Perform An In Depth Research On The Company You're SEing.
When social engineering a company such as Amazon or Logitech to get a refund or replacement for an Item by using any of the traditional methods, It's paramount to have knowledge of precisely how they operate before executing your attack. One of the biggest mistakes that social engineers make, Is to be overconfident with their SE and "blindly target their victim" without gathering any Information whatsoever about the environment they're engaged In, and the policies they comply with. In order to formulate your method, you need to know exactly what you're working with and as such, the first port of call Is to "research" the company In question and you can then prepare your method based on your findings. This will give your attack vector solid grounds to perform Its task, thereby significantly Increase the likelihood of a successful outcome.
Regardless what scale the company operates on, be It an organization of 5,000 employees or a family-owned business of 30 staff In total, each and every one has their very own "Terms & Conditions", that outline specifics pertaining to how orders and claims are processed, as well as the way they handle warranty refunds and replacements. It's crucial that you familiarize yourself with every detail of relevance, by navigating to their website's "ToS" (Terms of Service or some variant) and taking note of everything that may affect your SE- both In a positive and negative fashion. So what do you actually look for, precisely? Well, there are no hard and fast rules but to simplify your research, I've provided a general guide as follows.
- Warranty Period- To establish when goods can be returned for a full refund.
- Refund Policy- To Identify the grounds on which refunds are Issued.
- Replacement Policy- To Identify the grounds on which replacements are Issued.
- Carrier(s) Used- To Identify vulnerabilities with their delivery service.
- Loss Of Goods- To establish who's responsible for loss of goods during transit
- Advanced Replacement- You can use a drop address for this.
- Debiting Your Account- Check If they charge you for not returning the defective Item.
- Return Center- Establish whether It's onsite or offsite. The latter Is better during busy periods.
Obviously, It's not limited to this alone, so be sure to expand your very own research according to the nature of your SE and the entity of whom you're social engineering at the time.