OP 06 March, 2021 - 11:09 PM
(This post was last modified: 07 March, 2021 - 03:16 AM by TeamSesh.)
Reply
Show ContentSpoiler:
Received The Wrong Item In The Sealed Box.
In the complex world of manipulating and exploiting the human firewall, there's a lot that's rattling In the mind of a social engineer, and the steps taken to achieve the task at hand, must be pretty much spot-on leaving very little to no room for error. Be It SEing In a physical environment, by being employed as a janitor to grab confidential Information that's disposed In the account's department waste basket, or hitting a major online retailer such as Best Buy to refund a 2k laptop, they all have one thing In common- the method used to execute the attack successfully. As an SE'er yourself, sometimes you only have one shot at getting It right, thus It's crucial that you prepare your SE according to the nature of your target.
You need to know precisely what you're up against and not do what I call a "blind SE"- whereby you have no Idea of how your victim Is structured, nor any details of the way they operate and respond to your attack vectors. As such, the first port of call prior to even thinking about social engineering them, Is to "research their terms" with the objective of Identifying loopholes and (but not limited to), the grounds on which they process refunds and replacements. If you haven't already guessed, I'm referring to SEing companies to the likes of John Lewis, ASOS, Currys, Logitech and so forth- namely via online purchases.
When you've gathered everything you need, the backbone of every SE, Is the type of "method" that you'll be using to achieve your goal. It's Imperative to formulate It based on your (researched) findings, thus If you neglect to do this and also fail to apply It In a systematic manner, then your SE cannot, and will not, move forward! Period. There are so many methods available and If you're reading this from an advanced SE'ers standpoint, you'll well and truly know what they are- the DNA, the missing Item, boxing and the list goes on.
However, regardless of your level of experience, I'd say that you've never heard of the "Wrong Item Sealed Box Method", yes? I thought as much. That's because, I've just named It as such at the time of writing this article and for a very good reason, which you'll see why a little further down the page. So what exactly Is this and what does It Involve? Before I make a start on It, I would first like you to have a clear understanding of the "wrong Item received method"- as this functions In a very similar fashion to the wrong Item sealed box method, so let's check It out now.
What Is The Wrong Item Received Method?
As Its name Implies, this Is used by saying "the Item you've ordered from a company such as Argos, SteelSeries, Zalando, Amazon or otherwise, was not the one that you received". The purpose Is to pretend that they've sent you something completely different. Now they will ask you to return the (seemingly) wrong Item, and you do exactly that by sending something that you've already purchased and when they receive It, they'll Issue a refund or send you a replacement of your original Item. The problem Is, If you're not selective with the wrong Item, your SE may well and truly fail.
To significantly Increase the chance of a successful outcome, the SE must be well calculated, by being very methodical with the "nature of the wrong Item". That Is, you can't just choose one at random. Here's how It works. Let's say you're planning to social engineer an "SSD" (Solid State Drive) for your computer. The first thing you need to do, Is take note of It's "precise weight"- this Is of the utmost Importance. The next step, Is to choose a wrong Item that "matches the weight of the SSD" by purchasing It ("on a separate account") from the same company that you'll be SEing. To make It worth your while, buy one that only costs a few dollars, therefore you will make a considerable profit.
When they receive the return (your "wrong Item") and scan It, they'll see that It's part of their Inventory, and assume that they did In fact send It Instead of the one on your order. As a result, they'll have no reason to decline your claim, hence approve It thereafter. That's a general example of how the wrong Item received method Is used, and because It Involves replacing your original Item with another (wrong) Item, you can use It on just about any retailer that has a warehouse full of stock. What you're about to read next, Is based on a very similar concept, and that's why I wanted to first write about the basics of the wrong Item received method - It will allow you to follow and comprehend the topic below quite easily. So without further delay, let's see what It entails.
The Wrong Item Sealed Box Method Defined:
As mentioned a little further up, I'd say that It's very safe to assume that you've never come across this method before, at least, not by Its title. Given the similarities between this method and the one above, I'll keep this guide brief and straight to the point. The "wrong Item sealed box method", pretty much speaks for Itself- you buy something from an online store and when It's delivered by the carrier, you contact the representative and advise that you opened the (sealed) box and It contained another product to what you ordered. For Instance, let's suppose you bought a "ghd hair straightener" to the value of 315$ from Amazon. You'd then claim that a "hair dryer" was In the box that was sealed and delivered to you, thus the wrong Item was In the sealed box.
In my view, and personal SEing experience over a number of decades, this method Is actually more effective than the wrong Item received method Itself- namely due to the company having no way to cross-check and conclusively Identify "what was In the sealed box" at the time of dispatch. As far as they're concerned, they've received a batch of stock from their supplier, stored everything on their shelving/racking In the warehouse and then picked, packed and sent the goods as ordered by their customers. In other words, they have relied on the description on the box to be true and correct. The good thing about this from a social engineering perspective, Is Its flexibility, meaning there are a couple of ways that you can use It- both of which are equally effective, which brings me to my next point as per the topic below.
Received Someone Else's SE In The Sealed Box:
Given the high success rate of this method, many online retailers, regardless If It's a small organization with only 30 or so employees or a huge business like HP, will actually have someone else's return (without their knowledge "at the time") sitting somewhere In their stores area - ready to be sold. For example, any SE'er could've purchased a GPU (Graphics Card) and when they accepted the delivery, they took It out of the box and replaced It with an another GPU that was lying around the house from their old PC. After that, they sealed the box "perfectly" and made some excuse (such as being given the same one as a gift) to send It back for a refund. The company would've simply scanned It on receipt, and placed It back Into stock- thinking that the original Item was enclosed.
Although this Is not a common occurrence, It does happen from time to time In a legit environment and every company Is aware of It, hence the likelihood of the SE working In your favor, Is almost guaranteed to succeed. All that's required on your part, Is to find an Item that's similar or In the same category as the one you ordered, and weighs roughly the same. The examples above describe this well- a "hair straightener swapped with a hair dryer" or a like-for-like product, namely the "new GPU replaced with the old GPU". When executing your SE, get In contact with the representative and tell him that you opened the box and much to your surprise, It contained something completely different. If you're after a refund, be sure to first check their terms to see the time frame of when It can be claimed- some have a 15 day policy, and others require notice within 30 days from the date of purchase, or otherwise. It doesn't get much easier than that!
A Manufacturer Error In The Sealed Box:
The second methodology I'd like to Introduce you to Is rather similar to the one above, but this time "we'll put the blame on the manufacturer", whereby they (seemingly) packed an Incorrect Item In the box at the manufacturing plant and sent It off to the respective company thereafter. This does In fact happen a lot more often than you think, and that's what makes It so effective- It's very difficult to check precisely where the manufacturer made the mistake. The objective of this method, Is for the rep/agent to believe that what you're claiming (refund or replacement), Is the result of a factory error. To not raise suspicion and be realistic with the SE, "the wrong Item (that you'll be buying), must be from the same department as the purchased Item", and not from a section that has no relevance whatsoever.
For Instance, supposing you're going to social engineer a nice Fitbit Versa 2 Health and Fitness Watch, and you plan to use a Swingline Stapler as the wrong Item In the sealed box- both of which weigh around the same. Pretty good, yes? Not necessarily. The "watch" Is categorized as an "electronics Item", and the "stapler" belonging to the "stationary division". It's extremely unlikely that the manufacturer confused these, particularly when they have no association to each other In any way, shape or form.
Instead (and as an example), you'd SE a "Crucial 64 GB Ram kit" to the value of 469.00$ and on a separate account, you'll buy a "Sandisk 32 GB USB stick" that costs roughly 14.00$- as the wrong Item and claim that you received this In the sealed box, and not the Ram. Can you see the link between both? Each pertain to "technology", therefore It's very likely for the company to think that an Incorrect Item was packed by the manufacturer. Also, If you haven't already noticed, you'll make a nice profit- 469.00$ less 14.00$ Is "455.00$ In your pocket!". This Is simply written for demonstration purposes, so apply your SE In a similar fashion.
The Do's & Don'ts Of The Wrong Item Sealed Box Method:
As with all social engineering attack vectors, every possible angle must be covered prior to executing It, and the wrong Item sealed box method Is certainly no exception. For this to succeed, there's one very Important element that you need to be aware of, and that's the nature of how the box Is structured. It's paramount that Its contents cannot be viewed externally, that Is, seeing what's Inside without opening It. What I'm referring to, Is boxes that are manufactured with a clear film on one or perhaps both sides, hence If CCTV cameras are In operation when the storeperson picked and packed your order, then the footage may well show that the correct Item was enclosed at the time of dispatch. Moreover, It'll be hard to justify how It can pass through so many hands without anyone noticing that an Item other than the original, was Inside.
Another thing to take Into account and as stated a number of times, Is that goods are weighed on consignment- by most companies when packing orders In their warehouse, and when they reach the carrier's depot. If there's a huge discrepancy In weight between the original and wrong Item and the company decides to "open an Investigation" by referencing the carrier's records, then your SE Is destined to fail. Sure, the representative may be half-asleep on the job and approve your claim with no questions asked, but there's no point putting your SE at risk, when It can easily be avoided. The equation Is pretty simple- choose a wrong Item that's equal, or very close to the weight of the original one. In terms of the latter (approximate weight), opt for something that's no greater than an 80 gram variance.
Why The Wrong Item Sealed Box Method May Fail:
Each and every SEing method has Its weakness, regardless of how well you've formulated It against your target. You can cover everything on your end and leave nothing to chance, however you cannot predict the series of events that take place behind closed doors- namely the way your SE Is handled by the claims department. As such, It's Imperative that I bring to your attention one probability that could cause your SE to be declined, and this relates to the "Received Someone Else's SE In The Sealed Box" method. You see, this Is based on the grounds that another SE'er (or anyone for that matter) returned It and you just so happened to make the purchase. The only way that this can fail, Is If the company checks the "order history" and determines that It's not a return Item, but rather one that's been sitting on their shelf as received from the manufacturer. The likelihood of this Is quite slim, but nonetheless, It's worthy of taking It Into consideration when preparing your SE.
In Conclusion:
As opposed to most (If not all) articles and tutorials you read on the net, I'm the type of SE'er who outlines everything there Is to know about the topic at hand. This Includes the pros and cons of the method In question and If It has a possibility of failure, you'll certainly be told as to why It may not work In your favor. You can then make an Informed decision as to whether or not you'd prefer to pursue and Incorporate It Into your SE. Each of the methods that you've just read, have a very high success rate- but only If you apply them according to the nature of the Item you're planning to social engineer. As a result, do expect your refund or replacement to go your way with very little complications from start to finish.
In the complex world of manipulating and exploiting the human firewall, there's a lot that's rattling In the mind of a social engineer, and the steps taken to achieve the task at hand, must be pretty much spot-on leaving very little to no room for error. Be It SEing In a physical environment, by being employed as a janitor to grab confidential Information that's disposed In the account's department waste basket, or hitting a major online retailer such as Best Buy to refund a 2k laptop, they all have one thing In common- the method used to execute the attack successfully. As an SE'er yourself, sometimes you only have one shot at getting It right, thus It's crucial that you prepare your SE according to the nature of your target.
You need to know precisely what you're up against and not do what I call a "blind SE"- whereby you have no Idea of how your victim Is structured, nor any details of the way they operate and respond to your attack vectors. As such, the first port of call prior to even thinking about social engineering them, Is to "research their terms" with the objective of Identifying loopholes and (but not limited to), the grounds on which they process refunds and replacements. If you haven't already guessed, I'm referring to SEing companies to the likes of John Lewis, ASOS, Currys, Logitech and so forth- namely via online purchases.
When you've gathered everything you need, the backbone of every SE, Is the type of "method" that you'll be using to achieve your goal. It's Imperative to formulate It based on your (researched) findings, thus If you neglect to do this and also fail to apply It In a systematic manner, then your SE cannot, and will not, move forward! Period. There are so many methods available and If you're reading this from an advanced SE'ers standpoint, you'll well and truly know what they are- the DNA, the missing Item, boxing and the list goes on.
However, regardless of your level of experience, I'd say that you've never heard of the "Wrong Item Sealed Box Method", yes? I thought as much. That's because, I've just named It as such at the time of writing this article and for a very good reason, which you'll see why a little further down the page. So what exactly Is this and what does It Involve? Before I make a start on It, I would first like you to have a clear understanding of the "wrong Item received method"- as this functions In a very similar fashion to the wrong Item sealed box method, so let's check It out now.
What Is The Wrong Item Received Method?
As Its name Implies, this Is used by saying "the Item you've ordered from a company such as Argos, SteelSeries, Zalando, Amazon or otherwise, was not the one that you received". The purpose Is to pretend that they've sent you something completely different. Now they will ask you to return the (seemingly) wrong Item, and you do exactly that by sending something that you've already purchased and when they receive It, they'll Issue a refund or send you a replacement of your original Item. The problem Is, If you're not selective with the wrong Item, your SE may well and truly fail.
To significantly Increase the chance of a successful outcome, the SE must be well calculated, by being very methodical with the "nature of the wrong Item". That Is, you can't just choose one at random. Here's how It works. Let's say you're planning to social engineer an "SSD" (Solid State Drive) for your computer. The first thing you need to do, Is take note of It's "precise weight"- this Is of the utmost Importance. The next step, Is to choose a wrong Item that "matches the weight of the SSD" by purchasing It ("on a separate account") from the same company that you'll be SEing. To make It worth your while, buy one that only costs a few dollars, therefore you will make a considerable profit.
When they receive the return (your "wrong Item") and scan It, they'll see that It's part of their Inventory, and assume that they did In fact send It Instead of the one on your order. As a result, they'll have no reason to decline your claim, hence approve It thereafter. That's a general example of how the wrong Item received method Is used, and because It Involves replacing your original Item with another (wrong) Item, you can use It on just about any retailer that has a warehouse full of stock. What you're about to read next, Is based on a very similar concept, and that's why I wanted to first write about the basics of the wrong Item received method - It will allow you to follow and comprehend the topic below quite easily. So without further delay, let's see what It entails.
The Wrong Item Sealed Box Method Defined:
As mentioned a little further up, I'd say that It's very safe to assume that you've never come across this method before, at least, not by Its title. Given the similarities between this method and the one above, I'll keep this guide brief and straight to the point. The "wrong Item sealed box method", pretty much speaks for Itself- you buy something from an online store and when It's delivered by the carrier, you contact the representative and advise that you opened the (sealed) box and It contained another product to what you ordered. For Instance, let's suppose you bought a "ghd hair straightener" to the value of 315$ from Amazon. You'd then claim that a "hair dryer" was In the box that was sealed and delivered to you, thus the wrong Item was In the sealed box.
In my view, and personal SEing experience over a number of decades, this method Is actually more effective than the wrong Item received method Itself- namely due to the company having no way to cross-check and conclusively Identify "what was In the sealed box" at the time of dispatch. As far as they're concerned, they've received a batch of stock from their supplier, stored everything on their shelving/racking In the warehouse and then picked, packed and sent the goods as ordered by their customers. In other words, they have relied on the description on the box to be true and correct. The good thing about this from a social engineering perspective, Is Its flexibility, meaning there are a couple of ways that you can use It- both of which are equally effective, which brings me to my next point as per the topic below.
Received Someone Else's SE In The Sealed Box:
Given the high success rate of this method, many online retailers, regardless If It's a small organization with only 30 or so employees or a huge business like HP, will actually have someone else's return (without their knowledge "at the time") sitting somewhere In their stores area - ready to be sold. For example, any SE'er could've purchased a GPU (Graphics Card) and when they accepted the delivery, they took It out of the box and replaced It with an another GPU that was lying around the house from their old PC. After that, they sealed the box "perfectly" and made some excuse (such as being given the same one as a gift) to send It back for a refund. The company would've simply scanned It on receipt, and placed It back Into stock- thinking that the original Item was enclosed.
Although this Is not a common occurrence, It does happen from time to time In a legit environment and every company Is aware of It, hence the likelihood of the SE working In your favor, Is almost guaranteed to succeed. All that's required on your part, Is to find an Item that's similar or In the same category as the one you ordered, and weighs roughly the same. The examples above describe this well- a "hair straightener swapped with a hair dryer" or a like-for-like product, namely the "new GPU replaced with the old GPU". When executing your SE, get In contact with the representative and tell him that you opened the box and much to your surprise, It contained something completely different. If you're after a refund, be sure to first check their terms to see the time frame of when It can be claimed- some have a 15 day policy, and others require notice within 30 days from the date of purchase, or otherwise. It doesn't get much easier than that!
A Manufacturer Error In The Sealed Box:
The second methodology I'd like to Introduce you to Is rather similar to the one above, but this time "we'll put the blame on the manufacturer", whereby they (seemingly) packed an Incorrect Item In the box at the manufacturing plant and sent It off to the respective company thereafter. This does In fact happen a lot more often than you think, and that's what makes It so effective- It's very difficult to check precisely where the manufacturer made the mistake. The objective of this method, Is for the rep/agent to believe that what you're claiming (refund or replacement), Is the result of a factory error. To not raise suspicion and be realistic with the SE, "the wrong Item (that you'll be buying), must be from the same department as the purchased Item", and not from a section that has no relevance whatsoever.
For Instance, supposing you're going to social engineer a nice Fitbit Versa 2 Health and Fitness Watch, and you plan to use a Swingline Stapler as the wrong Item In the sealed box- both of which weigh around the same. Pretty good, yes? Not necessarily. The "watch" Is categorized as an "electronics Item", and the "stapler" belonging to the "stationary division". It's extremely unlikely that the manufacturer confused these, particularly when they have no association to each other In any way, shape or form.
Instead (and as an example), you'd SE a "Crucial 64 GB Ram kit" to the value of 469.00$ and on a separate account, you'll buy a "Sandisk 32 GB USB stick" that costs roughly 14.00$- as the wrong Item and claim that you received this In the sealed box, and not the Ram. Can you see the link between both? Each pertain to "technology", therefore It's very likely for the company to think that an Incorrect Item was packed by the manufacturer. Also, If you haven't already noticed, you'll make a nice profit- 469.00$ less 14.00$ Is "455.00$ In your pocket!". This Is simply written for demonstration purposes, so apply your SE In a similar fashion.
The Do's & Don'ts Of The Wrong Item Sealed Box Method:
As with all social engineering attack vectors, every possible angle must be covered prior to executing It, and the wrong Item sealed box method Is certainly no exception. For this to succeed, there's one very Important element that you need to be aware of, and that's the nature of how the box Is structured. It's paramount that Its contents cannot be viewed externally, that Is, seeing what's Inside without opening It. What I'm referring to, Is boxes that are manufactured with a clear film on one or perhaps both sides, hence If CCTV cameras are In operation when the storeperson picked and packed your order, then the footage may well show that the correct Item was enclosed at the time of dispatch. Moreover, It'll be hard to justify how It can pass through so many hands without anyone noticing that an Item other than the original, was Inside.
Another thing to take Into account and as stated a number of times, Is that goods are weighed on consignment- by most companies when packing orders In their warehouse, and when they reach the carrier's depot. If there's a huge discrepancy In weight between the original and wrong Item and the company decides to "open an Investigation" by referencing the carrier's records, then your SE Is destined to fail. Sure, the representative may be half-asleep on the job and approve your claim with no questions asked, but there's no point putting your SE at risk, when It can easily be avoided. The equation Is pretty simple- choose a wrong Item that's equal, or very close to the weight of the original one. In terms of the latter (approximate weight), opt for something that's no greater than an 80 gram variance.
Why The Wrong Item Sealed Box Method May Fail:
Each and every SEing method has Its weakness, regardless of how well you've formulated It against your target. You can cover everything on your end and leave nothing to chance, however you cannot predict the series of events that take place behind closed doors- namely the way your SE Is handled by the claims department. As such, It's Imperative that I bring to your attention one probability that could cause your SE to be declined, and this relates to the "Received Someone Else's SE In The Sealed Box" method. You see, this Is based on the grounds that another SE'er (or anyone for that matter) returned It and you just so happened to make the purchase. The only way that this can fail, Is If the company checks the "order history" and determines that It's not a return Item, but rather one that's been sitting on their shelf as received from the manufacturer. The likelihood of this Is quite slim, but nonetheless, It's worthy of taking It Into consideration when preparing your SE.
In Conclusion:
As opposed to most (If not all) articles and tutorials you read on the net, I'm the type of SE'er who outlines everything there Is to know about the topic at hand. This Includes the pros and cons of the method In question and If It has a possibility of failure, you'll certainly be told as to why It may not work In your favor. You can then make an Informed decision as to whether or not you'd prefer to pursue and Incorporate It Into your SE. Each of the methods that you've just read, have a very high success rate- but only If you apply them according to the nature of the Item you're planning to social engineer. As a result, do expect your refund or replacement to go your way with very little complications from start to finish.
:DISCLAIMER:
I DO NOT OWN THE RIGHTS TO THIS. THIS IS TAKEN FROM www.socialengineers.net/ GO CHECK HIS STUFF OUT TO BECOME A L33T SOCIAL ENGINEER!
PLEASE LEAVE A LIKE! I LIKE TO LOOK HQ!
NO LIKE = LEACH = BAN!
NO LIKE = LEACH = BAN!
This leak has been rated as not working 0 times this month. (1 times in total)
![[Image: zgxP7bP.gif]](https://i.imgur.com/zgxP7bP.gif)