This post is by a banned member (Sofiya_ani) - Unhide
03 September, 2024 - 05:14 AM
Reply
This post is by a banned member (edggde) - Unhide
03 September, 2024 - 02:33 PM
Reply
This post is by a banned member (4dameister) - Unhide
03 September, 2024 - 03:03 PM
Reply
This post is by a banned member (vvvreckedd) - Unhide
05 September, 2024 - 02:02 AM
Reply
(06 March, 2021 - 11:37 PM)TeamSesh Wrote: Show More
Show ContentSpoiler:
If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for.
The Definition Of Every Social Engineering Term.
When you look up the definition of "social engineering" In Its proper context, for the most part, It's defined as grabbing sensitive Information from unsuspecting people, or Infecting their computer with malware and the like to achieve the very same result. And one major security firm named Kaspersky, has this documented on their very own official website. Have a read and see for yourself. Whilst no doubt this Is true and correct, by no means does It come close to what SEing Involves, and the types of methods used to formulate and execute the attack. It's quite poor that a security organization on the scale of Kaspersky, has minimal knowledge on the art of exploiting the human firewall- which can be of little benefit to those "who're new to social engineering", and want to learn every facet, term and abbreviation of what It entails.
As such, If they've joined an SEing community on an Internet forum or registered on a chat server such as Discord, thereby partake In discussions with users who've been In the scene for many years, "the beginner SE'er will be at a complete loss as to the terms used, and what they actually mean". Even a Google search, will predominantly fail to return results. If you're new and as you're reading this article, you'd also be confused- as I've already used a number of words In their shortened form.
It's very much a commonality for social engineers to "abbreviate their wording" and only those who are SE'ers themselves, will know exactly what they denote. Although It doesn't take too long to pickup terms here and there, It can become somewhat frustrating- particularly when there's no online resource to refer to, nor any member around who's willing to give you a hand. Reset assured, I've got you covered! In this article, I will cover every possible social engineering term that I can think of, and will also provide a short sentence (for each one) on how It's commonly used. This way, you'll know precisely what Its abbreviation (and long form) means, and how It's used In a sentence/post.
I will not only define abbreviations, but also "terms and methods In full", that are very often used when selecting and preparing methods. This too, will give you a clear understanding of what they mean In social engineering parlance. What you're about to read Is " VERY VERY DETAILED", yet straight to the point, so strap yourself In and enjoy the ride.
Table Of Contents:
To help minimize your search, refer to the contents below. Each one Is listed In chronological order so If you're on the Windows platform, hit "Ctrl+F" on your keyboard, and enter the term/topic you're after. Evidently, It will jump straight to the search In question. Those highlighted In blue are the operative terms. - What Is 'SEing?'
- The Definition Of 'SEd'
- 'SEs' Defined
- The Meaning Of 'SE'er'
- What Does 'SE' Mean?
- Definition Of Se'able
- The 'DNA' Defined
- What Is DNA'd?
- The Definition Of 'Wrong Item Received'
- The 'Missing Item' Method
- The 'Boxing' Method
- The 'Double Dip' Method
- The 'Triple Drip' Method
- A 'Drop House'
- The Definition Of 'POP'
- What Does 'AR' Stand For?
- 'POD' Defined
- What Is An 'RMA?'
- The Meaning Of 'C&D'
- The Abbreviation Of 'SN'
- 'Tracking Number'
- 'Corrupted File'
- Definition Of 'Reship'
- 'Receipt Generator'
- 'Investigation'
- 'Police Report'
- The 'Blood Method'
- 'Cross Shipping'
- What Does 'VCC' Mean?
- The 'Faulty Item Disposed' Method
- The 'Gift Method'
- 'Similar Item' Method
- 'Human Hacking'
- 'Human Firewall'
- 'Image Metadata'
- The 'MM' Service
- 'FTID' Method
- The 'EB' Method
- The 'Sealed Box' Method
- 'The Faulty Item Method' Defined
- The Meaning Of 'TID'
- The Abbreviation Of 'LIT'
- The Definition Of DNA'ing
- The 'Indirect SEing Method'
- What Is A 'Service Tag?'
- The Meaning Of 'PEB'
- The Definition Of 'CSR'
- What Are 'Refunders?'
- A 'Statutory Declaration'
- An 'Affidavit'
- A 'PayPal Dispute'
- A 'PayPal Claim'
- Perform a 'Chargeback'
- 'Section 75' Claim
- What Is DNA'able?
- 'DNA It' Defined - New
- PayPal 'INR'
- What Is An 'AWB?'
- PayPal 'SNAD'
- The 'Partial Method'
- A 'Bank Reversal'
What Is 'SEing?'
This Is one of the most commonly used terms In the world of social engineering, which means exactly this- "Social Engineering". You will find that every Internet forum and chat gateway where social engineering Is discussed, will utilize "SEing" quite often. It's sometimes used with an apostrophe as "SE'ing".
Examples
* How long have you been SEing for?
* He was only a beginner at SEing.
* I love SEing, It's a lot of fun.
The Definition Of 'SEd'
As with the above, this Is also used with an apostrophe as "SE'd", but obviously they both denote the same thing which Is "Social Engineered". Those who've been In the SEing scene for a long time, will always use "SEd". I for one, cannot remember the last time I used social engineered anywhere online.
Examples
* I SEd Amazon over 20 times on the same account.
* Someone called and I think he SEd my password.
* There's no way he SEd that Item using the Partial method.
'SEs' Defined
To the contrary of both the above, "SEs" Is not too often used In social engineering communities, but nonetheless, It's certainly worthy of familiarizing yourself with Its meaning which Is "Social Engineerings". This Is always used as the abbreviation- due to Its long form not making much sense at all.
Examples
* Too many SEs will lock your account.
* What methods did you use for those SEs?
* All of my SEs were successful last week.
The Meaning Of 'SE'er'
Used to describe the person who social engineers, hence "SE'er" short for "Social Engineerer". It's abbreviated and used as such, mainly because social engineerer Is not In the English vocabulary and (as with "SEs" above) when used as a whole word, It doesn't make any sense. This Is predominantly used with an apostrophe and seldom without.
Examples
* John Is the best SE'er I've come across.
* That SE'er Is really good at refunding.
* The SE'er tried grabbing my data but failed.
What Does 'SE' Mean?
Without question, this Is the most frequently used term In the art of human hacking. Even If you've just started reading guides etc, you would've definitely experienced the abbreviation of "SE" which Is "Social Engineering" and depending on the context of the sentence, "Social Engineer". This can be used In many ways, but obviously I cannot demonstrate the lot.
Examples
* Preparing the SE effectively Is crucial.
* Did you SE the AirPods as yet?
* I'm planning to SE Susan tomorrow.
Definition Of Se'able
This Is one term that you won't come across often no matter where you're conversation Is taking place, but nevertheless, It's still Important to understand Its abbreviation. "Se'able" Is short for "Social Engineerable", which as you can see, the latter Is not a part of the English vocabulary, so It's always used as "se'able". It just means that an given entity scan be social engineered.
Examples
* Hey, do you know If Argos Is still se'able?
* SSDs are se'able using the partial method.
* Peter was se'able so I grabbed his password.
The 'DNA' Defined
This Is equally used In Its abbreviated and long form. Put simply, "DNA" stands for "Did Not Arrive" which (as Its name Implies), the social engineer claims that the Item/package he ordered from an online retailer, did not arrive at his premises. I personally like using "DNA"- It's quicker and easy to relate to, but that's just me.
Examples
* I'm going to DNA the keyboard tomorrow.
* The DNA method can be used for any Item.
* Because of the DNA, they opened an Investigation.
What Is DNA'd?
As with the above, namely DNA, this has the very same meaning, but used In past tense rather than In Its present form. If you haven't worked It out already, "DNA'd" Is "Did Not Arrived". Clearly, you can see why It's abbreviated- "Did Not Arrived" Is not grammatically correct, thus It will never be used as such In the social engineering community.
Examples
* I DNA'd the package and receiving a refund.
* How many Items have you DNA'd on your account?
* The refunder DNA'd the IPhone for me.
The Definition Of 'Wrong Item Received'
A very effective method used by social engineers when SEing a company to obtain a refund or replacement, Is the "Wrong Item Received" method. In short, the SE'er will claim that the company sent an Incorrect Item and when asked to return It, they'll process a refund/replacement. There Is no abbreviation for this- It's always used as written: "wrong Item received".
Examples
* What Item should I use as the wrong Item received?
* The weight must match with the wrong Item received method.
* Use a stock Item as the wrong Item received.
The 'Missing Item' Method
As with the above method, this Is always used In Its long form being: "missing Item" method and never abbreviated. As Its name suggests, social engineers use It when claiming that the Item they've ordered from an online company, was missing when the package was delivered and opened. This method Is very common In the SEing scene.
Examples
* That's too heavy for the missing Item method.
* I might use the missing Item method for a CPU.
* Should I use the missing Item method or DNA?
The 'Boxing' Method
No matter where you navigate In the social engineering sector, you will come across the "boxing" method, which Is mainly written as "Box" It Involves sending a box back to the company without the Item, and tearing the package as though the Item was stolen before It reached them. The SE'er then gets a refund or replacement.
Examples
* Just box them using dry Ice.
* The Item Is light so use the boxing method.
* How many times can I box that company?
The 'Double Dip' Method
This Is not used too often at all, namely due to the complexity of what the SE Involves by using the "double dip" method. Without going Into too much detail, It's simply social engineering the same company twice In row- with the Intention of getting two Items free of charge. The term Is used as "double dipping" and sometimes "double dip".
Examples
* I've double dipped Amazon heaps of times.
* It's too dangerous to double dip that Item.
* I'm not sure If I should double dip or just refund.
The 'Triple Drip' Method
This works In a similar fashion as the double dip method, except Instead of social engineering the same company twice, It's done three times thereby receiving 3 Items absolutely free. Whenever you read about this method, It will be written as "triple dipping" or "triple dip". Sometimes It's also used as "triple dipped".
Examples
* You're mad to triple dip Logitech.
* I think the rep knew he was triple dipped.
* Only experienced SE'ers should be triple dipping.
A 'Drop House'
The "Drop House", Is a house that does not belong to the social engineer and Is used as a delivery point to receive packages. There are many reasons to use this, with the most common being to protect the SE'rs Identity, and/or to avoid being billed by the company who's sending the goods. This Is also used as "Drop Address" or simply "Drop".
Examples
* What's the best way to locate a drop house?
* They will bill you so make sure to use a drop.
* The drop address has a for sale sign on It.
The Definition Of 'POP'
When a social engineer SEs an Item and requests for a refund or replacement, before the company Issues It, they may ask for a "POP" which Is short for "Proof Of Purchase", just to verify that the Item was purchased from their store. I'd say both Its abbreviation and long form are equally used, but I personally prefer "POP".
Examples
* Can anyone Photoshop a fake POP?
* Do they check the order number on the POP?
* Don't worry about the POP, say you got It as a gift.
What Does 'AR' Stand For?
If you've never come across "AR", you'd be at a complete loss as to what It's referring to. It's an abbreviation of "Advanced Replacement". Not too many companies offer this as part of their claims process, but for those that do, It means that they will send the Item BEFORE the defective product Is returned to them, hence "Advanced Replacement".
Examples
* They've confirmed that an AR will be sent.
* Do you know If HP bills with Advanced Replacements?
* To be safe, use a drop house with the AR.
'POD' Defined
"POD" which Is short for "Proof Of Destruction", Is not too commonly used. When SEing a company, prior to them sending a replacement for a defective Item, the representative will ask the SE'er to destroy the defective Item/device by (for example) breaking the buttons and cutting the cord on the computer mouse, or drilling holes In the Hard Disk Drive, thus "Proof Of Destruction".
Examples
* It's common for Logitech to ask for a POD.
* I found an Image on Google for the proof of destruction.
* To avoid the POD, just say you threw out the Item.
What Is An 'RMA?'
Short for "Return Merchandise Authorization", an "RMA" Is Issued by a company to approve a refund or replacement of an Item. It's very rare that social engineers will refer to this by It's extended name, but rather abbreviate Its usage as "RMA". Nonetheless, be sure to familiarize yourself with each term.
Examples
* I got the email with the RMA number.
* Can you explain a Return Merchandise Authorization to me?
* I will SE the representative to avoid an RMA.
The Meaning Of 'C&D'
Now this Is one term that you'll rarely come across, when communicating on forums or Discord. "C&D" stands for "Cease And Desist", which Is a letter Issued by a company to the SE'er asking him to stop his SEing activity. The company Is obviously aware of the SE'ers actions and If he doesn't stop, they'll start legal proceedings.
Examples
* Why did I get the Cease and Desist letter?
* Don't worry about the C&D, they won't do anything.
* SEing a 40$ Item won't be worth them sending a C&D.
The Abbreviation Of 'SN'
This Is very much common knowledge for advanced SE'ers, but when It's used and written as "SN", It makes very little to no sense to novice social engineers. Going by personal experience, I'd say that It's equally used as "SN" and "Serial Number". It's also used simply as "Serial", but not as often as the others.
Examples
* I'm after a serial number to SE SteelSeries.
* I'll give you a serial If you give me some rep.
* Get the SN from someone on eBay.
'Tracking Number'
When a product has been purchased and shipped to the delivery address, a "Tracking Number" Is assigned to the package. It's usually sent In a confirmation email after the Item has been ordered. It allows the customer to track and see the location of their package at any point In time, by entering It Into the website's tracking option of It's respective carrier. This Is never abbreviated.
Examples
* Just show the tracking number to PayPal.
* Scanning the barcode displays the tracking number.
* The tracking number has the sender & receiver details.
'Corrupted File'
The "Corrupted File" Is a method used by SE'ers, when companies ask them to provide a picture or video that must Include the Item and other Identifiable details. Once they receive It, a refund Is Issued. However SE'ers don't have the Item to begin with, so they send a "Corrupted File", and assure the company that It's working fine on their end. The SE'er will keep repeating the process until the company finally gives up and provides a refund.
Examples
* Use this website for the corrupted file method.
* Be sure to send the corrupted file In different formats.
* The rep checked the corrupted file and couldn't open It.
Definition Of 'Reship'
Some SE'ers use what's called a "Reship" (or "Reshipping") company rather than their own address. Once the package has been sent by the online store, It's delivered to the reship company's warehouse and they'll forward It to the SE'ers house. This Is a good way to keep your real address hidden from the online store.
Examples
* That reshipping company Is fine for the UK.
* Hey, It's good to use a drop address & a reship.
* Can Logitech see that I'm using a reship?
'Receipt Generator'
Many social engineers go to great lengths to succeed with whom they're SEing and If It means falsifying paperwork to achieve their objective, they will do just that to the company who's requesting It. Such paperwork, Is to create a fake receipt using a "Receipt Generator". This term Is always used as written.
Examples
* The Amazon receipt generator Is awesome.
* Anyone have a Best Buy receipt generator?
* That online receipt generator doesn't work anymore.
'Investigation'
Every online supplier, differs to some degree In the way they address and process refund and replacement claims, but a very common approach with the majority of retailers, Is to open what's called an "Investigation". This Is used to check whether there's any Inconsistencies with what the social engineer has provided to the company.
Examples
* An Investigation Is simply part of company protocol.
* The DNA has led to an Investigation being opened.
* After the Investigation, I received the refund.
'Police Report'
Further to the above pertaining to a company opening an Investigation, the company could also ask the SE'er to obtain a "Police Report" to help with their Inquiry. Amongst other reasons, the police report Is often requested when the SE'er uses the DNA (Did Not Arrive) or the missing Item method.
Examples
* You can get a police report online.
* A police report Is not legally binding.
* What If SteelSeries asks for a police report?
The 'Blood Method'
Social engineers use a very clever method to avoid sending an Item back to the company, namely the "blood method". Health & safety Is taken very seriously by companies on every scale, hence the majority refuse to accept goods that contains blood. When formulated correctly, this Is very effective Indeed.
Examples.
* I'll use the blood method when I call Argos tomorrow.
* Read their terms to see If the blood method will work.
* The blood method Is great when SEing perfume with broken glass.
'Cross Shipping'
There are many options used by companies when dispatching customer orders and receiving warranty claims, and one of these options Is called "Cross Shipping". There are a few steps Involved but for the simplicity of this article, It's when a company ships a package containing the replacement Item at the same time the customer (SE'er) sends their package containing the defective Item.
Examples
* I'm going to box Amazon with the cross shipping.
* I don't think they do cross shipping anymore.
* Can any Item be used with cross shipping?
What Does 'VCC' Mean?
A "VCC" Is an abbreviation of "Virtual Credit Card". Unlike your physical (plastic) credit card, It's simply a number that's associated with your real card. Think of It as a disposable card- If anything happens to It, just get a new one. Generally, It can only be used once and cannot be traced to the real card. SE'ers use this to anonymize their real credit card when SEing a company.
Examples
* Use a VCC with the advanced replacement.
* Do you know of a trusted VCC provider?
* Get another VCC number when SEing HP.
The 'Faulty Item Disposed' Method
When SEing an Item that has (seemingly) lost functionality, the representative will go through a few troubleshooting steps and then ask the SE'er to return the Item for a refund or replacement. Rather than returning It, the social engineer will use the "Faulty Item Disposed" method, by saying that he threw It out due to health & safety concerns.
Examples
* The faulty Item disposed method suits electrical goods.
* I got a refund using the faulty Item disposed method.
* The rep knew I was using the faulty Item disposed method.
The 'Gift Method'
When SEing a company for a particular Item that you don't have to begin with, before they can approve the claim, they'll sometimes ask for the POP (Proof Of Purchase). Obviously you don't have It, so to circumvent the rep's request, you'd use the "Gift Method" by saying you've received the Item as a gift from a friend.
Examples
* You don't need a POP, use the gift method.
* Any tips on what I should say with the gift method?
* Stick with the gift method for the AirPods.
'Similar Item' Method
Manufacturers/suppliers can make errors when picking and packing products prior to dispatch- particularly when two or more Items are very similar In appearance. Social engineers are well aware of this, and use the "Similar Item Method", by sending back an old Item that looks very similar to the original. As such, the rep will assume It's the ordered Item and process a refund.
Examples
* I'm sending my old CPU using the similar Item method.
* They won't check with the similar Item method.
* How many times can I use the similar Item method?
'Human Hacking'
I'm sure you know by now that social engineering Is a form of hacking, but as opposed to traditional hackers using technical means to compromise a particular website or computer, SEing Is achieved by manipulating the person In question. As a result, It's the human that's exploited, and not the device. So the terms "Human Hacking" and "Social Engineering" are Interchangeable.
Examples
* That book on human hacking Is brilliant!
* I've bee human hacking for over 10 years.
* Everyone Is vulnerable to human hacking.
'Human Firewall'
Not only do devices such as computers and networks have firewalls to keep the bad guys out, you may not realize It, but you too have what's called the "Human Firewall" on a personal level. For Instance, If someone tries to SE you over the phone, with the Intention to have you read out your password, your "Human Firewall" kicks In and you make the decision to keep It to yourself.
Examples
* I can exploit anyone's human firewall.
* Train your staff's human firewall regularly.
* His human firewall didn't stop my SE.
'Image Metadata'
When a company asks for a POP (Proof Of Purchase) from the social engineer and he doesn't have It, he'll Photoshop It and send It In the form of an Image file. However, the rep can see It's been edited, by viewing the "Image Metadata". The SE'er Is always one step ahead- he'll simply change the "Image Metadata" accordingly.
Examples
* Be sure to edit the Image metadata beforehand.
* I found a great site to change Image metadata.
* What should I enter In the Image metadata?
The 'MM' Service
The "MM" service Is an abbreviation of "Middle Man" service, and Is often used In forums/boards for purchases made within the confines of the same community. The "MM" Is a trusted user who acts for the buyer and the seller, by holding the funds and ensuring the buyer gets the product, and the seller gets his money.
Examples
* Ask the administrator to be a MM.
* Do you know If Jodi98 Is a trusted MM?
* Play It safe and get an MM for the exchange.
'FTID' Method
At the time of this article, this Is a relatively new method that contains a lot of flaws and Inconsistencies. "FTID" Is short for "Fake Tracking ID", but Is almost always used as "FTID". In very brief terms, you send an envelope with the tracking number, and make It look like It's an ad. The company will receive It and throw It out (because It's an ad) and Issue a refund.
Examples
* Won't they check the weight with the FTID?
* Can someone tell me how the FTID works?
* What details do I remove with the FTID method?
The 'EB' Method
Although this Is not so much of commonality In social engineering parlance, It's still worth taking note of Its meaning and usage. "EB" Is an abbreviation of "Empty Box", which Is no different to the "missing Item method" already mentioned mid-way through this guide.
Examples
* 50 grams Is fine for the EB method.
* Is an Investigation opened when using the EB method?
* I used the EB method successfully for the SSD.
The 'Sealed Box' Method
This Is always used as written, namely "Sealed Box Method" without any abbreviation. The method Itself, Is not used as often as (for example) the DNA, but very effective when formulated correctly. The objective Is to replace the SEd Item (with an old Item you have lying around the house), In the box without showing any signs of tampering whatsoever. As a result, the company will think that you've sent the original one back, and Issue a refund.
Examples
* Any Item can be used with the sealed box method.
* Make sure the weight matches with the sealed box method.
* Use the sealed box method with Amazon, they don't check.
A 'Statutory Declaration'
A "Statutory Declaration", Is a written statement that declares that everything stated Is true and correct. It Is signed In the presence of an authorized witness such as a police officer or medical practitioner (doctor). A company may request the SE'er to sign one as part of their Investigation process. This Is also abbreviated as "Stat Dec".
Examples
* Sign the statutory declaration, It's not legally binding.
* I'm confused about what to do with the stat dec.
* Don't fake a statutory declaration!
An 'Affidavit'
Unlike a Statutory Declaration that must be signed In front of a Justice of the Peace to make It legally binding, an affidavit Is quite the opposite. Put simply, once an affidavit Is signed, It becomes a legally binding document and can be used as evidence In court. In terms of SEing, It's used for the purpose of confirming that the Information you've provided about the actions of your SE, Is In fact true and correct.
Examples
* I recommend to not sign the affidavit.
* I think this Is an affidavit, can anyone confirm?
* What's the difference between an affidavit and a stat dec?
A 'PayPal Dispute'
Not everything goes according to plan with every SE and when a company refuses to refund an Item, the SE'er will open a "PayPal Dispute", whereby the buyer & seller will try and come to an agreement. If they can't (which will obviously be the case with the social engineer), then It will be escalated to a claim.
Examples
* Contact PayPal's Resolution Center for the dispute.
* The dispute Is the first thing to do with PayPal.
* Hey, don't agree with seller In the dispute.
A 'PayPal Claim'
After the social engineer has opened a PayPal Dispute and failed to reach an agreement with the seller, It then gets escalated to a "PayPal Claim". This Is when PayPal steps In by reviewing the case, and ultimately decide the outcome In an Impartial and unbiased manner. PayPal Claims have a 20 day time frame from when the Dispute was deemed Inconclusive.
Examples
* Why Is PayPal taking so long with the Claim?
* Login to your PayPal account and click escalate to a Claim.
* PayPal approved the Claim and I'm getting a refund.
Perform A 'Chargeback'
If the PayPal Claim Is declined by PayPal, the SE'er can still get a refund from his credit card provider by performing what's called a "Chargeback". If successful, the credit card provider will get the funds from PayPal's merchant, who will then get the funds from PayPal Itself, and PayPal will grab the cash from the seller.
Examples
* A Chargeback should only be used as a backup plan.
* PayPal must agree to pay when a Chargeback succeeds.
* Don't do too many Chargebacks on the same account.
'Section 75' Claim
As with PayPal claims/disputes and credit card chargebacks, a "Section 75" claim works In a similar fashion, but the difference Is that you file a claim against your credit card provider for a refund. However, the Item or service that you're claiming to refund, must be valued over £100 and not over £30,000. A Section 75 only covers Individuals and not businesses.
Examples
* What are my chances with a Section 75?
* Your credit card provider must reply to your Section 75.
* If the Section 75 fails, contact the ombudsman.
The 'Partial Method'
The "Partial Method", Is based on the same principle as both the 'missing Item method' and the 'empty box method'. However, rather than SEing an Item on Its own, the SE'er will order a bunch of Items shipped together, and then claim that one was missing. It must be extremely light that will not register a weight on consignment, hence the company cannot cross-check the details with the carrier. This method Is also only written as "Partial".
Examples
* What's the maximum weight with the partial method?
* I'm doing a partial, so I'll let you know how It goes.
* That's too heavy to do a partial, use another Item.
A 'Bank Reversal'
When doing a "Bank Reversal", It's no different to a Chargeback via the credit card provider. The process Is the same, with the only difference being that It's done with your bank Instead of the credit card sector. If the bank deems the claim In favor of the SE'er, then PayPal has no say In the matter, and must Issue a refund.
Examples
* I think the bank reversal Is going well.
* Don't be greedy with too many bank reversals.
* It's not worth doing a bank reversal for that cheap Item.
What Is An 'AWB?'
An "AWB" which Is an abbreviation of "Air Waybill", Is rarely spoken of In the SEing community, but nonetheless, It must be familiarized by all SE'ers. It's simply a receipt Issued by an International carrier that's used for air freight, to confirm the shipment of goods from the sender to the recipient. It's similar to how a tracking number operates, but Instead, the AWB Is used for International shipments.
Examples
* Does the AWB barcode get scanned?
* Just put fake details on the AWB.
* An AWB Is a proof of receipt for the goods.
PayPal 'SNAD'
When SEing a company to refund an Item, some SE'ers prefer to file a dispute through PayPal by using the "SNAD" (Significantly Not As Described) option. As Its name Implies, It's used to say that the description of the Item that was ordered, was different to the one that was received. This Is similar to the traditional wrong Item received method.
Examples
* Use SNAD for almost any Item you plan to SE.
* SE the company first and If It fails, then use SNAD.
* I opted for PayPal's SNAD and my SE succeeded.
PayPal 'INR'
As with the above example regarding a PayPal dispute, the only other reason you can submit a claim, Is for an "INR" (Item Not Received). It's pretty self-explanatory, meaning the package that the carrier was supposed to deliver, was not received. This Is the same as the good old "DNA" method that SE'ers commonly use when social engineering online stores.
Examples
* What are the chances of the INR with Argos?
* You can SE any Item using the INR.
* The INR & SNAD are the only options for a dispute.
What Are 'Refunders?'
You may not come across this term too often In any given social engineering community, but nevertheless, you never know when you may require this type of service- particularly when you cannot do the job yourself. "Refunders", also referred to as a "Refunder" Is when SE'ers take advantage of an entity, such as a PayPal dispute/claim or a credit card chargeback, and specialize In reimbursing funds Into the accounts of those who utilize their services.
Examples
* HF doesn't have any good refunders, so look elsewhere.
* PM me, I can recommend you a good refunder.
* I know many refunders that use the SNAD method.
The Definition Of 'CSR'
I can confidently say, that this Is one of the least used terms In the world of social engineering. In fact, I've only stumbled upon It a handful of times In Its abbreviated form, namely "CSR" which stands for "Customer Service Representative". Its meaning pretty much speaks for Itself- a rep who works for a particular company and handles the needs of Its customers, such as dealing with returns & replacements, processing orders & claims and so forth. It's almost always used as "CSR".
Examples
* The CSR said he'll get back to me In 3-5 days.
* I SEd the CSR easily and he gave me a refund.
* What's the name of the CSR you spoke with?
The Meaning Of 'PEB'
If you're familiar with the partial method or you've just read Its definition a few paragraphs above, then you can certainly relate to the "PEB" which Is short for "Partial Empty Box". As a matter of fact, It's no different to the partial method, only worded In another context. At the time of writing, "PEB" Is not used often at all, but It's becoming somewhat popular with those who are new to the social engineering scene. I assume that SE'ers have put together "EB" (Empty box) and "Partial" to form "PEB".
Examples
* I've decided to PEB the SSD with Amazon.
* How many Items are you planning to PEB?
* Using the PEB with those sunglasses will work.
What Is A 'Service Tag?'
Also referred to as a "serial number", a 'service tag' predominantly relates to laptops that uniquely Identifies the product for (example) drivers, online support and warranty purposes. Social engineers use It for the latter (warranty) when SEing Dell, HP etc for refunds or replacements by creating a fake "POP" (Proof Of Purchase), and also a drop house/ address. For this to work, the service tag must obviously still be under warranty.
Examples
* I got the service tag from an SE'er really cheap.
* I SEd someone on eBay and he gave me the service tag.
* I think the Dell service tag Is underneath the laptop.
The 'Indirect SEing Method'
If you've just come across this method for the very first time on this blog, then I can confidently say that you've never read about It on any online source- well, not by Its title. That's because I'm the creator of the 'Indirect SEing method' and anyone who claims otherwise, has copied my work. As opposed to every other method that SEs the Item directly, this Is used to SE an Item that's extremely easy (and guaranteed to work), get a refund on that, and then purchase the Item you Initially wanted. In short, you SE one Item, get a refund, and purchase the other one- hence "Indirectly" SEd.
Examples
* If the laptop Is too hard to SE, use the Indirect SEing method.
* I've used the Indirect SEing method to refund the AirPods and buy the SSD.
* The Indirect SEing method Is fine with any Item you like.
The Definition Of DNA'ing
This Is used on the same principle when referencing the "DNA method", but In a different context. It refers to what the SE'er Is currently doing with the method, or planning to do with the SE at a later time. Seldom Is "DNA'ing" discussed between members but nonetheless, It's worthy of taking note of Its usage. You will never come across It without Its abbreviation, and that's because there Isn't one and even If you tried to expand It, It will not make any sense whatsoever.
Examples
* The driver left the package at my door, so I'll be DNA'ing It.
* How did you go with DNA'ing the laptop from Amazon?
* Why are you DNA'ing the SSD when you can use the missing Item method?
The Abbreviation Of 'LIT'
This Is one term that you'll seldom experience In message boards and online chat, but Irrespective of Its rareness, It's Imperative to have knowledge of everything relative to SEing. "LIT" Is an abbreviation for "Lost In Transit" and although It can be Interpreted In different ways, It basically means that when the SE'er (seemingly) returns his Item for a refund/replacement, he'll first create a label with disappearing Ink that will lose Its color sometime later, leaving a blank label behind. As such, the package will be marked as delivered, but lost In transit.
Examples
* Can you use the LIT method with any package?
* The company will see that It's LIT and approve your claim.
* LIT Is like the DNA but In reverse order.
'The Faulty Item Method' Defined
As Its name Implies, the "faulty Item method" Is used when the social engineer purchases an Item that has some type of functionality, such as an electric toothbrush or hair straightener, and then calls the company and says that It's not working. The rep/agent will then go through a few routine troubleshooting steps and when he's satisfied that the Item Is defective, he'll Issue a refund or replacement, but only when the nonfunctional Item Is returned. The SE'er will easily circumvent the return by using (for example) the box method.
Examples
* That Item Is not suited to the faulty Item method.
* Just use the faulty Item method by saying the battery Is leaking.
* I easily SEd the rep with the faulty Item method for a refund.
The Meaning Of 'TID'
When you send your Item back to the company for a refund or replacement, or you've purchased something and It's being delivered by their carrier, a "Tracking ID" which Is abbreviated as "TID" Is used to keep track of the consignment whilst In transit. It's also used to confirm that the package reached Its destination. It comes In handy when using a drop house/address, whereby It allows SE'ers to see precisely when their package will arrive, hence they can collect It the moment the driver attends the premises.
Examples
* When packages get scanned, the TID comes up on their system.
* The garbage FTID method got the Idea by using the TID.
* Just show PayPal the TID and you should get your refund.
What Is DNA'able?
As you've most likely guessed by Its title, this Is obviously related to the DNA (Did Not Arrive) method, and Is used to say whether an Item, company or carrier Is In fact compatible with the DNA method Itself. Its abbreviation of "DNA'able" Is hardly used In major social engineering boards, however as with every SEing term, It's vital to be familiar with Its meaning and usage. As such, you won't be left clueless when you do happen to come across It during your travels when reading threads/posts.
Examples
* That laptop Is easily DNA'able.
* I don't think DPD Is DNA'able, they take photos of your house.
* If Amazon don't ask for an OTP, they're DNA'able.
'DNA It' Defined
There are so many abbreviations relative to the DNA (Did Not Arrive) method, that It can be somewhat difficult to keep track of the lot, particularly If you've only recently started your career In the art of company manipulation and exploitation. It's Important to have sound knowledge of each and every one, Inclusive of "DNA It" which simply means to go ahead and claim that you didn't receive your package from the carrier driver.
Examples
* Be sure to DNA It Instead of using the partial method.
* The driver left the package at my doorstep so I'll DNA It.
* If I DNA It, will Argos open an Investigation?
In Conclusion:
Well, I have no doubt that you didn't expect this article to be so detailed, correct? I've spent countless hours documenting every abbreviation, term and the like relative to social engineering, thus you now have a complete SEing encyclopedia at your disposal. Sure, I've most likely missed a few bits and pieces here and there, but after all, I'm only human! I shall periodically update this post as new or forgotten terms come to mind, so be sure to visit this on a regular basis for the latest additions.
:DISCLAIMER:
I DO NOT OWN THE RIGHTS TO THIS. THIS IS TAKEN FROM www.socialengineers.net/ GO CHECK HIS STUFF OUT TO BECOME A L33T SOCIAL ENGINEER!
PLEASE LEAVE A LIKE! I LIKE TO LOOK HQ! NO LIKE = LEACH = BAN!
ty
This post is by a banned member (djdjdjdjdah) - Unhide
05 September, 2024 - 02:24 AM
Reply
(06 March, 2021 - 11:37 PM)TeamSesh Wrote: Show More
Show ContentSpoiler:
If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for.
The Definition Of Every Social Engineering Term.
When you look up the definition of "social engineering" In Its proper context, for the most part, It's defined as grabbing sensitive Information from unsuspecting people, or Infecting their computer with malware and the like to achieve the very same result. And one major security firm named Kaspersky, has this documented on their very own official website. Have a read and see for yourself. Whilst no doubt this Is true and correct, by no means does It come close to what SEing Involves, and the types of methods used to formulate and execute the attack. It's quite poor that a security organization on the scale of Kaspersky, has minimal knowledge on the art of exploiting the human firewall- which can be of little benefit to those "who're new to social engineering", and want to learn every facet, term and abbreviation of what It entails.
As such, If they've joined an SEing community on an Internet forum or registered on a chat server such as Discord, thereby partake In discussions with users who've been In the scene for many years, "the beginner SE'er will be at a complete loss as to the terms used, and what they actually mean". Even a Google search, will predominantly fail to return results. If you're new and as you're reading this article, you'd also be confused- as I've already used a number of words In their shortened form.
It's very much a commonality for social engineers to "abbreviate their wording" and only those who are SE'ers themselves, will know exactly what they denote. Although It doesn't take too long to pickup terms here and there, It can become somewhat frustrating- particularly when there's no online resource to refer to, nor any member around who's willing to give you a hand. Reset assured, I've got you covered! In this article, I will cover every possible social engineering term that I can think of, and will also provide a short sentence (for each one) on how It's commonly used. This way, you'll know precisely what Its abbreviation (and long form) means, and how It's used In a sentence/post.
I will not only define abbreviations, but also "terms and methods In full", that are very often used when selecting and preparing methods. This too, will give you a clear understanding of what they mean In social engineering parlance. What you're about to read Is " VERY VERY DETAILED", yet straight to the point, so strap yourself In and enjoy the ride.
Table Of Contents:
To help minimize your search, refer to the contents below. Each one Is listed In chronological order so If you're on the Windows platform, hit "Ctrl+F" on your keyboard, and enter the term/topic you're after. Evidently, It will jump straight to the search In question. Those highlighted In blue are the operative terms. - What Is 'SEing?'
- The Definition Of 'SEd'
- 'SEs' Defined
- The Meaning Of 'SE'er'
- What Does 'SE' Mean?
- Definition Of Se'able
- The 'DNA' Defined
- What Is DNA'd?
- The Definition Of 'Wrong Item Received'
- The 'Missing Item' Method
- The 'Boxing' Method
- The 'Double Dip' Method
- The 'Triple Drip' Method
- A 'Drop House'
- The Definition Of 'POP'
- What Does 'AR' Stand For?
- 'POD' Defined
- What Is An 'RMA?'
- The Meaning Of 'C&D'
- The Abbreviation Of 'SN'
- 'Tracking Number'
- 'Corrupted File'
- Definition Of 'Reship'
- 'Receipt Generator'
- 'Investigation'
- 'Police Report'
- The 'Blood Method'
- 'Cross Shipping'
- What Does 'VCC' Mean?
- The 'Faulty Item Disposed' Method
- The 'Gift Method'
- 'Similar Item' Method
- 'Human Hacking'
- 'Human Firewall'
- 'Image Metadata'
- The 'MM' Service
- 'FTID' Method
- The 'EB' Method
- The 'Sealed Box' Method
- 'The Faulty Item Method' Defined
- The Meaning Of 'TID'
- The Abbreviation Of 'LIT'
- The Definition Of DNA'ing
- The 'Indirect SEing Method'
- What Is A 'Service Tag?'
- The Meaning Of 'PEB'
- The Definition Of 'CSR'
- What Are 'Refunders?'
- A 'Statutory Declaration'
- An 'Affidavit'
- A 'PayPal Dispute'
- A 'PayPal Claim'
- Perform a 'Chargeback'
- 'Section 75' Claim
- What Is DNA'able?
- 'DNA It' Defined - New
- PayPal 'INR'
- What Is An 'AWB?'
- PayPal 'SNAD'
- The 'Partial Method'
- A 'Bank Reversal'
What Is 'SEing?'
This Is one of the most commonly used terms In the world of social engineering, which means exactly this- "Social Engineering". You will find that every Internet forum and chat gateway where social engineering Is discussed, will utilize "SEing" quite often. It's sometimes used with an apostrophe as "SE'ing".
Examples
* How long have you been SEing for?
* He was only a beginner at SEing.
* I love SEing, It's a lot of fun.
The Definition Of 'SEd'
As with the above, this Is also used with an apostrophe as "SE'd", but obviously they both denote the same thing which Is "Social Engineered". Those who've been In the SEing scene for a long time, will always use "SEd". I for one, cannot remember the last time I used social engineered anywhere online.
Examples
* I SEd Amazon over 20 times on the same account.
* Someone called and I think he SEd my password.
* There's no way he SEd that Item using the Partial method.
'SEs' Defined
To the contrary of both the above, "SEs" Is not too often used In social engineering communities, but nonetheless, It's certainly worthy of familiarizing yourself with Its meaning which Is "Social Engineerings". This Is always used as the abbreviation- due to Its long form not making much sense at all.
Examples
* Too many SEs will lock your account.
* What methods did you use for those SEs?
* All of my SEs were successful last week.
The Meaning Of 'SE'er'
Used to describe the person who social engineers, hence "SE'er" short for "Social Engineerer". It's abbreviated and used as such, mainly because social engineerer Is not In the English vocabulary and (as with "SEs" above) when used as a whole word, It doesn't make any sense. This Is predominantly used with an apostrophe and seldom without.
Examples
* John Is the best SE'er I've come across.
* That SE'er Is really good at refunding.
* The SE'er tried grabbing my data but failed.
What Does 'SE' Mean?
Without question, this Is the most frequently used term In the art of human hacking. Even If you've just started reading guides etc, you would've definitely experienced the abbreviation of "SE" which Is "Social Engineering" and depending on the context of the sentence, "Social Engineer". This can be used In many ways, but obviously I cannot demonstrate the lot.
Examples
* Preparing the SE effectively Is crucial.
* Did you SE the AirPods as yet?
* I'm planning to SE Susan tomorrow.
Definition Of Se'able
This Is one term that you won't come across often no matter where you're conversation Is taking place, but nevertheless, It's still Important to understand Its abbreviation. "Se'able" Is short for "Social Engineerable", which as you can see, the latter Is not a part of the English vocabulary, so It's always used as "se'able". It just means that an given entity scan be social engineered.
Examples
* Hey, do you know If Argos Is still se'able?
* SSDs are se'able using the partial method.
* Peter was se'able so I grabbed his password.
The 'DNA' Defined
This Is equally used In Its abbreviated and long form. Put simply, "DNA" stands for "Did Not Arrive" which (as Its name Implies), the social engineer claims that the Item/package he ordered from an online retailer, did not arrive at his premises. I personally like using "DNA"- It's quicker and easy to relate to, but that's just me.
Examples
* I'm going to DNA the keyboard tomorrow.
* The DNA method can be used for any Item.
* Because of the DNA, they opened an Investigation.
What Is DNA'd?
As with the above, namely DNA, this has the very same meaning, but used In past tense rather than In Its present form. If you haven't worked It out already, "DNA'd" Is "Did Not Arrived". Clearly, you can see why It's abbreviated- "Did Not Arrived" Is not grammatically correct, thus It will never be used as such In the social engineering community.
Examples
* I DNA'd the package and receiving a refund.
* How many Items have you DNA'd on your account?
* The refunder DNA'd the IPhone for me.
The Definition Of 'Wrong Item Received'
A very effective method used by social engineers when SEing a company to obtain a refund or replacement, Is the "Wrong Item Received" method. In short, the SE'er will claim that the company sent an Incorrect Item and when asked to return It, they'll process a refund/replacement. There Is no abbreviation for this- It's always used as written: "wrong Item received".
Examples
* What Item should I use as the wrong Item received?
* The weight must match with the wrong Item received method.
* Use a stock Item as the wrong Item received.
The 'Missing Item' Method
As with the above method, this Is always used In Its long form being: "missing Item" method and never abbreviated. As Its name suggests, social engineers use It when claiming that the Item they've ordered from an online company, was missing when the package was delivered and opened. This method Is very common In the SEing scene.
Examples
* That's too heavy for the missing Item method.
* I might use the missing Item method for a CPU.
* Should I use the missing Item method or DNA?
The 'Boxing' Method
No matter where you navigate In the social engineering sector, you will come across the "boxing" method, which Is mainly written as "Box" It Involves sending a box back to the company without the Item, and tearing the package as though the Item was stolen before It reached them. The SE'er then gets a refund or replacement.
Examples
* Just box them using dry Ice.
* The Item Is light so use the boxing method.
* How many times can I box that company?
The 'Double Dip' Method
This Is not used too often at all, namely due to the complexity of what the SE Involves by using the "double dip" method. Without going Into too much detail, It's simply social engineering the same company twice In row- with the Intention of getting two Items free of charge. The term Is used as "double dipping" and sometimes "double dip".
Examples
* I've double dipped Amazon heaps of times.
* It's too dangerous to double dip that Item.
* I'm not sure If I should double dip or just refund.
The 'Triple Drip' Method
This works In a similar fashion as the double dip method, except Instead of social engineering the same company twice, It's done three times thereby receiving 3 Items absolutely free. Whenever you read about this method, It will be written as "triple dipping" or "triple dip". Sometimes It's also used as "triple dipped".
Examples
* You're mad to triple dip Logitech.
* I think the rep knew he was triple dipped.
* Only experienced SE'ers should be triple dipping.
A 'Drop House'
The "Drop House", Is a house that does not belong to the social engineer and Is used as a delivery point to receive packages. There are many reasons to use this, with the most common being to protect the SE'rs Identity, and/or to avoid being billed by the company who's sending the goods. This Is also used as "Drop Address" or simply "Drop".
Examples
* What's the best way to locate a drop house?
* They will bill you so make sure to use a drop.
* The drop address has a for sale sign on It.
The Definition Of 'POP'
When a social engineer SEs an Item and requests for a refund or replacement, before the company Issues It, they may ask for a "POP" which Is short for "Proof Of Purchase", just to verify that the Item was purchased from their store. I'd say both Its abbreviation and long form are equally used, but I personally prefer "POP".
Examples
* Can anyone Photoshop a fake POP?
* Do they check the order number on the POP?
* Don't worry about the POP, say you got It as a gift.
What Does 'AR' Stand For?
If you've never come across "AR", you'd be at a complete loss as to what It's referring to. It's an abbreviation of "Advanced Replacement". Not too many companies offer this as part of their claims process, but for those that do, It means that they will send the Item BEFORE the defective product Is returned to them, hence "Advanced Replacement".
Examples
* They've confirmed that an AR will be sent.
* Do you know If HP bills with Advanced Replacements?
* To be safe, use a drop house with the AR.
'POD' Defined
"POD" which Is short for "Proof Of Destruction", Is not too commonly used. When SEing a company, prior to them sending a replacement for a defective Item, the representative will ask the SE'er to destroy the defective Item/device by (for example) breaking the buttons and cutting the cord on the computer mouse, or drilling holes In the Hard Disk Drive, thus "Proof Of Destruction".
Examples
* It's common for Logitech to ask for a POD.
* I found an Image on Google for the proof of destruction.
* To avoid the POD, just say you threw out the Item.
What Is An 'RMA?'
Short for "Return Merchandise Authorization", an "RMA" Is Issued by a company to approve a refund or replacement of an Item. It's very rare that social engineers will refer to this by It's extended name, but rather abbreviate Its usage as "RMA". Nonetheless, be sure to familiarize yourself with each term.
Examples
* I got the email with the RMA number.
* Can you explain a Return Merchandise Authorization to me?
* I will SE the representative to avoid an RMA.
The Meaning Of 'C&D'
Now this Is one term that you'll rarely come across, when communicating on forums or Discord. "C&D" stands for "Cease And Desist", which Is a letter Issued by a company to the SE'er asking him to stop his SEing activity. The company Is obviously aware of the SE'ers actions and If he doesn't stop, they'll start legal proceedings.
Examples
* Why did I get the Cease and Desist letter?
* Don't worry about the C&D, they won't do anything.
* SEing a 40$ Item won't be worth them sending a C&D.
The Abbreviation Of 'SN'
This Is very much common knowledge for advanced SE'ers, but when It's used and written as "SN", It makes very little to no sense to novice social engineers. Going by personal experience, I'd say that It's equally used as "SN" and "Serial Number". It's also used simply as "Serial", but not as often as the others.
Examples
* I'm after a serial number to SE SteelSeries.
* I'll give you a serial If you give me some rep.
* Get the SN from someone on eBay.
'Tracking Number'
When a product has been purchased and shipped to the delivery address, a "Tracking Number" Is assigned to the package. It's usually sent In a confirmation email after the Item has been ordered. It allows the customer to track and see the location of their package at any point In time, by entering It Into the website's tracking option of It's respective carrier. This Is never abbreviated.
Examples
* Just show the tracking number to PayPal.
* Scanning the barcode displays the tracking number.
* The tracking number has the sender & receiver details.
'Corrupted File'
The "Corrupted File" Is a method used by SE'ers, when companies ask them to provide a picture or video that must Include the Item and other Identifiable details. Once they receive It, a refund Is Issued. However SE'ers don't have the Item to begin with, so they send a "Corrupted File", and assure the company that It's working fine on their end. The SE'er will keep repeating the process until the company finally gives up and provides a refund.
Examples
* Use this website for the corrupted file method.
* Be sure to send the corrupted file In different formats.
* The rep checked the corrupted file and couldn't open It.
Definition Of 'Reship'
Some SE'ers use what's called a "Reship" (or "Reshipping") company rather than their own address. Once the package has been sent by the online store, It's delivered to the reship company's warehouse and they'll forward It to the SE'ers house. This Is a good way to keep your real address hidden from the online store.
Examples
* That reshipping company Is fine for the UK.
* Hey, It's good to use a drop address & a reship.
* Can Logitech see that I'm using a reship?
'Receipt Generator'
Many social engineers go to great lengths to succeed with whom they're SEing and If It means falsifying paperwork to achieve their objective, they will do just that to the company who's requesting It. Such paperwork, Is to create a fake receipt using a "Receipt Generator". This term Is always used as written.
Examples
* The Amazon receipt generator Is awesome.
* Anyone have a Best Buy receipt generator?
* That online receipt generator doesn't work anymore.
'Investigation'
Every online supplier, differs to some degree In the way they address and process refund and replacement claims, but a very common approach with the majority of retailers, Is to open what's called an "Investigation". This Is used to check whether there's any Inconsistencies with what the social engineer has provided to the company.
Examples
* An Investigation Is simply part of company protocol.
* The DNA has led to an Investigation being opened.
* After the Investigation, I received the refund.
'Police Report'
Further to the above pertaining to a company opening an Investigation, the company could also ask the SE'er to obtain a "Police Report" to help with their Inquiry. Amongst other reasons, the police report Is often requested when the SE'er uses the DNA (Did Not Arrive) or the missing Item method.
Examples
* You can get a police report online.
* A police report Is not legally binding.
* What If SteelSeries asks for a police report?
The 'Blood Method'
Social engineers use a very clever method to avoid sending an Item back to the company, namely the "blood method". Health & safety Is taken very seriously by companies on every scale, hence the majority refuse to accept goods that contains blood. When formulated correctly, this Is very effective Indeed.
Examples.
* I'll use the blood method when I call Argos tomorrow.
* Read their terms to see If the blood method will work.
* The blood method Is great when SEing perfume with broken glass.
'Cross Shipping'
There are many options used by companies when dispatching customer orders and receiving warranty claims, and one of these options Is called "Cross Shipping". There are a few steps Involved but for the simplicity of this article, It's when a company ships a package containing the replacement Item at the same time the customer (SE'er) sends their package containing the defective Item.
Examples
* I'm going to box Amazon with the cross shipping.
* I don't think they do cross shipping anymore.
* Can any Item be used with cross shipping?
What Does 'VCC' Mean?
A "VCC" Is an abbreviation of "Virtual Credit Card". Unlike your physical (plastic) credit card, It's simply a number that's associated with your real card. Think of It as a disposable card- If anything happens to It, just get a new one. Generally, It can only be used once and cannot be traced to the real card. SE'ers use this to anonymize their real credit card when SEing a company.
Examples
* Use a VCC with the advanced replacement.
* Do you know of a trusted VCC provider?
* Get another VCC number when SEing HP.
The 'Faulty Item Disposed' Method
When SEing an Item that has (seemingly) lost functionality, the representative will go through a few troubleshooting steps and then ask the SE'er to return the Item for a refund or replacement. Rather than returning It, the social engineer will use the "Faulty Item Disposed" method, by saying that he threw It out due to health & safety concerns.
Examples
* The faulty Item disposed method suits electrical goods.
* I got a refund using the faulty Item disposed method.
* The rep knew I was using the faulty Item disposed method.
The 'Gift Method'
When SEing a company for a particular Item that you don't have to begin with, before they can approve the claim, they'll sometimes ask for the POP (Proof Of Purchase). Obviously you don't have It, so to circumvent the rep's request, you'd use the "Gift Method" by saying you've received the Item as a gift from a friend.
Examples
* You don't need a POP, use the gift method.
* Any tips on what I should say with the gift method?
* Stick with the gift method for the AirPods.
'Similar Item' Method
Manufacturers/suppliers can make errors when picking and packing products prior to dispatch- particularly when two or more Items are very similar In appearance. Social engineers are well aware of this, and use the "Similar Item Method", by sending back an old Item that looks very similar to the original. As such, the rep will assume It's the ordered Item and process a refund.
Examples
* I'm sending my old CPU using the similar Item method.
* They won't check with the similar Item method.
* How many times can I use the similar Item method?
'Human Hacking'
I'm sure you know by now that social engineering Is a form of hacking, but as opposed to traditional hackers using technical means to compromise a particular website or computer, SEing Is achieved by manipulating the person In question. As a result, It's the human that's exploited, and not the device. So the terms "Human Hacking" and "Social Engineering" are Interchangeable.
Examples
* That book on human hacking Is brilliant!
* I've bee human hacking for over 10 years.
* Everyone Is vulnerable to human hacking.
'Human Firewall'
Not only do devices such as computers and networks have firewalls to keep the bad guys out, you may not realize It, but you too have what's called the "Human Firewall" on a personal level. For Instance, If someone tries to SE you over the phone, with the Intention to have you read out your password, your "Human Firewall" kicks In and you make the decision to keep It to yourself.
Examples
* I can exploit anyone's human firewall.
* Train your staff's human firewall regularly.
* His human firewall didn't stop my SE.
'Image Metadata'
When a company asks for a POP (Proof Of Purchase) from the social engineer and he doesn't have It, he'll Photoshop It and send It In the form of an Image file. However, the rep can see It's been edited, by viewing the "Image Metadata". The SE'er Is always one step ahead- he'll simply change the "Image Metadata" accordingly.
Examples
* Be sure to edit the Image metadata beforehand.
* I found a great site to change Image metadata.
* What should I enter In the Image metadata?
The 'MM' Service
The "MM" service Is an abbreviation of "Middle Man" service, and Is often used In forums/boards for purchases made within the confines of the same community. The "MM" Is a trusted user who acts for the buyer and the seller, by holding the funds and ensuring the buyer gets the product, and the seller gets his money.
Examples
* Ask the administrator to be a MM.
* Do you know If Jodi98 Is a trusted MM?
* Play It safe and get an MM for the exchange.
'FTID' Method
At the time of this article, this Is a relatively new method that contains a lot of flaws and Inconsistencies. "FTID" Is short for "Fake Tracking ID", but Is almost always used as "FTID". In very brief terms, you send an envelope with the tracking number, and make It look like It's an ad. The company will receive It and throw It out (because It's an ad) and Issue a refund.
Examples
* Won't they check the weight with the FTID?
* Can someone tell me how the FTID works?
* What details do I remove with the FTID method?
The 'EB' Method
Although this Is not so much of commonality In social engineering parlance, It's still worth taking note of Its meaning and usage. "EB" Is an abbreviation of "Empty Box", which Is no different to the "missing Item method" already mentioned mid-way through this guide.
Examples
* 50 grams Is fine for the EB method.
* Is an Investigation opened when using the EB method?
* I used the EB method successfully for the SSD.
The 'Sealed Box' Method
This Is always used as written, namely "Sealed Box Method" without any abbreviation. The method Itself, Is not used as often as (for example) the DNA, but very effective when formulated correctly. The objective Is to replace the SEd Item (with an old Item you have lying around the house), In the box without showing any signs of tampering whatsoever. As a result, the company will think that you've sent the original one back, and Issue a refund.
Examples
* Any Item can be used with the sealed box method.
* Make sure the weight matches with the sealed box method.
* Use the sealed box method with Amazon, they don't check.
A 'Statutory Declaration'
A "Statutory Declaration", Is a written statement that declares that everything stated Is true and correct. It Is signed In the presence of an authorized witness such as a police officer or medical practitioner (doctor). A company may request the SE'er to sign one as part of their Investigation process. This Is also abbreviated as "Stat Dec".
Examples
* Sign the statutory declaration, It's not legally binding.
* I'm confused about what to do with the stat dec.
* Don't fake a statutory declaration!
An 'Affidavit'
Unlike a Statutory Declaration that must be signed In front of a Justice of the Peace to make It legally binding, an affidavit Is quite the opposite. Put simply, once an affidavit Is signed, It becomes a legally binding document and can be used as evidence In court. In terms of SEing, It's used for the purpose of confirming that the Information you've provided about the actions of your SE, Is In fact true and correct.
Examples
* I recommend to not sign the affidavit.
* I think this Is an affidavit, can anyone confirm?
* What's the difference between an affidavit and a stat dec?
A 'PayPal Dispute'
Not everything goes according to plan with every SE and when a company refuses to refund an Item, the SE'er will open a "PayPal Dispute", whereby the buyer & seller will try and come to an agreement. If they can't (which will obviously be the case with the social engineer), then It will be escalated to a claim.
Examples
* Contact PayPal's Resolution Center for the dispute.
* The dispute Is the first thing to do with PayPal.
* Hey, don't agree with seller In the dispute.
A 'PayPal Claim'
After the social engineer has opened a PayPal Dispute and failed to reach an agreement with the seller, It then gets escalated to a "PayPal Claim". This Is when PayPal steps In by reviewing the case, and ultimately decide the outcome In an Impartial and unbiased manner. PayPal Claims have a 20 day time frame from when the Dispute was deemed Inconclusive.
Examples
* Why Is PayPal taking so long with the Claim?
* Login to your PayPal account and click escalate to a Claim.
* PayPal approved the Claim and I'm getting a refund.
Perform A 'Chargeback'
If the PayPal Claim Is declined by PayPal, the SE'er can still get a refund from his credit card provider by performing what's called a "Chargeback". If successful, the credit card provider will get the funds from PayPal's merchant, who will then get the funds from PayPal Itself, and PayPal will grab the cash from the seller.
Examples
* A Chargeback should only be used as a backup plan.
* PayPal must agree to pay when a Chargeback succeeds.
* Don't do too many Chargebacks on the same account.
'Section 75' Claim
As with PayPal claims/disputes and credit card chargebacks, a "Section 75" claim works In a similar fashion, but the difference Is that you file a claim against your credit card provider for a refund. However, the Item or service that you're claiming to refund, must be valued over £100 and not over £30,000. A Section 75 only covers Individuals and not businesses.
Examples
* What are my chances with a Section 75?
* Your credit card provider must reply to your Section 75.
* If the Section 75 fails, contact the ombudsman.
The 'Partial Method'
The "Partial Method", Is based on the same principle as both the 'missing Item method' and the 'empty box method'. However, rather than SEing an Item on Its own, the SE'er will order a bunch of Items shipped together, and then claim that one was missing. It must be extremely light that will not register a weight on consignment, hence the company cannot cross-check the details with the carrier. This method Is also only written as "Partial".
Examples
* What's the maximum weight with the partial method?
* I'm doing a partial, so I'll let you know how It goes.
* That's too heavy to do a partial, use another Item.
A 'Bank Reversal'
When doing a "Bank Reversal", It's no different to a Chargeback via the credit card provider. The process Is the same, with the only difference being that It's done with your bank Instead of the credit card sector. If the bank deems the claim In favor of the SE'er, then PayPal has no say In the matter, and must Issue a refund.
Examples
* I think the bank reversal Is going well.
* Don't be greedy with too many bank reversals.
* It's not worth doing a bank reversal for that cheap Item.
What Is An 'AWB?'
An "AWB" which Is an abbreviation of "Air Waybill", Is rarely spoken of In the SEing community, but nonetheless, It must be familiarized by all SE'ers. It's simply a receipt Issued by an International carrier that's used for air freight, to confirm the shipment of goods from the sender to the recipient. It's similar to how a tracking number operates, but Instead, the AWB Is used for International shipments.
Examples
* Does the AWB barcode get scanned?
* Just put fake details on the AWB.
* An AWB Is a proof of receipt for the goods.
PayPal 'SNAD'
When SEing a company to refund an Item, some SE'ers prefer to file a dispute through PayPal by using the "SNAD" (Significantly Not As Described) option. As Its name Implies, It's used to say that the description of the Item that was ordered, was different to the one that was received. This Is similar to the traditional wrong Item received method.
Examples
* Use SNAD for almost any Item you plan to SE.
* SE the company first and If It fails, then use SNAD.
* I opted for PayPal's SNAD and my SE succeeded.
PayPal 'INR'
As with the above example regarding a PayPal dispute, the only other reason you can submit a claim, Is for an "INR" (Item Not Received). It's pretty self-explanatory, meaning the package that the carrier was supposed to deliver, was not received. This Is the same as the good old "DNA" method that SE'ers commonly use when social engineering online stores.
Examples
* What are the chances of the INR with Argos?
* You can SE any Item using the INR.
* The INR & SNAD are the only options for a dispute.
What Are 'Refunders?'
You may not come across this term too often In any given social engineering community, but nevertheless, you never know when you may require this type of service- particularly when you cannot do the job yourself. "Refunders", also referred to as a "Refunder" Is when SE'ers take advantage of an entity, such as a PayPal dispute/claim or a credit card chargeback, and specialize In reimbursing funds Into the accounts of those who utilize their services.
Examples
* HF doesn't have any good refunders, so look elsewhere.
* PM me, I can recommend you a good refunder.
* I know many refunders that use the SNAD method.
The Definition Of 'CSR'
I can confidently say, that this Is one of the least used terms In the world of social engineering. In fact, I've only stumbled upon It a handful of times In Its abbreviated form, namely "CSR" which stands for "Customer Service Representative". Its meaning pretty much speaks for Itself- a rep who works for a particular company and handles the needs of Its customers, such as dealing with returns & replacements, processing orders & claims and so forth. It's almost always used as "CSR".
Examples
* The CSR said he'll get back to me In 3-5 days.
* I SEd the CSR easily and he gave me a refund.
* What's the name of the CSR you spoke with?
The Meaning Of 'PEB'
If you're familiar with the partial method or you've just read Its definition a few paragraphs above, then you can certainly relate to the "PEB" which Is short for "Partial Empty Box". As a matter of fact, It's no different to the partial method, only worded In another context. At the time of writing, "PEB" Is not used often at all, but It's becoming somewhat popular with those who are new to the social engineering scene. I assume that SE'ers have put together "EB" (Empty box) and "Partial" to form "PEB".
Examples
* I've decided to PEB the SSD with Amazon.
* How many Items are you planning to PEB?
* Using the PEB with those sunglasses will work.
What Is A 'Service Tag?'
Also referred to as a "serial number", a 'service tag' predominantly relates to laptops that uniquely Identifies the product for (example) drivers, online support and warranty purposes. Social engineers use It for the latter (warranty) when SEing Dell, HP etc for refunds or replacements by creating a fake "POP" (Proof Of Purchase), and also a drop house/ address. For this to work, the service tag must obviously still be under warranty.
Examples
* I got the service tag from an SE'er really cheap.
* I SEd someone on eBay and he gave me the service tag.
* I think the Dell service tag Is underneath the laptop.
The 'Indirect SEing Method'
If you've just come across this method for the very first time on this blog, then I can confidently say that you've never read about It on any online source- well, not by Its title. That's because I'm the creator of the 'Indirect SEing method' and anyone who claims otherwise, has copied my work. As opposed to every other method that SEs the Item directly, this Is used to SE an Item that's extremely easy (and guaranteed to work), get a refund on that, and then purchase the Item you Initially wanted. In short, you SE one Item, get a refund, and purchase the other one- hence "Indirectly" SEd.
Examples
* If the laptop Is too hard to SE, use the Indirect SEing method.
* I've used the Indirect SEing method to refund the AirPods and buy the SSD.
* The Indirect SEing method Is fine with any Item you like.
The Definition Of DNA'ing
This Is used on the same principle when referencing the "DNA method", but In a different context. It refers to what the SE'er Is currently doing with the method, or planning to do with the SE at a later time. Seldom Is "DNA'ing" discussed between members but nonetheless, It's worthy of taking note of Its usage. You will never come across It without Its abbreviation, and that's because there Isn't one and even If you tried to expand It, It will not make any sense whatsoever.
Examples
* The driver left the package at my door, so I'll be DNA'ing It.
* How did you go with DNA'ing the laptop from Amazon?
* Why are you DNA'ing the SSD when you can use the missing Item method?
The Abbreviation Of 'LIT'
This Is one term that you'll seldom experience In message boards and online chat, but Irrespective of Its rareness, It's Imperative to have knowledge of everything relative to SEing. "LIT" Is an abbreviation for "Lost In Transit" and although It can be Interpreted In different ways, It basically means that when the SE'er (seemingly) returns his Item for a refund/replacement, he'll first create a label with disappearing Ink that will lose Its color sometime later, leaving a blank label behind. As such, the package will be marked as delivered, but lost In transit.
Examples
* Can you use the LIT method with any package?
* The company will see that It's LIT and approve your claim.
* LIT Is like the DNA but In reverse order.
'The Faulty Item Method' Defined
As Its name Implies, the "faulty Item method" Is used when the social engineer purchases an Item that has some type of functionality, such as an electric toothbrush or hair straightener, and then calls the company and says that It's not working. The rep/agent will then go through a few routine troubleshooting steps and when he's satisfied that the Item Is defective, he'll Issue a refund or replacement, but only when the nonfunctional Item Is returned. The SE'er will easily circumvent the return by using (for example) the box method.
Examples
* That Item Is not suited to the faulty Item method.
* Just use the faulty Item method by saying the battery Is leaking.
* I easily SEd the rep with the faulty Item method for a refund.
The Meaning Of 'TID'
When you send your Item back to the company for a refund or replacement, or you've purchased something and It's being delivered by their carrier, a "Tracking ID" which Is abbreviated as "TID" Is used to keep track of the consignment whilst In transit. It's also used to confirm that the package reached Its destination. It comes In handy when using a drop house/address, whereby It allows SE'ers to see precisely when their package will arrive, hence they can collect It the moment the driver attends the premises.
Examples
* When packages get scanned, the TID comes up on their system.
* The garbage FTID method got the Idea by using the TID.
* Just show PayPal the TID and you should get your refund.
What Is DNA'able?
As you've most likely guessed by Its title, this Is obviously related to the DNA (Did Not Arrive) method, and Is used to say whether an Item, company or carrier Is In fact compatible with the DNA method Itself. Its abbreviation of "DNA'able" Is hardly used In major social engineering boards, however as with every SEing term, It's vital to be familiar with Its meaning and usage. As such, you won't be left clueless when you do happen to come across It during your travels when reading threads/posts.
Examples
* That laptop Is easily DNA'able.
* I don't think DPD Is DNA'able, they take photos of your house.
* If Amazon don't ask for an OTP, they're DNA'able.
'DNA It' Defined
There are so many abbreviations relative to the DNA (Did Not Arrive) method, that It can be somewhat difficult to keep track of the lot, particularly If you've only recently started your career In the art of company manipulation and exploitation. It's Important to have sound knowledge of each and every one, Inclusive of "DNA It" which simply means to go ahead and claim that you didn't receive your package from the carrier driver.
Examples
* Be sure to DNA It Instead of using the partial method.
* The driver left the package at my doorstep so I'll DNA It.
* If I DNA It, will Argos open an Investigation?
In Conclusion:
Well, I have no doubt that you didn't expect this article to be so detailed, correct? I've spent countless hours documenting every abbreviation, term and the like relative to social engineering, thus you now have a complete SEing encyclopedia at your disposal. Sure, I've most likely missed a few bits and pieces here and there, but after all, I'm only human! I shall periodically update this post as new or forgotten terms come to mind, so be sure to visit this on a regular basis for the latest additions.
:DISCLAIMER:
I DO NOT OWN THE RIGHTS TO THIS. THIS IS TAKEN FROM www.socialengineers.net/ GO CHECK HIS STUFF OUT TO BECOME A L33T SOCIAL ENGINEER!
PLEASE LEAVE A LIKE! I LIKE TO LOOK HQ! NO LIKE = LEACH = BAN!
wwww
This post is by a banned member (Sensore123) - Unhide
06 September, 2024 - 06:31 AM
Reply
This post is by a banned member (nacho830) - Unhide
09 September, 2024 - 02:58 AM
Reply
This post is by a banned member (jasonandy) - Unhide
11 September, 2024 - 02:07 PM
Reply
|