Latest Social Engineering Posts

Perform A Practice Run


Identify How The Company Operates With A Practice Run.

If you've read my articles on this blog, you'd be well aware that most of the content relates to the "new breed of human hacking", namely "company manipulation and exploitation", by SEing a given representative to Issue a refund or replacement for an Item that (for example) you don't even have to begin with. This can either run smoothly right from the get-go with minimal hassle, or be a very arduous task due to Investigations opened, police reports requested, affidavits asked to be signed & returned and the list goes on. This predominantly happens when you're social engineering a company for the very first time, or one that you're not familiar with how they operate from an Internal standpoint. As such, It's of the utmost Importance to have a very good understanding of how they're structured and a very effective way to do this, Is to perform what I call a "practice run". Let's have a look at how this Is done.

How To Perform A Practice Run

On the grounds that you haven't SEd a particular company and don't know precisely what questions will be raised, how they expect to be answered and the type of procedures used during the claims process, simply perform a "practice run". So what exactly Is a "practice run?". Well, I'm glad you've asked! Rather than SEing the real Item, you formulate a bogus (trial) SE solely used for testing purposes, with the Intention of establishing how the company operates and processes claims. The way to do It, Is to "order a very cheap Item from the company that you're planning to SE", and be sure that Its value Is only a few dollars or so. This way, If the SE doesn't go according to plan, you have nothing to lose except a measly (for example) 3$ on the Item you've spent. 

Next, use the gateway of communication, such as phone conversation, live chat or email transmission "that's your strength and not your weakness". For Instance, If you're nervous during real-time conversation, do not make a phone call but rather shoot off an email- you'll have all the time In the world to proofread and send your message. Whilst In the middle of your attack vector, take note of every possible detail during your conversation/communication, no matter how Irrelevant It may seem at the time and most Importantly, the steps taken leading up to finalizing your claim. All this, will give you a very accurate and deep understanding of the protocols used by representatives and as such, "you should not have any Issues whatsoever In executing your attack without fail!". I recommend hitting a couple of practice runs- just to be certain that your execution will In fact succeed when the time comes to SE the company for real.