Social Engineering Jewellery

 




How To Social Engineer All Types Of Jewellery

Each and every method used In today's world of "company manipulation and exploitation", triggers one or more events that will have an Impact on your SE, and If you haven't formulated It according to the nature of the Item, as well as neglecting to research the operations of both the company and their carrier partner(s), there's a very high chance your SE will come to an end In the early stages of the attack vector. For example, let's say you're planning to use the wrong Item received method, by saying that a different Item was In the package/box to what was originally ordered.

In order for the method to succeed, the wrong Item must be purchased from the same online store being SEd, on a totally different account that's not associated to your main/primary one, and then sent to another address. So you've applied everything correctly, and when the carrier dropped off your delivery, the representative was contacted and told that an Incorrect Item was enclosed In the package. As expected, an Investigation was opened, whereby the company checked their Internal records, and also liaised with the carrier by requesting certain details about the consignment.

After a few days or so, an email was received stating the claim was rejected and after making a few enquiries from your end, It was determined that the reason for the failed SE, was because you didn't establish that CCTV cameras were monitoring the company's warehouse. Furthermore, "the weight of the wrong Item" was not taken Into consideration at the time of purchase. As such, the CCTV footage deemed the correct product was In fact picked, packed and dispatched, and the weight recorded at the carrier's weighing facilities, did not match the wrong Item you claimed to have received, hence the declined claim was well and truly justified.   

The purpose of discussing the off-topic scenario above, Is to demonstrate the Importance of "covering every angle and leaving nothing to chance" with the product you're looking to SE, and the type of method you'll be utilizing against the company In question  - which Is precisely the objective of this article. What you will learn today, Is how to social engineer all types of jewellery by "researching the company & carrier", Inclusive of "selecting your product", as well as using "three methods with a greater than 95% percent success rate", and finishing off with a few "events that will be experienced" while the SE Is In motion. But first, let's check out the meaning of jewellery.


What Defines Jewellery? 

Even though the title of this topic Is pretty much common sense, self-explanatory and for the most part does not require any elaboration whatsoever, some SE'ers still seek clarification on what characterizes jewellery - particularly Its nature and availability - for the (main) reason of establishing the best company to SE. For example, as a social engineer yourself, I'd say It's safe to assume that you've hit Amazon at some point during your SEing activities, and refunded an Apple Watch Series 7 or perhaps an earlier model, correct? I thought as much. 

Although It's technically labelled a gadget, did you know that It Is also classed as a piece of jewellery? Allow me to explain why It's the case as follows. Generally speaking, jewellery Is defined as a "personal ornament worn on your body and/or clothes" such as bracelets, earrings, necklaces etc, and because an Apple watch (or any watch for that matter) Is also worn on the body, namely your wrist, It's considered jewellery! In short, any "personal ornament of value" you decide to wear, Is jewellery. Some fashion gurus may beg to differ, but facts are facts - watches are jewellery for the aforementioned reasons. Okay, we'll now move onto "researching the company prior to SEing jewellery" as per the topic below. 


Research The Company/Carrier Prior To SEing Jewellery

The very first thing to do with every SE, Is to have sound knowledge of how the company functions from both an "Internal" and "external" standpoint. Evidently, this Is on the grounds that you've never dealt with the company beforehand. You cannot perform what I call a "blind SE", whereby you have no Idea what you're up against - the probability of failure when SEing jewellery (with various measures In place), Is almost a certainty. For Instance, In terms of the "Internal" side of things, which relates to everything that occurs within the confines of the company's warehouse environment, It's crucial to Identify "one particular event" that will Inevitably put an end to your SE, regardless of how well your method was formulated. 

Here's what I'm referring to. Unbeknownst to many SE'ers, certain companies "check their goods as they're being packed In the box/package", prior to taping It up and sending It off to the buyer. For example, I can confidently say that a UK sunglasses and watch retailer called Shade Station operates by picking their orders, "opening the case to make sure the product Is Inside", and then packs and sends It to the customer. Other stores with a similar setup, also work In the same fashion. It's a huge Issue, that ultimately puts an end to social engineering jewellery using the "missing Item" and "partial method" (more on these methods In the topic after the next).

That's a brief demonstration of the complexities Involved, when SEing companies that have Internal procedures to verify their stock at the time of packing. Of equal Importance, Is to research from an "external" perspective, specifically the type carrier that will be servicing your delivery - with the objective of Identifying If an OTP (One-Time Password) will be required on receipt of goods. Why Is that, you ask? Well, If you're SEing a Carat Pear Diamond ring valued at 5,000$ using the "DNA" (Did Not Arrive) method, an OTP will most likely be needed to confirm that the package not only made Its way to the correct address, but was also "personally received by yourself (the SE'er) or another authorized recipient".

What this means, Is that the OTP will be sent to your cell phone or email address and when the driver arrives, you must tell him the password to accept the package. If you don't give It to him, he has every right to mark the consignment as undelivered. Although (for the most part) you're told In advance about the One-Time Password, If you've planned the DNA method before being Informed, It may well ruin the entire SE - particularly when you have no Idea how to manipulate the driver to hand over your package without the password. A good way to find out If an OTP Is part of the delivery, Is to perform a practice run ("trial SE"). Now that you understand why researching Is an Integral part of your social engineering preparation, you will use what you've learned to "effectively select your product", which brings me to the next topic.    


How To Effectively Select Your Product

Before I make a start, do note that this only relates to the "missing Item" and "partial method" (as discussed In the next topic) when SEing companies that have CCTV cameras actively monitoring their movement of stock. The reason I've decided to focus on this, Is because I'm the type of SE'er who covers every angle and leaves no room for error, thus apart from stores physically checking goods, what you're about to read pertaining to "selecting your product", has the highest degree of success against companies on every scale.

Stating the obvious, It's also suited to retailers that don't have CCTV cameras, but we're assuming the worst-case scenario with companies that do have them In place. Okay, when you're planning to SE an Item of jewellery, be sure It's "fully enclosed In a case or cardboard box and cannot be viewed externally", therefore the only way to Identify the product, Is by opening whatever It's packed In - the case or box. An example, Is an Apple Watch that sits In a box covered In cardboard on all six sides - unless It's opened, there's no telling what's Inside

So when your jewellery was ordered & received, and you've contacted the representative saying that "the box/case was empty", they'll check their CCTV to see precisely what was packed, but It's completely useless! The cameras are not X-ray machines nor can they see what's "Inside the box/case", hence the footage Is deemed Inconclusive, and the claim cannot be declined based on the cameras alone. As a result, If there's no Inconsistencies with your SE, a refund/replacement will be forthcoming.


Methods To Use When SEing Jewellery

Given you're well aware of how to research the company/carrier you'll be SEing, as well as meticulously choosing your product and Its packaging, the next step Is to put your method together In readiness for the attack vector. There are many traditional methods available to social engineer jewellery, but as mentioned In the fourth paragraph of this article, I've handpicked and personally formulated  three methods that're almost guaranteed to succeed on each and every occasion - but only If you follow my guides exactly as written. Understood? Good! So let's begin with my favorite method called "the missing Item"


The Missing Item Method With A > 95% Success Rate

First and foremost, I'll briefly explain how the missing Item (also known as the "EB" - Empty Box) method works. As Its name Implies, the method Is used by saying that the Item ordered from an online store, was missing In the package after It was delivered by the carrier driver. Of course, nothing of the sort happened - you're just using It as an excuse get a refund. For Instance, we'll pretend you've bought a Citizen men's watch from Amazon, and had It sent to your home by DHL. Upon "opening the box", there was nothing Inside, so you've contacted the company and Informed the rep/agent of the same.  

At this point, a claim number Is assigned to your case, and unless the rep Is half-asleep on the job and approves It on the spot or a chat bot Issues an Instant refund, a couple of events will most likely be triggered - namely an "Internal" and "external" Investigation. And If you didn't prepare the method accordingly, say goodbye to your SE - the claim will be finalized In favor of the company. As such, you cannot get the first piece of jewellery that comes to mind and expect the SE to run smoothly - It will fail If It's not compatible with the method Itself.

For example, If you're planning to social engineer something that weighs around "900 grams", the company will cross-check the weight recorded at the carrier's depot and If It's not 900 grams lighter, then the Item could not have been missing! I don't need to elaborate what happens thereafter. If you haven't already realized, "the weight of the Item" plays an Integral role In ensuring the missing Item method serves Its purpose, meaning It should not be detected when the package Is weighed at any stage during transit.

If you're a regular reader of this blog, you'd see that I always suggest the Item not to exceed "120 grams" - which Is certainly correct. But this guide Is all about giving the method a greater than 95% chance of success, and to achieve that result, be sure your jewellery Is as light as a feather (so to speak) - at a maximum of 25 grams". I've personally stuck to that weight range on many occasions and also advised other SE'ers to do the same, and I can confidently say that I can't remember the last time an SE failed. 


The Partial Method With A > 95% Success Rate

Now that you've read about the missing Item method, you'll have no problem relating to the "partial method" (aka "PEB" - Partial Empty Box), namely because It works on a similar principle, but with a slight variation In how It's formulated and executed. Often referenced as "partial" on Its own, the method pertains to ordering a bunch of products from an online retailer, and then claiming your order was "partially filled" when It arrived. In other words and purely as an example, "5 Items were purchased, however only 3 or 4 of those Items were received".

It's performed almost the same as the missing Item method, but Instead of buying only the one product and SEing that alone, you'd grab "multiple Items on the same shipment", and then get In touch with the rep and tell him that one or more Items were not In the box when you opened It. Now this part Is very Important, so pay attention! If you're SEing more than one product, the weight must be combined Into a single figure, and kept In the "25 gram" bracket.

For Instance, If one Item Is a pair of gold hoop earrings at 11 grams, and the other Is a bangle charm sterling silver bracelet weighing 12 grams, It's taken as one unit at 23 grams - that's the weight you'll be working with when preparing the partial method. Do the math: 11 + 12 obviously equals 23. Make sure to apply this formula to each and every Item you're social engineering. Okay, the final method I'll be discussing that has a greater than 95 percent chance of success, Is the "DNA", so let's check It out now.


The DNA Method With A > 95% Success Rate

The "DNA" Is an abbreviation of "Did Not Arrive", and Is used by SE'ers to say that the package they've been waiting to be delivered to their address or drop house, did not arrive as Intended. That Is, they've bought something from the Internet, but the carrier neglected to drop It off at their home. Naturally, this Is not true at all - the social engineer Is claiming nonreceipt of goods to refund the Item. The good thing about this method, Is that It's "carrier-based", hence Is compatible with nearly every company that utilizes a carrier to service their deliveries.

I'd like to point out a huge vulnerability that the DNA exploits, which Is what gives the SE a success rate of over 95% - specifically when "carrier drivers leave packages unattended at the doorstep". When It happens, they've basically DNA'd themselves, for the reason that "you did not personally receive the package". Sure, GPS/tracking marks the consignment as delivered, however It only confirms delivery to an "address" and NOT to a "person", therefore you do not have It In your possession

But for the SE to work In your favor, It's Imperative you remain adamant about "not personally receiving the package", and you're still waiting for It to arrive. As such, there's very little the company and/or carrier can say In their defence - for the fact that the driver should've at least taken a signature, and ensured the package was handed to you In person. An effective approach to get the driver to dump It at your doorstep, porch or otherwise, Is to not open the door and say (or shout) you've just come out of the shower naked, then politely ask him to leave It outside and It'll be collected In a couple of minutes. Don't worry, verbal communications hold no value and cannot be used as evidence to verify shipments.    


What To Expect When SEing Jewellery

It's not only vital to know the Ins and outs of the method you're planning to formulate, but It's also crucial to have a very good understanding of "what to expect when SEing jewellery" - as It will prepare you to handle every Incident with minimal complications. This article has exceeded Its reading time by a lot more than what I Initially anticipated, so to avoid congestion, I've listed the series of events "In point form" that commonly take place with each method In the subtopics below. Given the missing Item & partial method are closely related, I've put them together In the one category. 


The Missing Item & Partial Method Expectations
  • An Internal Investigation opened within the company Itself
  • An External Investigation opened with the carrier
  • Where applicable, CCTV camera footage checked
  • For some stupid reason, you may be asked to only return the empty box
  • For some stupid reason, a police report may be requested
  • You may be asked whether the box/package was damaged when received
  • Items possibly checked at the time of packing your order
  • Company contacting the manufacturer to see If the Item was enclosed 

The DNA Method Expectations
  • An external Investigation opened with the carrier
  • An OTP required to verify the delivery
  • A signature requested on receipt of goods
  • A police report asked to be filed and returned
  • An affidavit asked to be signed and returned
  • A statutory declaration asked to be signed and returned
  • A denial of receipt form asked to be signed and returned (go ahead & sign It)
  • The carrier driver taking photos of your home
  • The carrier driver visiting your house or contacting you by phone (Ignore him)
  • The carrier driver asking you to sign some documents (don't do It!)

In Conclusion

Upon reading this entire article, you've learned the true definition of jewellery, how to research the company & carrier and effectively select your product, as well as three methods that have a greater than 95% chance of success. And to help ensure the SE runs as smooth as possible, you're also aware of the events that're likely to be experienced while the claim Is In motion. All In all, you have the perfect Ingredients to formulate your method and execute the attack vector, that will ultimately give your SE the best opportunity to achieve a favorable outcome.

Comments