Social Engineering Basics

Mac on 4/11/2012, 1:33 am


Social engineering is the art of manipulating people into performing actions or divulging confidential information, in our case we are using methods to manipulate people to giving us free stuff.

This guide will include the following:
Chapter 1 – Basics
o Shipping – Box Method
o Basic Methods
o Making a basic story
o What to do's
Chapter 2 - Targets
o Websites (Hard and Easy Websites to SE.)
Chapter 3 - Hunting
o Creating your Own Methods
Chapter 4 – Advanced
o Evading getting caught
o What to do when you’ve been caught
o Advanced Methods
o Making a constructive Story
o World Wide Shipping
By the time you have read these 4 chapters, you would have learned pretty much everything you need to know about social engineering.

Chapter 1
Shipping – The Box Method
The Box Method is required for a few of the SE’s in the future, though there are a few work-arounds to not do this method.
How to Perform this Method:
1. Get an empty Box.
2. Put a few things in the box, rocks and such.
3. Tape up the box.
4. Send the box to the company (Whilst the rocks are the same weight as the Item).
5. ???

The Shipping Hazard Method
This method requires not much, mainly just you being on a phone call to a representative (You can use this on other methods, but call in Is the most effective). The Hazard Method is when you are preparing the “box” to send to the company, but you accidently “spill” blood onto the Item, therefore making it Hazardous to send.
How to Use it:
Call In: If you are on a call to the company, make sure to tell them you are preparing your box. Make some noise, preferably flap paper around and move it around on the ground, then all of a sudden scream out something loud, such as “AH SHIT” or “OWCH!”, Groan until the reprehensive asks you if you are okay, reply with something along the lines of “No.. I’ve cut my finger with the scissors and there’s blood everywhere...” He should ask if the product is affected, if so tell him there’s blood on the product.
Live Support/Email: Just tell them you’ve cut yourself preparing the box and Blood has gotten over the product. Only use this in important circumstances.
Basic Methods Emailing The email method is when you contact the company via an email. Emailing is pretty good if you’re going to target Logitech or Microsoft, though it would still be better if you used call-ins. Emailing is very good if you don’t have a phone or can’t reach overseas. It’s very effective if you’re good at it.
Calling in Calling in is pretty much the best method (efficient wise and effective wise), mainly since you’re going to be able to talk voice to voice with the rep.
Do not do this if you are really uncomfortable with talking to people and lying over the phone.

1. Never give up on the rep. The company has to fix your problem, that’s their job. Just keep persistent and stick with your story and you will eventually get what you need.
2. When you’re doing something very big or valuable, it is very safe to make sure you are using a proxy/VPN (Virtual Private Network). You can get them for free, pretty much anywhere on HF or just about anywhere on the internet.
3. Do not be ashamed of what you are doing. Even if you’re making dozens of excuses on the way, it will still work if you do things the right way. If you do the things the wrong way… well, you can learn soon what to do later in this eBook.

Making a Basic Story
Mention that you have been a customer for a long period of time, and so, you have purchased their products fairly often. Tell them bad details; Product being broken, malfunctioning, etc. Degrade their company if you still don’t allow you to get your “replacement”.

Import Story Outline:
Introduce your self
o Background
o Problem with Product
o Mention you have never had these issues with their products before.
o Give them proof of purchase when they ask for it. (Photoshop is the best here).
o Be Persistent; don’t ever show weakness in yourself, they look for this.

What to do's
When they want to ask you to go to the retail store, Tell them that it's far away and that you cannot go there and you'd have to take a 2-3 hour trip which would take a lot of fuel. If they say they cannot do anything about it, Go check their ToS for any loop holes , If you can see one, post it up and see if you can convince them to let you go to higher authorities. If you are asked to return the product, you can either do one of the basic shipping methods or you can just say that " WHAT DO YOU THINK? I am going bring around a stupid laptop and play with it? WHAT?!" <-- something around like that.. OR " What do you think? I am going to wear destroyed shoes?!". Basically, make a reason for everything and if you think it's too hard, don't do it.

Chapter 2
Targets (Listed from Easiest to Hardest)
1. Logitech
2. Microsoft
3. Altec Lansing
4. Origin Keys
5. Steam Keys
6. Turtleneck Headphones
7. Razor
8. Laptops (Alienware, Dell, etc)
9. Special Products ($10000+, etc) <-- DO NOT ATTEMPT UNLESS YOU'RE A REAL EXPERT.

This is full of possibilities, some are hard, some are not. It would be fun to find out some yourself. I recommend starting low, then building your way up.
Be careful re-using the same methods with Small Companies, they catch on very fast. The difficulty depends on the representative as well.

Chapter 3
Hunting is looking for your own methods and companies to social engineer.

Simple Hunting Tips:
Never look for small companies, this is the most risky thing you can do, as they catch on very fast to methods. If you choose to give them a go, don’t expect to get something out of it. If you succeed encourage yourself, this is very tricky.
Try your hardest to focus on Social Engineering new, hot items. Such as Kindles, iPods, etc. These are being spread like wildfire, so of course their customers are going to have some “problems”. Don’t even hesitate to give it a go, get right to it!

Chapter 4
Evading Getting Caught
Basically you have to cover your own tracks, If you are nervous on the phone, just say that this is your first time talking on the phone. This part is basically just lying and what-so.. Well everything about Social Engineering is... Another example is that when you accidentally didn't notice something when you were photo shopping your receipt you noticed that the name was different rather than the name you have on Live Support.. What you can say is that my friend bought it for me since I didn't have the cash at that time. Also when they're shipping to your place.. It is very recommended that you use a DROP SHIPPING.

Advanced Methods

Double it up method
This method is used when you want to double or even TRIPLE your product that you have SE'd..
Basically what you say is that you haven't received your product.. If you're lucky they will send it to you... and then once you have received the product.. Say that I still haven't received anything yet and say that can you guys ship it to my friend's place instead? Make sure you sound pissed a little bit if you're on the phone.

Usually used for Alienware and expensive products. What you do here is go on craigslist, dealextreme and look for the sellers of your product... You ask for the information you need.. Make it a smooth conversation... Also you can say that the *this information* is really important so I can confirm that you really have it or you can tell him to take a picture of the product of where the information is located at. Also another thing is that you can go to live support and contact them about the "information such as a service tag" say that you got your dad's alienware computer and he just died and stuff.. make up your own story.. And if they ask information about your mom, say that you don't see her anymore. Just try to keep convincing the rep to give you enough details.

Making a constructive story
Make sure all things add up to the story and make sure everything is believable. To confirm it is to let a friend of yours see your story and ask him if you were that person, would you believe it? Also make sure that you don't give all the things like in one part like you know what he was about to say since that would be quite weird and the time that the rep see's something suspicious, he would be careful. You can also check their terms of service for loopholes.

World-wide shipping
The technique into social engineering them to get them to ship to your place if you're in Asia, or what-ever place you are in is that keep saying that you went there for Christmas and now you went back to where-ever you are.. Such an example would be: I went to the United States and I have gotten back from a vacation there since my aunt invited me to go there... And that is where I bought your product. *insert story*. Has worked a couple of times. Remember that Logitech and Microsoft allow shipping to Asia-Pacific... I have tried doing
that myself.
