Latest Social Engineering Posts

Time Every SE Accordingly


 Plan Every Subsequent SE With Good Timing.

For the purpose of this article, I will use the example of social engineering online stores for refunds and/or replacements. Obviously this also applies to every SE, such as obtaining usernames & passwords from a given organization "several times" by SEing various employees, but It's beyond the scope of this post to cover the lot. If you've been social engineering companies for a number of years, even If you've created another account at some point, there's no doubt that "you have used the same account to some extent with each and every SE". I'd say It's safe to assume, that quite a few SEs have failed along the way, correct? I thought as much. There are many reasons why an SE fails, one of which Is not allowing a sufficient gap from one after another. Let's see why this Is so Important.


When a social engineer submits a claim for a refund or Item replacement "multiple times on the same account and from the same company In succession", the "timing between each SE" Is crucial. Allow me to explain. Let's say the SE'er claimed that his package did not arrive. Then a few days later, he said that the Item was missing on another order. A couple of days after that, he decided to use the wrong Item received method when ordering another Item. That's "three claims In a space of one week". The probability of this happening "on legit grounds", Is extremely unlikely and If the company decides to Investigate It further, the last SE will most likely fail and every SE after that will do the same- If performed within the same timing. The question I often get asked Is: "How long should I wait before I hit another SE?". I will happily answer this for you. 


There are no hard and fast rules when It comes to social engineering- each one Is based on Its merits. Due to the Influx of claims, some companies (namely those on a very large scale), are less likely to take note of how often a user submits a request for a refund/replacement. However, this certainly doesn't mean that they won't. As such, you must be patient and allow a sufficient gap In between each SE. I recommend "waiting a few weeks at the minimum", preferably a month and possibly a little longer. This gives the account some breathing space, and helps divert attention away from the account holder's activity. Remember, It's all about "not raising suspicion on the account". If you simply don't care, the last thing you need Is for your account to be flagged and banned thereafter, thus losing every pending refund & replacement and more. There's no rush whatsoever, so don't be greedy and play It smart by sticking to all the above.