OP 06 March, 2021 - 10:48 PM
Reply
How To Circumvent Photos Taken By The Carrier Driver.
Show ContentSpoiler:
Before I make a start on this article, I'd like to point out that this type of social enginering Is not what you're probably accustomed to doing, such as Infecting computers and networks with the Intention to grab confidential Information, or manipulating your victim over the phone to read out the username & password to their online account. When you hit a Google search to lookup the term "social engineering", the majority of sources define It similar to what I've just mentioned above and whilst It's certainly true and correct, by no means Is It limited to that alone. There's a new breed of human hacking that's discussed In almost every SEing Internet forum and Instant messaging platforms, which Is commonly known as "company manipulation and exploitation", whereby representatives are tricked by SE'ers Into Issuing refunds and replacement Items- all without having knowledge that they've been deceived.
For the most part, It relates to any online store who offer a carrier service to deliver goods to their customers. The companies that I'm predominantly referring to operate on quite a large scale, such as Logitech, SteelSeries, ASOS, John Lewis and of course the largest eCommerce company being Amazon- all of which continue to be vulnerable to exploitation. Evidently, In-store businesses are also susceptible to falling victim to social engineering, but for the purpose of this guide, I'll be focusing on online retailers of the aforementioned description. Now In order to successfully manipulate a given entity, SE'ers use what's called "methods" that're the backbone of every attack vector and with proper formulation, they help guide the SE In the right direction and ensure that It remains consistent from start to finish. If you're not familiar with how methods function, please refer to the Social Engineers Directory on this blog, and scroll down to the respective category.
If you're reading this from an Intermediate or advanced standpoint and have been SEing for many months or years to date, you'd be well aware that methods are not all sunshine and rainbows- they each have their pros & cons and the "DNA" (Did Not Arrive) Is certainly no exception. As It's name Implies, It's used by saying that the package you're expecting to be delivered by the carrier, (seemingly) did not arrive at your premises and although It sounds like a pretty simple method to utilize, It does have Its fair share of complexities. Things like Investigations opened, police reports requested to be filed and returned, affidavits are Issued and on-topic to this article, "carrier drivers taking photos of the delivery point"- that's used by companies to confirm that the package did In fact make Its way to the correct destination- being "your home". Prior to discussing how to outsmart photo authentication, you need to have a clear understanding of what's Involved with the DNA method, so let's check It out now.
The DNA Method Defined:
As you know, SE'ers use this method to get refunds or replacement Items by claiming that their package wasn't delivered and despite the above-mentioned negativities with Investigations, police reports and so forth, It does have a major advantage over most other traditional methods, namely that It's compatible with just about any Item that comes to mind. Of course, that's provided you're not planning to SE a family home or a sports car! On a serious note, as long as the weight & dimensions of the Item are reasonable and based on realistic figures, It doesn't matter how big and heavy It Is and the reason for this, Is because the DNA Is a "carrier-based method" that claims that the driver failed to drop off your package- Irrespective of the nature of the Item. Alternatively, If he left It at your doorstep, as far as you're concerned, a passerby stole It. Either way, you didn't receive It. Allow me to explain why weights & dimensions are not Important for the DNA, but apply to the majority of other methods by providing a couple of examples.
If you were to SE a 17 Inch gaming laptop weighing around 5.5 pounds, It's obviously too heavy for the "missing Item method" and "too big to box" without showing signs of tampering at the collection point. Moreover, It's also "too heavy for the box method" and If you were to substitute the weight with dry Ice, It would be very difficult to calculate the time It takes for 5.5 pounds of dry Ice to sublimate (turn from Its solid form to gas). On the other hand, using the DNA method, completely avoids the need to consider weights & dimensions. Think about It logically for a minute. How would the weight and size of your package have a negative Impact on your SE when using the DNA? "You didn't personally receive It", so It makes no difference to your claim as to how big and heavy It Is. Notice how I've used "You didn't personally receive It" as the operative words? This plays an Integral role In the DNA's success, which I'll explain In the topic below.
What Truly Deems A Package As Delivered:
What you're about to read, Is absolutely crucial when using the DNA method and can make all the difference between success and failure, so I strongly recommend to remember and apply It at all times when DNA'ing Items with each and every SE. The majority of companies to the likes of what's mentioned In the second paragraph above, have their own Interpretation of what defines a package to be correctly delivered to the receiver- namely yourself. When you order something from an online store, this Is how It generally works from a "company's perspective". When your order Is picked, packed and dispatched on a tracking system, the carrier service such as DHL, UPS, FedEx etc, will drop off the package to Its destination and conclude the delivery "based on the address". In other words, as long as their records (via tracking) show that your package made Its way to your home, then It's deemed as delivered. I can confidently say that It's not the case at all. You see, It's one thing sending a package to a given address, but quite another to establish that It was In fact "accepted by the receiver".
What companies fail to realize, Is that a package that's marked as delivered to the right address, does not conclude In any way, shape or form that you personally received It- nor any member of your household. For Instance, let's base this on legit grounds by saying that the carrier driver knocked on your door and for one reason or another, you didn't answer It and he simply left the package at your door step. You've been waiting all day for your goods to arrive to no avail, so you've contacted the company and the representative said that the tracking shows It's delivered correctly to your address. However, a little while later, your neighbor told you that he noticed someone holding a package and exiting your home. You guessed It, your package was stolen! As such, It was delivered to the right address but you did not personally receive It, The carrier should not have left It unattended at your premises, therefore It ultimately means that your package did not arrive- hence "DNA". This Is a huge vulnerability, so be sure to use It by saying "you did not personally receive It". It also applies to carriers taking photos, which brings me to the objective of this article.
Circumvent Carrier Photos- Example One:
Every company who utilizes a carrier to deliver goods to their customers, operate differently (to some degree) In the way they mark their packages as being delivered to their correct destination. Some ask for a signature, whilst others require an "OTP" (One-Time Password) that's sent to the account holder via email or text message, which must be provided to the driver before the package can be released to the recipient. In the absence of both a signature & OTP, a few carrier companies have Implemented other measures, namely "taking photos of the delivery point" which Is used to verify that the driver did In fact drop off the package to the right house. At the time of writing, "DPD" who services many major retailers such as Amazon and ASOS, Is one carrier that takes photos, so do keep this In mind with future SEs. A lot of customers are angry with this procedure and claim that It's an Invasion of privacy to take a picture of their home, however (and to the disappointment of SE'ers), It's legal to take a photograph In a public place.
There's a couple of ways that the driver will take a photo of your home- the first Is the outside of the premises (which I've covered In the next topic) and the other one Is by asking you to open the front door, and he'll place the package In the "entryway" and take a snapshot as proof of delivery. As a result, If you try and deny that your order did not arrive, they'll refer to their photo that clearly shows that the package was left In your doorway, and use It as evidence against your claim. So how do you stop the driver from taking photos? Well, you don't, but rather use a very clever and calculated approach by "making It seem as though he didn't set foot on your property" but for this to work, your package must be sent via tracking, thereby you can check Its shipping status to see precisely where It Is at any given time. Remember: "you're giving the Impression that the driver never arrived at your home", and here's how you do It.
Around 15-20 minutes before he's due to arrive, "rearrange your entryway" by removing every bit of furniture and replacing It with rugs, chairs, tables etc from another room and make sure everything Is clearly visible when the front door Is opened. What you've just done, Is "give the appearance that It's NOT your home" so when the driver arrives and asks to take a photo or two of your entryway, allow him to go ahead. When he leaves, place your furniture back as per Its original state and then contact the company "the next day" (don't do It on the same day, you're not supposed to know that It arrived!), and tell them that you're still waiting for It. If they decide to visit your home and compare their photos with the current (and normal) layout of your entryway, they will not match, thus there's no evidence to suggest that your package made Its way to the right address. Based on this, there's nothing to support their decision to try and decline your claim, so a refund/replacement Is forthcoming.
Circumvent Carrier Photos- Example Two:
It's not only the Interior of your home that's of concern, but also the exterior, meaning In the event you're not home or for any other reason that prevents you from physically accepting the delivery, drivers will leave your package at a particular point of your home and take a picture thereafter. As with the first example above, It's used to verify that It was delivered to the correct destination but as you're already aware, a package that's marked as delivered does not mean that you personally received It. Always remember this- as It's a vulnerability that you will be exploiting more often than not when using the DNA method. Now carrier companies are not stupid and naive as most SE'ers think. In situations like this, they have certain protocols In place that state exactly where their drivers must drop off packages In the absence of the home's occupants. Sure, some drivers couldn't care less and put It wherever they feel like It but for the most part, they do follow their guidelines.
What they commonly look for, Is any part of the home that's uniquely Identified as belonging to yourself, like the house number on your front door and as such, they'll place the package at (or near) the doorstep and take a photo of the lot. If you don't have a number stuck on your door, the package will be left at what they deem to be a "secure location", while still being consistent with something that has a distinctive characteristic to your home, such as (for example) a ceramic plant pot with a few unique designs. Whatever the case may be, It's not difficult to work your way around It and render the photos Inconclusive. Much the same with photos taken of your entryway, you need to give the appearance that It's not your home, however you don't know where the driver will decide to place It when he arrives, so you obviously cannot change every element of the exterior of your home, can you? Of course not, and It's not about reorganizing everything surrounding your home, but (apart from the house number on your door which I'll cover shortly ) rearranging the environment "where the package was left"- which Is a very easy process.
For Instance, let's say the driver arrived at your premises, securely left your package behind the gate next to a few garden gnomes (that no other house has the same type), took a couple of photos and continued with his delivery run thereafter. In this case, It's the "garden gnomes" that are used to Identify your house- namely because no one else has the exact same ones, so you'd simply remove & replace them with something that other properties In your area have In their front garden, such as crushed gravel. It doesn't get much easier than that! There's every possibility that the package will be left at your doorstep, which means that pictures of the "number on your front door" will most likely be Included In the photos. This Is when you need to plan ahead. Given you know (via tracking) when your delivery Is due to arrive, change either one digit or place a letter after It, obviously before the driver comes. Don't worry, he won't bother looking at your house number, but rather Identify & confirm your address through GPS. When he leaves, reverse the change to Its original state. Whichever option you choose, their photos cannot be linked to your property.
In Conclusion:
When looking at how to SE photos taken by carriers, a lot of social engineers think that It's all about preventing the actual driver from photographing their home but as you've realized, It's not the case at all. "SEing Involves manipulating everything that comes your way In a very methodical fashion", and this Is precisely what you do with your house, by changing Its normal layout to something that does not represent Its original design. The objective Is to demonstrate a discrepancy between your furnishings & surroundings, to what the carrier company has on record- being their photos. All In all, due to the mismatch of both these scenarios, there Is no evidence to suggest that your package was delivered correctly by the driver, thus do expect the SE to work In your favor.
For the most part, It relates to any online store who offer a carrier service to deliver goods to their customers. The companies that I'm predominantly referring to operate on quite a large scale, such as Logitech, SteelSeries, ASOS, John Lewis and of course the largest eCommerce company being Amazon- all of which continue to be vulnerable to exploitation. Evidently, In-store businesses are also susceptible to falling victim to social engineering, but for the purpose of this guide, I'll be focusing on online retailers of the aforementioned description. Now In order to successfully manipulate a given entity, SE'ers use what's called "methods" that're the backbone of every attack vector and with proper formulation, they help guide the SE In the right direction and ensure that It remains consistent from start to finish. If you're not familiar with how methods function, please refer to the Social Engineers Directory on this blog, and scroll down to the respective category.
If you're reading this from an Intermediate or advanced standpoint and have been SEing for many months or years to date, you'd be well aware that methods are not all sunshine and rainbows- they each have their pros & cons and the "DNA" (Did Not Arrive) Is certainly no exception. As It's name Implies, It's used by saying that the package you're expecting to be delivered by the carrier, (seemingly) did not arrive at your premises and although It sounds like a pretty simple method to utilize, It does have Its fair share of complexities. Things like Investigations opened, police reports requested to be filed and returned, affidavits are Issued and on-topic to this article, "carrier drivers taking photos of the delivery point"- that's used by companies to confirm that the package did In fact make Its way to the correct destination- being "your home". Prior to discussing how to outsmart photo authentication, you need to have a clear understanding of what's Involved with the DNA method, so let's check It out now.
The DNA Method Defined:
As you know, SE'ers use this method to get refunds or replacement Items by claiming that their package wasn't delivered and despite the above-mentioned negativities with Investigations, police reports and so forth, It does have a major advantage over most other traditional methods, namely that It's compatible with just about any Item that comes to mind. Of course, that's provided you're not planning to SE a family home or a sports car! On a serious note, as long as the weight & dimensions of the Item are reasonable and based on realistic figures, It doesn't matter how big and heavy It Is and the reason for this, Is because the DNA Is a "carrier-based method" that claims that the driver failed to drop off your package- Irrespective of the nature of the Item. Alternatively, If he left It at your doorstep, as far as you're concerned, a passerby stole It. Either way, you didn't receive It. Allow me to explain why weights & dimensions are not Important for the DNA, but apply to the majority of other methods by providing a couple of examples.
If you were to SE a 17 Inch gaming laptop weighing around 5.5 pounds, It's obviously too heavy for the "missing Item method" and "too big to box" without showing signs of tampering at the collection point. Moreover, It's also "too heavy for the box method" and If you were to substitute the weight with dry Ice, It would be very difficult to calculate the time It takes for 5.5 pounds of dry Ice to sublimate (turn from Its solid form to gas). On the other hand, using the DNA method, completely avoids the need to consider weights & dimensions. Think about It logically for a minute. How would the weight and size of your package have a negative Impact on your SE when using the DNA? "You didn't personally receive It", so It makes no difference to your claim as to how big and heavy It Is. Notice how I've used "You didn't personally receive It" as the operative words? This plays an Integral role In the DNA's success, which I'll explain In the topic below.
What Truly Deems A Package As Delivered:
What you're about to read, Is absolutely crucial when using the DNA method and can make all the difference between success and failure, so I strongly recommend to remember and apply It at all times when DNA'ing Items with each and every SE. The majority of companies to the likes of what's mentioned In the second paragraph above, have their own Interpretation of what defines a package to be correctly delivered to the receiver- namely yourself. When you order something from an online store, this Is how It generally works from a "company's perspective". When your order Is picked, packed and dispatched on a tracking system, the carrier service such as DHL, UPS, FedEx etc, will drop off the package to Its destination and conclude the delivery "based on the address". In other words, as long as their records (via tracking) show that your package made Its way to your home, then It's deemed as delivered. I can confidently say that It's not the case at all. You see, It's one thing sending a package to a given address, but quite another to establish that It was In fact "accepted by the receiver".
What companies fail to realize, Is that a package that's marked as delivered to the right address, does not conclude In any way, shape or form that you personally received It- nor any member of your household. For Instance, let's base this on legit grounds by saying that the carrier driver knocked on your door and for one reason or another, you didn't answer It and he simply left the package at your door step. You've been waiting all day for your goods to arrive to no avail, so you've contacted the company and the representative said that the tracking shows It's delivered correctly to your address. However, a little while later, your neighbor told you that he noticed someone holding a package and exiting your home. You guessed It, your package was stolen! As such, It was delivered to the right address but you did not personally receive It, The carrier should not have left It unattended at your premises, therefore It ultimately means that your package did not arrive- hence "DNA". This Is a huge vulnerability, so be sure to use It by saying "you did not personally receive It". It also applies to carriers taking photos, which brings me to the objective of this article.
Circumvent Carrier Photos- Example One:
Every company who utilizes a carrier to deliver goods to their customers, operate differently (to some degree) In the way they mark their packages as being delivered to their correct destination. Some ask for a signature, whilst others require an "OTP" (One-Time Password) that's sent to the account holder via email or text message, which must be provided to the driver before the package can be released to the recipient. In the absence of both a signature & OTP, a few carrier companies have Implemented other measures, namely "taking photos of the delivery point" which Is used to verify that the driver did In fact drop off the package to the right house. At the time of writing, "DPD" who services many major retailers such as Amazon and ASOS, Is one carrier that takes photos, so do keep this In mind with future SEs. A lot of customers are angry with this procedure and claim that It's an Invasion of privacy to take a picture of their home, however (and to the disappointment of SE'ers), It's legal to take a photograph In a public place.
There's a couple of ways that the driver will take a photo of your home- the first Is the outside of the premises (which I've covered In the next topic) and the other one Is by asking you to open the front door, and he'll place the package In the "entryway" and take a snapshot as proof of delivery. As a result, If you try and deny that your order did not arrive, they'll refer to their photo that clearly shows that the package was left In your doorway, and use It as evidence against your claim. So how do you stop the driver from taking photos? Well, you don't, but rather use a very clever and calculated approach by "making It seem as though he didn't set foot on your property" but for this to work, your package must be sent via tracking, thereby you can check Its shipping status to see precisely where It Is at any given time. Remember: "you're giving the Impression that the driver never arrived at your home", and here's how you do It.
Around 15-20 minutes before he's due to arrive, "rearrange your entryway" by removing every bit of furniture and replacing It with rugs, chairs, tables etc from another room and make sure everything Is clearly visible when the front door Is opened. What you've just done, Is "give the appearance that It's NOT your home" so when the driver arrives and asks to take a photo or two of your entryway, allow him to go ahead. When he leaves, place your furniture back as per Its original state and then contact the company "the next day" (don't do It on the same day, you're not supposed to know that It arrived!), and tell them that you're still waiting for It. If they decide to visit your home and compare their photos with the current (and normal) layout of your entryway, they will not match, thus there's no evidence to suggest that your package made Its way to the right address. Based on this, there's nothing to support their decision to try and decline your claim, so a refund/replacement Is forthcoming.
Circumvent Carrier Photos- Example Two:
It's not only the Interior of your home that's of concern, but also the exterior, meaning In the event you're not home or for any other reason that prevents you from physically accepting the delivery, drivers will leave your package at a particular point of your home and take a picture thereafter. As with the first example above, It's used to verify that It was delivered to the correct destination but as you're already aware, a package that's marked as delivered does not mean that you personally received It. Always remember this- as It's a vulnerability that you will be exploiting more often than not when using the DNA method. Now carrier companies are not stupid and naive as most SE'ers think. In situations like this, they have certain protocols In place that state exactly where their drivers must drop off packages In the absence of the home's occupants. Sure, some drivers couldn't care less and put It wherever they feel like It but for the most part, they do follow their guidelines.
What they commonly look for, Is any part of the home that's uniquely Identified as belonging to yourself, like the house number on your front door and as such, they'll place the package at (or near) the doorstep and take a photo of the lot. If you don't have a number stuck on your door, the package will be left at what they deem to be a "secure location", while still being consistent with something that has a distinctive characteristic to your home, such as (for example) a ceramic plant pot with a few unique designs. Whatever the case may be, It's not difficult to work your way around It and render the photos Inconclusive. Much the same with photos taken of your entryway, you need to give the appearance that It's not your home, however you don't know where the driver will decide to place It when he arrives, so you obviously cannot change every element of the exterior of your home, can you? Of course not, and It's not about reorganizing everything surrounding your home, but (apart from the house number on your door which I'll cover shortly ) rearranging the environment "where the package was left"- which Is a very easy process.
For Instance, let's say the driver arrived at your premises, securely left your package behind the gate next to a few garden gnomes (that no other house has the same type), took a couple of photos and continued with his delivery run thereafter. In this case, It's the "garden gnomes" that are used to Identify your house- namely because no one else has the exact same ones, so you'd simply remove & replace them with something that other properties In your area have In their front garden, such as crushed gravel. It doesn't get much easier than that! There's every possibility that the package will be left at your doorstep, which means that pictures of the "number on your front door" will most likely be Included In the photos. This Is when you need to plan ahead. Given you know (via tracking) when your delivery Is due to arrive, change either one digit or place a letter after It, obviously before the driver comes. Don't worry, he won't bother looking at your house number, but rather Identify & confirm your address through GPS. When he leaves, reverse the change to Its original state. Whichever option you choose, their photos cannot be linked to your property.
In Conclusion:
When looking at how to SE photos taken by carriers, a lot of social engineers think that It's all about preventing the actual driver from photographing their home but as you've realized, It's not the case at all. "SEing Involves manipulating everything that comes your way In a very methodical fashion", and this Is precisely what you do with your house, by changing Its normal layout to something that does not represent Its original design. The objective Is to demonstrate a discrepancy between your furnishings & surroundings, to what the carrier company has on record- being their photos. All In all, due to the mismatch of both these scenarios, there Is no evidence to suggest that your package was delivered correctly by the driver, thus do expect the SE to work In your favor.
PLEASE LEAVE A LIKE! I LIKE TO LOOK HQ!
NO LIKE = LEACH = BAN!
NO LIKE = LEACH = BAN!
