Latest Social Engineering Posts

Do Not Befriend The Driver


Do Not Befriend The Carrier Driver When Accepting Deliveries.

When exploiting entities via technical means, such as SQL Injection attacks on a given website with the Intention to gain back-end access and grab confidential Information, It's Imperative to anonymize your connection by navigating behind a VPN and/or the Tor network, thereby your Identity remains within the confines of your local environment. The same principle applies to certain sectors In social engineering. Depending on your attack vector, creating a fake account and using a "drop address/ house", Is vital to keep your personal credentials to yourself and what's also part of this equation, Is to not create any type of association with whom you're social engineering. However, this tends to happen when SEing online stores to the likes of Argos or Amazon by using the "DNA" (Did Not Arrive) method, whereby the SE'er befriends the carrier driver when he delivers his packages on a regular basis.

What I'm referring to Is "company manipulation and exploitation", that's used by the SE'er to trick their representatives to Issue refunds and replacement Items. Although the claim Itself takes place remotely by communicating through email, phone conversation or (where available) live chat, accepting deliveries requires physical Interaction with the carrier and the "biggest mistake Is to form a relationship with the driver", namely when hitting the DNA method more often than not. How so you ask? Well, when drivers see the same face over and over again and familiarize themselves with whom they're delivering to, an element of "trust" develops- particularly when they're greeted In a friendly manner on each occasion. As a result, you'll find that the driver will simply drop off the package without a signature, or sign for It himself which Is perfect for the DNA method to succeed.

Many social engineers take advantage of this and keep using the method without fail, however their actions can have a huge Impact on the driver to the point of actually losing his job! Now I can't speak for all carrier services, but there are those who keep record of the number of deliveries that failed to reach their destination and If ex-amount of complaints have been reported against the same driver, then he'll find himself queuing up at the unemployment office. As an SE'er yourself and on the grounds you're using (or Intend to use) the DNA method, be sure It's kept on a personal level without affecting anyone around you- In this case the carrier driver. It's totally unacceptable and morally wrong If he's been fired at the expense of your SE. You're accountable and responsible for your behavior, so keep your SEs within your very own environment