilities and as a result, It could not have been missing, therefore that evidence alone Is enough to reject your claim.

That's just one of countless examples of what goes on during an Investigation. Although others are assessed differently to some degree, what I'd like you to understand, Is that an Investigation Is part of company protocol and simply required to move forward with your claim, thus there's no real cause for concern - but only when your method Is formulated and executed with little to no suspicion raised. To do that, It's Imperative to be well acquainted with "the events that methods trigger, while an Investigation Is up and running", thereby It'll allow you to effectively prepare It and help ensure minimal disruptions. So, let's begin with the first of five methods - "the DNA".  

The DNA Method 

The DNA Is an abbreviation of "Did Not Arrive", and It's used to say that the package that was scheduled for delivery by the carrier driver, did not arrive at your residential home, drop house or any other location used to accept deliveries. Of course, you did receive It, but you're stating otherwise for SEing purposes. Because you're giving the Impression that you're still waiting for the driver to drop It off, you're not supposed to know when It came, so It's always good practice to contact the representative the next day, and ask him why It hasn't been delivered.

Depending on the company you're social engineering, they may say to speak with the neighbours to see whether your package was accidently handed over to them, or you may be told to wait a few days just In case the package turns up. If neither Incidents eventuate, one of two things will happen - either a rep with no brain cells will approve the claim on the spot, or an "Investigation will open", and certain details will be checked (as discussed next) to establish why your goods failed to make their way to your address.       

DNA Events That Trigger An Investigation

Unlike some methods that only trigger one or (at the most) a couple of events, the nature of the DNA Is responsible for quite a few taking place and If you haven't experienced any or all of them, you will at some point during your social engineering activities. As such, It's vital to be well Informed of the "DNA events that trigger an Investigation" - as having such knowledge, will give you the expertise to tackle each one efficiently and effectively. I've listed everything below, but to avoid congestion, I've started with a very brief Introduction and then (where possible) referenced/linked each of them to my articles on this blog.      

GPS/Tracking Details

After you've said the package didn't arrive, the company will open an Investigation and liaise with the carrier (that serviced your delivery), and use GPS/tracking Information to confirm the package was successfully delivered to your home. When this happens, be sure to remember that It's absolutely useless - for the fact that tracking ONLY confirms delivery to an "address", and CANNOT verify "person-to-person" deliveries. Therefore, the key to success, Is to be adamant that you did not "personally receive the package".

Read More Here     

Signature Cross-Checked

There are many ways to verify receipt of goods, such as having an OTP (One-Time Password) sent to your email address or cell phone and telling/showing It to the driver to grab your order, or perhaps photos taken of the package In the entryway of your home, but there's one form of verification used by almost every company - which Is the good ol' "asking for a signature". During an Investigation, the company will cross-check It with the carrier and use It to confirm that yourself (or a household member) signed and accepted the package. To get around It, either fake sign the consignment or avoid signing altogether.

Read More Here 

Photographic Evidence Checked

In the absence of an OTP and signature, a few carrier companies have Implemented other measures, namely "taking photos of the delivery point" which Is used to verify that the driver did In fact drop off the package at the correct house. At the time of writing, "DPD" who services many major retailers to the likes of Amazon and ASOS, Is one carrier that takes photos, so keep It In mind with future SEs. When companies Investigate photographic evidence, they specifically look for distinct details that Identify your home, and use It to confirm the delivery - but after you read my guide In the link below, you'll see why photos are pretty much useless.      

Read More Here 

Request For A Police Report

If you've just started your social engineering career, and received an email asking to file a "PR" (Police Report), you'd be at a loss as to what should be done about It. It's also common for Intermediate SE'ers to feel the same way - all because they read the word "police", and think they're In some sort of trouble with the law. So why do companies request a police report? Put simply, It's nothing more than a bit of paperwork to say that what you have said pertaining to the DNA method, Is true and correct to the best of your knowledge, thus comply with what's asked of you and never falsify the report!

Read More Here    

The Boxing Method

Also referred to as "box" on Its own, the "boxing method" Is used (for example) when you purchase an Item such as AirPods, and claim they're not working by calling the company's representative. He will then go through a few troubleshooting steps, of which you'll obviously say they're still not functioning. When the rep Is satisfied the Item Is defective, he'll ask to return It for a refund or replacement, but Instead you'll send the box with nothing Inside. The purpose of this method, Is to make the box appear as though It was tampered with In transit, and someone stole your product before the company received the return.

But for this to work, you must use a calculated approach In how you prepare the box and send It back. The best way to do It, Is to cut the box on one side, preferably somewhere underneath where It's not likely to be noticed during shipment, and then seal It with different coloured tape. As such, when the company receives It, they'll see It's been altered from Its original condition and be under the Impression that your Item was stolen. There are two ways the boxing method Is used. If the Item Is extremely light (under 120 grams), return only the box. If It's significantly heavier than that, use dry Ice equivalent to the product weight.      

The Boxing Method Events That Trigger An Investigation

Now that you've familiarized yourself with the basics of how the boxing method Is utilized, of equal Importance Is to be well acquainted with "the events that're responsible for Investigations being opened by reps/agents". As you're aware with the DNA method that you've just finished reading, It's crucial to know what to expect when the claim Is Investigated - for the reason that It'll allow you to be one step ahead of all proceedings. I've listed three events In the subtopics below, starting with the "Carrier Inspecting The Package".   

Carrier Inspecting The Package

What you're about to read doesn't happen often at all, but nonetheless, It's paramount to bring It to your attention. As you know, the objective of the boxing method Is to make the package appear as though It's been ripped open (and taped), and your Item was stolen before It was dropped off to the company. If you've formulated the method In one of two ways as discussed In the main topic above, there's every reason why your SE should succeed. That's In a perfect world of boxing, however during an Investigation, some companies decide to "Instruct you to leave the package open so the driver can Inspect Its contents", and when everything checks out, he'll seal It and dispatch It.

That can be done by picking up the package from your home, or when taking It to one of their designated collection points. "DHL" Is one of a few carriers that (at times) follows this procedure and as a result, It puts an end to the boxing method there and then. Now rather than trying to stop the driver from examining your package (which can be a very difficult task), you'll be using an alternative approach by focusing on "the reasons why you're physically unavailable to meet the carrier's request". You can then tell the company that you're more than happy to use another carrier to return your Item, and box them thereafter. Here's a few reasons for not being available for the driver.

  • Working on-call, hence your work days are unpredictable.
  • Away on a business trip for a couple of months or so.
  • Sold your home and currently In the process of moving.
  • Called for jury service for a criminal trial and will be In court Indefinitely.
  • Admitted to hospital for medical treatment as an Inpatient. 

Carrier Raising A Damage Report

When signs of tampering Is noticed by the person/driver handing the consignment, some carriers will "raise a damage report", thus releasing themselves from liability, meaning they're not held responsible for loss of goods In transit. I've known many drivers who're very meticulous with their delivery run, thereby they'll quickly Inspect the package at the collection point and If It's not In Its original condition, they'll place a few "damage report stickers" and punch In the details Into their hand-held device. Do note that not every carrier operates that way - If they did, the boxing method will fail on almost every occasion!

Essentially, when the company receives your return (that you've boxed) and obviously catches sight of the stickers, they'll open an Investigation with the carrier and collect the Information that was put In by the driver at the time he recorded the damage report. And If It concludes It was "entered at the collection point", say goodbye to your SE - the responsibility falls on you. So, to avoid your package being noticed with tampering when shipped, It's Imperative to "cut It on the underside". Why? Well It's human nature to "check a package/box at the top" and If there's nothing wrong with It, some drivers don't bother checking any further when picking It up from the collection point.

However, you need to keep the damage down to a minimum with a tear that's slightly bigger than your Item, yet large enough to demonstrate that It can be taken out through the gap and (seemingly) stolen. Then, when finally taping It with different colored tape, try and match the color as close as possible to the package/box - as It will camouflage It to a certain degree, and help keep It unnoticed while It's still In transit. All In all, It won't change the fact that It was tampered with when the company receives It

Company Cross-Checking The Weight

In contrast to an Internal Investigation that happens within the confines of the company, there's another type called an "external Investigation", whereby the company seeks and requests Information from the carrier that serviced your delivery. In the case of the boxing method, they'd cross-check the "weight" that was recorded at their depot - just to establish whether or not your product was enclosed In the package "at that point In time". If you've applied the boxing method as discussed In the second paragraph of this topic, they will not find any Inconsistencies with the weight.

To refresh your memory, here's what I mean. If you've selected an Item that was extremely light and returned the box on Its own, It will not register at the carrier's weighing facilities, so they can't prove otherwise and "they'll assume the Item was In the package". Alternatively, If dry Ice was added Instead of your product, It will give the Impression that the Item Itself was In the package. As a result, the Investigation concludes that "your Item was In the package at the carrier's depot", but must've been stolen when It was being delivered to the company. Ultimately, the representative Is satisfied that your Item was stolen and approves the claim. 

The Missing Item & Partial Method 

Although both of these methods are titled differently, their formulation Is much of a muchness, so rather than creating separate topics, I've decided to Include them here. Let's first begin with the "missing Item method". Social engineers use It to say that the Item they bought from a particular company, was missing when they opened the box/package. For Instance, we'll pretend that you purchased one stick of Ram/Memory from a UK retailer named Currys, and had It sent to your home by their carrier service. 

Upon "opening the box", you'd call Currys and tell them that nothing was Inside - meaning the Ram Itself was missing. Alternatively, you can say that when you "opened the package", there was nothing Inside - meaning the entire box and the Ram was missing. The first thing the company will do, Is open an Investigation to check the weight (It's the same with the "partial method"), so In order for the missing Item method to work, the product must be light enough to not register during transit - at a maximum of "120 grams", and that's pushing It to Its absolute limit. 

As for the "partial method", It's very similar to the missing Item method, but with a slight variation In the way It's executed as follows. Instead of ordering a single Item, you'd order a bunch of Items and then get In touch with the rep/agent and say that It was partially filled when you received It. In other words and purely as an example, you Initially "purchased 5 Items" however only "3 or 4 of those Items were received"

Put simply, the missing Item method Is used to SE only the one product, but the partial method Involves "buying multiple Items on the same shipment", and then saying that "one or more of those Items were not In the box/package". Do note that when SEing a few Items, their weight must be combined Into a single figure and kept under 120 grams. So If one Is 30 grams, and another Is 40 grams, with the last one at 35 grams, It equals to 105 grams. Understood? Good! If you've applied the weight as such, there's every reason to expect a successful outcome.  

Missing Item & Partial Method Events That Trigger An Investigation

As you are aware, the missing Item & partial method are closely related with their preparation and execution, therefore everything you read In the subtopics below, Is based on both methods equally. There are 4 events In total that commonly trigger the need for an Investigation to be opened by the company, and If you've used each method quite a number of times, I can confidently say that you've experienced at least one event that caused some degree of difficulty. Rest assured, you'll now be In a position to handle problematic Issues with Incredible ease, so without further ado, let's rip Into It.   

The Rep Asking For A Police Report

What you're about to read pertaining to being "asked to file a police report" with the missing Item & partial method Is ridiculous, specifically because It has no relevance to the methods whatsoever, but for some stupid reason, many companies believe It's justified - of which "Amazon" Is one of them. Here's what I'm referring to. When claiming the product Is missing, It's either a "warehouse error" or a "manufacturer error". The former (warehouse error), Is when the storeman forgot to pick and pack the Item from the shelf/racking, and the latter (manufacturer error), Is when the factory didn't put the Item In the box

In terms of social engineering, a police report Involves "Incidents that are theft-related" and given the circumstances above are nothing of the sort, how can a company possibly think otherwise? To this day, I'm at a loss as to why representatives lack common sense and fail to see the logic behind something that's blatantly obvious. For your reference, a PR (Police Report) Is nothing more than a bit of paperwork to move forward with your claim, and when you're told to file one, It's only used to confirm that what you've said about the SE Is true and correct. So, when they open an Investigation and ask you to send a PR, comply with their request. 

The Item Checked At The Time Of Packing

Unbeknownst to many SE'ers, certain companies actually "check their goods as they're being packed In the box/package" prior to taping It up, and sending It off to the buyer. For example, a UK sunglasses (and watch retailer) called Shade Station operates by picking their stock, "opening the sunglasses case to make sure the product Is Inside", and then packs and sends It to the customer. Other stores with a similar setup, also work In the same fashion - SSENSE being one of them, whereby In addition to physically checking orders, they also take photos at the time of packing.
And If you still plan on saying your sunglasses (or whatever you've purchased) were missing, think again - they'll open an Internal Investigation, and send you CCTV footage clearly showing "your product was In the case" and packed In full! This Is a huge Issue that can ultimately put an end to the missing Item and partial method, but SEing Is all about manipulating every obstacle that comes your way, hence to deem their Investigation Inconclusive, use the missing Item tampered method, which can obviously also be applied to the partial method.    

CCTV Camera Footage Checked

Before I get to the point with this topic, It's Important to understand the design and application of CCTV cameras, and how they serve their objective In a warehouse environment. Now because logistics, dispatch, Inventory management, racking systems & shelving, packing benches and so forth differ between companies, I cannot possibly cover the lot. What I will do, Is provide a general and very accurate guide on how CCTV cameras are used In "modern warehousing". The Information from this point onwards, does not apply to all warehouses, but Its (CCTV) purpose remains the same.

Okay, here's how It all works. Once you've placed an order, the storeman will pick the Items from their respective locations In the shelf/racking and will then place the box on a conveyor belt, where the "packers" are standing by to receive It. This Is the stage where all the action happens. Right above the packing area, are CCTV cameras Installed that record precisely "how the contents are packed In each box" - by their description and quantity. With regard to the missing Item & partial method, this Is the reason why many SEs fail - It will be an arduous task to justify how and why the product was missing, when the CCTV footage clearly shows that It wasn't!

That being said, both methods can still be used, but only when It relates to a "manufacturer error" (as discussed a few minutes ago) and to deem the footage Inconclusive, It's vital that the box Is fully covered In cardboard on all six sides. This means the cameras cannot view the product externally, nor can they see what's Inside, thus there's no evidence to suggest the Item was In the box at the time of shipment. Essentially, It renders the company's Investigation (of the CCTV footage) useless! I'd like to reiterate to keep the Item weight under "120 grams" -  just so It remains undetected at every weighing facility.

The Package Weight Cross-Checked

When the company Investigates the package weight to determine whether your Item was enclosed while It was travelling from one destination to another, It's done through external sources - being the "carrier" that serviced your delivery at the time of the claim. Sure, the company does go through Its very own records but In order to clarify the shipping details, they require additional Information - In particular, "the weight of your package". Allow me to to explain what takes place with an external Investigation.

Almost every package the carrier collects, Is transported to their depot and weights & dimensions are taken and stored In their systems - all before the driver loads his van/truck for his scheduled delivery run. The company that you're SEing, will contact the carrier and cross-check "their weight" against the "weight recorded when the company dispatched your package from their warehouse". If your Item was rather heavy and the company's "dispatched weight" matched the "carrier's weight", then your Item could not have been missing!

That concludes their Investigation and as a result of all the above happenings, the rep/agent will Inform you that your claim has been declined. Can you see the Importance of selecting a product that will not be detected when the package Is weighed? I'll say It again - "120 grams Is the maximum" but to be on the absolute safe side, a range of "40-60 grams" will ensure a favorable outcome on just about every occasion. The majority of SE'ers who've stuck to that (40-60 gram) figure, have succeeded with the missing Item & partial method.       

The Wrong Item Received Method

The biggest advantage of the "wrong Item received method", Is Its versatility, meaning It's compatible with every company that has a warehouse full of stock. Unless you're SEing a car (so to speak), there's almost no restrictions with the type of Item to be SEd, therefore It can be used with practically all online stores, or If you prefer, any In-store retailer. I'll elaborate how the method works In a very simplistic manner. After you bought a product and It was dropped off by the carrier, you'd contact the representative and tell him that "the package contained a different Item to what was originally ordered".

Of course, It's a total lie! You're just saying It happened to SE the company. Before going ahead with the method Itself, you first need to "buy the wrong Item that you're pretending to have received" - for the reason that the rep will ask you to send It back, and a refund/replacement for the "original Item purchased" will only be processed when the company has "the wrong Item" In their possession

Now as easy as It may sound, they're not just going to approve your claim with no questions asked - an Investigation will take place, whereby the "package weight", (where applicable) "CCTV camera footage" and perhaps "Invoices/order details" will all be cross-checked to see whether you're telling the truth, as well as establish how you ended up with a completely different product. As such, to prevent raising suspicion, It's paramount to apply a systematic approach with the wrong Item received method, and to help you formulate It, I've created a simple step-by-step list below.

  1. Buy the Item you're planning to SE
  2. Purchase the wrong Item from the same company no more than a day later
  3. The wrong Item must be purchased on a completely different account
  4. The wrong Item must be sent to a totally different address
  5. The weight of the wrong Item must match (or be close to) the original Item
  6. Where possible, the wrong Item should belong In the same category as the original Item
  7. When the package arrives (with the SE Item), contact the rep/agent
  8. Inform him that upon opening the package, a different Item was enclosed
  9. The rep will ask you to return the Item that was (apparently) delivered by mistake
  10. Send back the wrong Item that was previously purchased In step 2 above
  11. When they receive the wrong Item, It will be scanned and put back Into stock
  12. A refund/replacement will then be Issued for the SE Item

Wrong Item Received Method Events That Trigger An Investigation

Unlike the other methods you've had the pleasure of reading thus far, that had a few events triggering an Investigation, the "wrong Item received method" Is quite the opposite - there are only a couple In total that I'll be discussing. Sure, there are many Incidents occurring while the claim Is In motion, but they're based and done at the company's discretion, and not a direct result of any Internal and/or external Investigation. Okay, this article has exceeded Its reading time by a lot more than what I anticipated, so I'll finalize It with two subtopics below.      

The Package Weight Cross-Checked

With regard to the procedures used to cross-check the package weight from both a company and carrier standpoint, It's almost Identical to the missing Item & partial method that you've just finished reading a couple of minutes ago, so there's no point repeating It - It'll be a waste of my time and yours. As for "the wrong Item received method", there's one thing you need to remember and put Into practice to allow the SE to run smoothly during an Investigation - and that Is to match the weight (or a variance no greater than 40 grams) of the wrong Item with the original purchase Item.

For example, let's say you're SEing a GPU that's around "1.9kg". The next step, Is to search for the wrong Item that you're pretending to have received, but It's not as simple as selecting anything that comes to mind. It's crucial the weight Is close to, or precisely 1.9kg so when It's cross-checked, there will not be any discrepancies and the company won't have reason to look Into It any further. All things considered, provided you've applied the steps mentioned In the previous topic, start celebrating your refund or replacement.

Request For Photos Of The Wrong Item Packaging

Even though this doesn't happen very often with the wrong Item received method, It's still very Important to bring It to your attention - as It may come your way at any given moment during the assessment of your claim, hence you'd need to know exactly how to handle It. Here's what I'm referring to. When the rep/agent Is Informed of the Incorrect Item, he'll ask you to "take a photo of the packaging" - which may Include the box, shipping label and (If applicable) the picking/order slip. Now because you've said "upon opening the package/box, a wrong product was enclosed", all those details relate to your very own order, and here's why.

Notice I've quoted "upon opening the package/box, a wrong product was enclosed" just above? The reason being, you're manipulating the representative Into believing that the storeman picked & packed a wrong Item In "your package/box", then taped It up and It was dispatched to your address. Essentially, you received the correct package/box but an Incorrect Item was Inside. So when photos are requested, comply with their Instructions and take snapshots of whatever It Is they've asked for - your package and/or box, shipping label and (If supplied) the picking slip/order form. Under the circumstances, their Investigation cannot deny your claim of receiving the wrong Item.    

In Conclusion

At the time of this guide, I have written 199 articles on this blog and I must say that this tutorial Is the longest and most detailed of the lot, and rightly so - I've gone the extra step In each topic to cover everything there Is to know about methods and their associated Investigations

On the grounds you've thoroughly read each one (If not, go back and do It now!), you have sound knowledge of how methods are formulated, Inclusive of acquiring the skillset to effectively tackle the events that methods trigger during Investigations. All In all, you're up and running and ready to hit your SEs with the highest degree of success. Happy refunding!