Latest Social Engineering Posts

Sealed Box Method Events

 



What To Expect When Using The Sealed Box Method.

With regard to the new breed of human hacking commonly known as "company manipulation and exploitation", whereby social engineers use their skill set to trick representatives Into having their account credited or replacement Items sent free of cost, there are quite a number of traditional methods used to get the job done. Such methods Include (but not limited to) the DNA (Did Not Arrive), missing Item, wrong Item received, the partial method  and boxing- all of which are predominantly used by beginner, Intermediate and advanced SE'ers. The reason for their popularity, Is that they've all been widely tested against online retailers  to the likes of Zalando, ASOS, John Lewis, Argos, Amazon and many others, and have proven to be very effective In ensuring a favorable outcome for the social engineer- a refund, replacement or both. 

However, In order to make sure that the SE runs as smooth as possible from start to finish with minimal disruptions, apart from the DNA & wrong Item received, every other method must be based on the nature of the Item. For Instance, If you're planning to SE a Bose SoundLink Portable Bluetooth Speaker that weighs 900 grams by using the "missing Item method", then It's destined to fail- for the fact that It will register a weight on consignment, hence a company Investigation will conclude that It was dispatched and shipped correctly. It's simply too heavy for the said method and as such, you'd have to opt for another one that's well-suited to the Item's configuration. What you've just read, Is called "method formulation". In other words, you're using a calculated and strategic approach by making sure that both the "Item & method are compatible In every way", which In turn supports your attack vector from beginning to end.

Whilst It's of paramount Importance to select and formulate methods effectively, of equal value Is to have knowledge of "what to expect when the SE Is In progress with Its associated method"- which Is precisely what this article Is all about. Allow me to clarify It In simple terms. You, as the SE'er, know what you're doing on your end when putting together your method, correct? Of course you do. But are you aware of the series of events that place when "reps/agents are assessing your claim against your method?". Evidently not. What I'm saying Is, you've got the power and skill set to flawlessly consolidate your method & Item In readiness for your attack, but the moment It's executed, "you have very little to no control of what happens within the confines of the company"

It's crucial to have a good understanding of how your method Is handled by the reps, thereby you can prepare It with critical thinking, and In the event they hit you with all sorts of questions and requests, you'll be In a position to tackle their demands In an Informed manner. That's where I come In. The method that I'll be focusing on In this tutorial, Is named the "sealed box method" and I will provide you with the most common procedures that representatives perform when your claim Is being processed, as well as one particular event that seems problematic and WILL take place AFTER your SE Is well and truly finalized. I've covered It In the last topic named "Another Customer Will Receive Your Return". Before making a start on the objective of this article, I'd like you to get a grasp on what the sealed box method entails, so let's have a look at that now.

What Is The Sealed Box Method?

As Its name Implies, this Is used when you "seemingly return your purchase Item"  to the company In Its factory sealed box and claim a refund thereafter. Notice how I've used "seemingly return your purchase Item" as the operative words? That's because as a social engineer, you'll do nothing of the sort, but Instead send back something that's completely useless to you  and have your account credited sometime later. Sounds Impossible? Quite the contrary- It's a very simple process, but you need to apply your methodology to perfection and here's how you do It. You buy something that comes In a factory sealed box  and when you receive It, you'll very carefully open It without damaging the seal or any other part of the box/packaging, then take your original Item out and replace It with "anything of equal weight" that you have lying around the house. After that, pack everything back In Its original condition (with special attention to not tear/break the seal) and send It back to the company you're SEing.

When the representative accepts your return, he'll see that there's no signs of tampering and assume that you've sent the box back In the same state as when It was purchased  and as such, It will be placed back Into stock and your refund will be Issued. Now for this to work and leave nothing to chance, It's vital that your Item cannot be viewed externally without opening the box. That Is, the box must be fully covered In cardboard on all four sides and without a clear film. Why? Well, stating the absolute obvious, when the rep/agent receives your return with the useless Item that you've placed Inside, If there's clear film he'll Immediately notice It  and of course, your SE will fail there and then! That aside, this method has a very high success rate, but only If you're systematic with how you repackage the box as per the example above. 

Event: The Box Is Scanned On Return

Unless you still think you're living In the 1960s, whereby almost everything that was processed, dispatched & received was recorded manually without computers and Internet-based technology, In today's warehousing & logistics and freight distribution, every major retailer who operates on a large scale, uses "scanning systems" to record and monitor their movement of stock. This applies to the stores department of the company when picking, packing and sending goods, as well as carriers when collecting, storing and dropping off packages at their destination. As a result and In terms of the company, when you're sending your (SE sealed box) return for a refund, It's Imperative that "It's the actual box that you purchased"

A lot of social engineers think that they can send anything that looks exactly the same, but what happens when the Inwards goods department try and "scan It?". It won't come up as part of their Inventory, hence they'll Immediately Identify It's not theirs and you know what happens next don't you? That's right, say goodbye to your poor attempt to SE them. I don't think there's a need to explain It any further. It Is simply a matter of common sense- the probability of your box being scanned on return, Is extremely likely (If not guaranteed), so you now know what to do when asked to send It back. 

Event: Possibly Checked For Tampering

What you're about to read In this topic, plays a significant role as to whether or not your SE will succeed, so be sure you absorb every word to the fullest. As already mentioned briefly a few paragraphs above, to give the sealed box method the best chance of success, "It's absolutely crucial to not show any signs of Inconsistencies when you assemble and seal everything back together" (with your random/useless Item enclosed) and sending It back to the company thereafter. In other words, your finished product must be a duplicate of the original one, namely because there Is every possibility that your return will be checked by the Inwards goods department/return center the moment they receive It. If they notice Imperfections with the box Itself, particularly "the seal not being Intact", then that will give them every reason to Investigate It further.

Now I'm not saying that It "will" be checked, but rather It "may" be checked and given the likelihood exists, you certainly don't want to risk your SE prematurely coming to an end. So how do ensure that the way you've repacked the box, matches with the manufacturer's packaging? Well, you need something to compare It to and the most effective method, Is to "take a photo of where you plan to open the box". You're not going to remember precisely how It's sealed, thus the photo will be your point of reference when assembling It back together again. Makes sense? Good! 

Bear In mind, that some boxes come wrapped with clear film and the seal Is pretty much glued to the point of seeming Impossible to remove, and many SE'ers believe that It cannot be taken apart without permanently damaging It, but nothing could be further from the truth. There's one thing that I'd like you to lock Into your brain's memory bank. "You're not working against the clock to try and complete the task as quickly as possible". You basically have all the time In the world to disassemble & reassemble It so If need be, take an entire week! The equation to perfecting the sealed box method Is simple- "If It can be done, It can be undone" and vice-versa. 

Event: The Box Is Possibly Opened & Checked

As you're aware, "you have total control of what you're doing on your end"  by not demonstrating any signs of tampering with your sealed box, however the same cannot be said with how the representatives decide to handle your claim and the actions they take when processing your return. It's not possible to determine what happens when they receive your consignment and despite the fact that you've covered every angle by leaving no room for error with the way you've sealed the box, there's still a chance that they may open It and check Its contents. As such, they'll obviously realize that It's not the Item that they've Invoiced and sent you, hence In circumstances like this, you need to be well-prepared with how you're going to respond when they start questioning you

Making up an excuse, Is a lot easier than you think and what helps solidify your response, Is that the box Is (seemingly) sealed and untouched when you returned It. Let's take a step back and think about this from a legit standpoint without any social engineering Involved. You've navigated to Amazon's website and purchased the latest GPU for your computer and sometime later, your wife surprised you by giving the exact same one as a birthday gift. When the carrier dropped off your package, "you did NOT open the GPU", but Instead sent It back to Amazon for a refund. The rep opened It and found an old hard disk and then started asking all sorts of questions. You replied legitimately by saying: "I have no Idea how that could be, I've returned exactly what you sent me"

As a genuine and honest customer, you had nothing to hide and told the complete truth and what justified your story, was the fact that "the box was sealed without any signs to suggest that It was tampered with". As a result, your account was reimbursed for the full cost of the GPU. Given this happened with a legit purchase, how Is It any different to SEing under the same circumstances?  I can tell you that they're both Identical and If you treat your SE In a genuine manner, expect the outcome to work In your favor. Okay, there's one very Important thing that you must be aware of when using the sealed box method, which brings me to the final topic of this article as per below. 

Event: Another Customer Will Receive Your Return

Firstly and before coming to a close, I'll recap briefly on what you've learned thus far. You've purchased an Item and replaced It with something useless of equal weight, then sealed the box perfectly as per Its original factory state. You then sent It back for a refund. The rep assessed It and did not find any signs of tampering, so he credited  your account. Your return was then placed back Into stock In readiness to be sold. What happens from this point forward, worries a lot of social engineers- namely because "another customer will purchase their return at a later date" and they believe that It can be traced back to them, but as you will see shortly, there's absolutely no cause for concern. So here's the situation as events unfold. 

Sometime after your claim was finalized, a customer places an order for a GPU and Inevitably buys your return that you SEd a few weeks prior. After he opens the box, much to his surprise, It contained an old nonfunctional GPU (being "your return") that wasn't worth a single penny, so he Immediately calls the company and explains what just happened. The rep decides to do an Internal Investigation, by cross-checking the order number with the accounts department, to see when they received the GPU and most Importantly, to verify that It was In fact Invoiced to the customer who's questioning the goods. However, their systems show that It's a "returned Item" with the "previous buyer being you" the social engineer! As such, there's a (slight) possibility that you will be contacted and asked to explain yourself. 

Sounds pretty Intense and scary, yes? Quite the contrary. Firstly, you are not obligated to sit there and justify your actions just because the representative asks you to do so. You have every right to simply terminate the call on a good note by saying something along the lines of: "I'm sorry, I don't know what you're referring to and why you're asking all these questions. Have a good day". That's where It ends- you weren't rude, hence didn't raise suspicion and pleaded Ignorance to all questions and concerns. There's one more thing that I'd like to point out, that will definitively put you In the clear of any wrongdoing. "Who's to say that the guy who bought your returned Item, Isn't doing what you did- social engineering the company by using the same method as you?". Given your return was put Into stock, and then picked, packed, dispatched and purchased by someone else, there Is no way the company can trace every movement and conclusively put you at fault. So be sure to keep all that In mind when using the sealed box method.  

In Conclusion:

One of the main reasons I decided to write this article, Is because a lot of social engineers with whom I've spoken, were (and still are) quite concerned with the possible consequences of their actions as a result of returning their sealed box. If you're reading this and feel the same way, "I can assure you that there's no reason to panic". Every topic that's marked with the prefix "Event" explains precisely what to expect when sending back your sealed box and of greater value, Is my recommendations on how to effectively tackle and bypass every form of negativity that may come your way. I've also based a number of events on a worst-case scenario, meaning "If " (and not "when") It does happen during your SEing experience, you'll know exactly how to handle It, so rest assured, there's no cause for concern.
 


Comments