Must Adapt To Changes During Your Attack Vector.
Every time you decide to social engineer a given entity, If you've researched your target, gathered all details of relevance and formulated your method based on your (research) findings, you know precisely what to do from your end In order to get the job done. That Is, you have control of your actions and apply them to your attack vector accordingly. Be It SEing the security guard at the entrance of a rock concert by pretending that you're part of the audio crew thereby gain entry without paying a single dime, or hitting an online retailer by manipulating their representative to Issue a refund for an Item that you don't have to begin with, they both have the same thing In common- your ability to ensure the success of your objective.
It's all well and good when "you can control" where the SE Is heading, but let's face It, we don't operate In perfect world In the social engineering sector- for the most part, you will face problems along the way. Now unless the person on the other end Is half-asleep or completely oblivious that he's being tricked Into performing an action that he's not supposed to do, there will be an array of complexities and obstacles that will turn your attack In a different direction. As such, It's of the utmost Importance to "adapt to changes" during the course of your SE. For example, let's say that your SEing an online company by using the "serial number method", for an Item that you don't physically have, namely a "Logitech B100 Optical Mouse". You've obtained the serial from a seller on eBay, that's under warranty and within the company's refund policy time frame of 30 days.
You've contacted the representative saying that the mouse Is not functioning and after a few troubleshooting steps, he's satisfied that a refund Is warranted and asked you to send It back. Given you obviously don't have the Item, do you abort the SE, or "adapt to the change" of the rep's request? As an SE'er, you must Immediately recognize the nature of changes, and have the skill set to apply yourself effectively. So what do you do In this situation? The answer Is simple. The mouse weighs exactly 95 grams, which Is light enough to barely register a weight on consignment. As a result. you'd use the "box method" by sending the package with nothing Inside and make It appear as though It was tampered with during transit, hence the mouse was (seemingly) stolen before the package reached Its destination.
When the company receives It and tries to cross-check the weight against the carrier's manifest, It will be futile- because It's so light, a variance will not show up, therefore their Investigation Is deemed Inconclusive. They'll have no choice, but to refund you for the full cost of the Item. But what If you couldn't use the box method? Well, opt for the "leaking battery method!". The mouse contains lithium-ion batteries and they can In fact explode or catch fire due to short circuiting, so you'd use this by saying that you disposed of the mouse for "health & safety" purposes. If you've executed your attack by leaving nothing to chance, then the outcome will be the same- a full refund. "It took me around 3 minutes to think of all this". I have many more alternatives, but this article has exceeded Its reading time with an extra paragraph that I didn't Intend on writing . In closing, the more you social engineer, the better you'll "adapt to changes". Be sure to have an open mind with every SE at your disposal.