In this post I will explain how I was able to social engineer a local sporting goods store employee to give me a store credit for something that I should not have been able to get credit for. Why did I do it? Partly to prove I could and partly to make a point. Please read the entire thing before drawing any conclusions. I encourage you to post your opinion in the comments section.
The Prerequisites
About a year ago I bought a jacket for about $130. I probably bought it on sale in the spring or early summer. The jacket was definitely comfortable, but when I finally started wearing it in cold windy weather I discovered that it did a terrible job of keeping out the wind. It practically felt like I was wearing a jacket full of holes.
I keep everything I own in as new condition as possible and this jacket was no exception. When I was looking at new jackets in a local sporting goods store, I realized that buying a new jacket would mean my old one would never be used again. That seemed like a big waste. I noticed the sporting goods store was selling the same design jacket, but with a few slight differences (maybe better wind-proofing). This gave me an idea. What follows is the story of how I received a $165 credit for a year old jacket. The jacket brands and store names have been left out to protect myself from incriminating myself. 😉
A Social Hack, 1st Attempt
When I arrived at the local sporting goods store with my used jacket I went straight to the counter and gave the jacket to a cashier. I immediately noticed that she looked like a new employee.
"Hello. I got this jacket for Christmas but I want to exchange it for something else." I said as I placed the jacket on the counter.
"Uhh..."
"I don't have the receipt and the tags were lost when it was wrapped."
"Ummm, hmmm..." she muttered, obviously very confused about how to handle the situation.
"I'm pretty sure you guys still sell this same jacket, so I'm just going to leave this jacket here and go find the same jacket with a tag, OK?"
"OK..." she replied, still sounding very unsure of herself.
I knew exactly where the similar jacket was and went straight to that section of the store. I found the similar jacket and also picked up the different brand jacket that I wanted to exchange it for so the cashier could do the transaction all at once.
When I got back to the register with the two jackets, a man in plain clothes was holding my used jacket and waved me over to a different register. I assumed he was a store manager, as everyone else was dressed in the store outfit.
"Can I ask the reason you're exchanging this?"
"Well I got it for Christmas and after wearing it a few times I discovered it just doesn't keep out the wind at all, so I just want to exchange it for something else."
"Do you have the receipt or the tags?"
"No, but this looks like the same jacket." I said, as I handed him the new similar jacket from the store.
"OK, how long ago did you say you bought this?"
I knew he was catching on to the fact that the jacket looked used, so I tried my best to rescue the situation. "I got it this past Christmas, so... a few weeks ago. I washed it a couple of times, so thats why it looks slightly worn."
"Well," he said inspecting the bottom side of the jacket, "this looks extremely worn. There is a tear here and these markings are from very regular usage."
"I told you I washed it once or twice, so it must have got caught in the dryer and thats how it was torn."
"The only way you could get these kind of using markings is if you wore this jacket 24 hours a day for the past few weeks." He looked very satisfied and sure of what he was saying. "I'm sorry, I cannot do the exchange. It just wouldn't be a fair exchange."
I said OK and left the register to put back the two jackets (the new similar one with the $165 price tag and the different brand jacket that I wanted to exchange it for). I then picked out a store brand jacket to buy (you'll see why later) and brought it back to the register where the manager rung me up. He placed the new jacket in a store branded bag. I left with the newly purchased store brand jacket and my used jacket.
A Social Hack, 2nd Attempt
I then drove about 35 minutes West to their only other store in this area. I walked in carrying the store brand bag I got from the first store. Inside was my used jacket. While I waited in line, I was happy to see there was only one cashier and that she was doing a return for someone else (this meant she knew how to do returns and wouldn't have to call someone else for help).
When it was my turn, I put the store brand bag down on the table. "My mom bought this jacket for me a few days ago," I said as I took the jacket out of the bag. I pointed to the tear in the jacket and continued. "I don't know why it was even for sale because it looks very used."
"Wow..", the cashier said, sounding as if she almost didn't believe what she was seeing.
To keep the story going and prevent any room for questions, I kept talking. "I don't know how she could have missed that, but it definitely looks like someone wore it for a long time. How could that have been put on the shelf?"
"Well, we wouldn't have put that back on the shelf, but sometimes when things are returned they are thrown into the wrong pile. Someone might have picked it up by accident when they were tagging and put it back on the shelf. Do you have the receipt?"
"No, she has a bad habit of not keeping her receipts."
"Hmmm..."
"And look, the tag is gone too. I couldn't find it anywhere."
"Well, is she a..."
"A member? No, but I'm a member. I know if she was a member you could look up the transaction that way, but I've been trying to get her to become a member for so long. My sister is a member. She's the one who convinced me to become one."
"Did your mom pay with a credit card?"
"Yes.", I replied, knowing she was going to suggest something that I could easily make an excuse for.
"Well, if you waited a month, the transaction would show up."
"I know, but she bought a bunch of things, so I doubt you'd be able to tell that way."
"Hmmm... because without the tag or receipt I really have no way of knowing what she paid for it..."
"Well, if I can find the same jacket in the store, can't you just use the price from that? You do still sell these jackets, right? I mean she only bought it a few days ago..."
"Yes, I'm sure we still sell them...."
"Then I'll just go find one with a tag, OK?"
"OK" she said, finally seeming to give in.
I went to the jackets section, hoping this store carried the similar jacket as the other store did. Sure enough, I found an entire rack of them. I picked out the same size jacket and brought it back to the register.
"This looks like the same jacket" I said, placing it on the table. She glanced at the two jackets and noticed they had different looking tags inside. She probably didn't say anything about it though because she knew my jacket shouldn't have gone back on the shelf in the first place. She began poking away at the register to make the exchange.
"It's the same size right?" I said, pretending to make sure my new jacket would fit me.
"Yup, they're both medium" the cashier said, continuing to make the exchange. She scanned the price tag on the new jacket; $165. She then voided that amount, placed the new jacket in a store brand bag and handed it to me.
"Thank you and have a nice day!"
"Thank you" I said, trying to keep a straight face.
Concluding the Hack
The following day I went back to the first store and brought in the new jacket with the $165 tag on it. I told them my brother bought the jacket yesterday but that he didn't have the receipt. Since the price tag was still on it, I was given a $165 store credit and was able to use it for the different brand jacket.
Unfortunately that store manager wasn't there this time. I would love to have seen his reaction if he did the exchange for me. 🙂
Reviewing the Hack
The only thing that could have foiled this was if the suspicious manager at the first store called the second store and told them about me. That was one of the reasons I bought a store brand jacket at the first store -- I wanted to make him feel guilty if he was to call the other store about me. If I actually spent some money while I was at the store, and spent money on store brand stuff, then he would be less likely to feel like I was trying to rip the store off.
I also made use of the managers observation that jacket looked used and decided to change my story when I went to the second store. The second time however, I didn't try to exchange my used jacket for a different brand jacket all together. Instead I exchanged it for a newer version of the same jacket... with a $165 price tag on it.
When the exchange was made, the cashier did not ask me for an ID and did not ask me to fill anything out. I made sure not to buy anything extra when I made the exchange, so there would be no credit card linking me to the exchange. I also made sure I didn't show them my membership card. The only way they can link me to the jacket I exchanged is by the security tapes in the store.
So, what's the social engineering lesson? If at first you fail, try, try again.
Unethical, Unmoral, Criminal?
I'm sure there will be many people who would consider what I've done unethical or even criminal. I beg to differ. What I did should not have been possible. The manager in the first store handled the situation exactly as I would have expected, but the failure came two ways: When information was not passed from one store to the other and when the employee in the second store was easily convinced of something that seemed very unlikely.
Should all clothing have unique ID tags that allow such attempts to be logged? Should stores never accept an exchange, return, or provide a store credit for something unless the receipt or product price tag is available? Until you remove the weak link (humans), those seem to be the only alternatives -- yet stores fail to implement such measures.
Businesses attempt to provide better customer service without having the necessary policies and technology in place to prevent unwanted social engineering. The very thing that drives businesses to save money by assuming people are generally good is what also drives people to find ways around normal procedures: greed. I was simply trying to save money and in doing so I discovered how I could.
What it really comes down to is trust. If someone writes you a personal check in return for purchasing something from you, do you just assume the check is good and give the item to the purchaser? No, of course not. You wait until the check has cleared your bank. You have no reason to trust the person who wrote you the check. (This delay in processing checks is one of the reasons Congress passed the Check 21 Act a few years ago.) When you accept payment with cash, you're saying that you trust the US Government to honor its promise that those dollar bills are worth their stated value.
If I can make a cashier believe something that isn't true, then that cashier should not be working as a cashier. Imagine if I was able to walk up to a bank teller and make that person believe that I just gave them $100. If the teller actually believed me and gave me $100, would I be stealing or would the teller?
It is the job of the people employed by businesses to determine who they should trust and who they shouldn't. And it is the job of the employer to put the proper policies in place for those employees to follow. The only reason identify theft is so huge is because people are so gullible. With enough confidence and consistency, you can practically convince anyone of anything. That brings us back to the lesson:
If at first you fail, try, try again.
w0rd
so what exactly are you trying to prove?? that by deceiving people, you can get what you want??
Obviously, that girl that made the exchanged trusted your story. You used that person trust to your advantage.
You should be ashamed of yourself.
FTA:
Why did I do it? Partly to prove I could and partly to make a point.
What point? Well, if you read the last section of the post you’ll hear what my point is — and if you don’t understand my point feel free to ask a me a specific question (as opposed to, “What are you trying to prove?”).
I’m not ashamed of myself. I don’t believe I have any reason to be. In fact, I feel good that I used my intelligence to save myself some money using an entirely legal method.
It all comes down to what “you” yourself believe is right or wrong. Apparently, you don’t see anything wrong with deceiving people. Deception is not something human should used to prove a point or to get what you want.
You did used your intelligence to save money, but in a dishonest way.
A dishonest way?
If you find a $20 bill on the sidewalk while you’re walking and there is no one else around that could have recently dropped it, are you being dishonest by picking it up and putting it in your pocket? If so, what would be the honest thing to do?
When a used car salesman sells you a car for $2,000 more than he bought it for, is he being dishonest or is he making an honest living to feed his family?
When a small business owner finds a way to import their product for a cheaper price but doesn’t change the price that they’re selling it to their customers for, is that owner finding ways to save money or is he/she being dishonest to the consumer?
If I shoplifted the jacket from the store and did it so well that even the camera’s didn’t catch me, then that would be dishonest. I would be getting something for nothing. On the other hand, if I exchange something I own for something else in the store (even if the value may be different), then I’m not being dishonest.
You were being dishonest by telling a story that isn’t true. How is your examples related to the topic??
If I find a $20 bill and I pick it up, how am I being dishonest with myself by taking it?? It makes sense to take it if no on claims it. In this case there wasn’t another person involve. In your case, there was another person involved. You were being deceitful to that person and you were lying about the jacket.
If you think lying is the right thing to do to prove a point, then you need a lesson in morals. Like I said before, it’s entirely up to the person that committed the act whether they think its right or wrong.
I’m not here to judge you. I’m here to state an opinion of mine.
A used car salesman tells a potential buyer how great the car is and how the car is a steal for the price he’s selling it at (even though he knows he wouldn’t pay the same price himself). He does everything he can to convince the potential buyer that it’s a great car. If he succeeds, he makes some money and sells the car.
I convince a store clerk that the jacket was recently purchased and that an employee of the store mistakenly put a used-looking jacket back on the shelf. I succeeded in convincing the clerk, so I was able to get the same jacket in better condition.
How are those not related?
LoL. We do this kind of stuff in the Marine Corps all the time. Except calling it a social hack, we call it “Big Boy”ing.
Our shop has gotten to the point where we can big boy 7 ton military trucks for our use.
I’d like to say that in the USMC, it’s not about ethics, it’s about being the alpha male. And as much as I dislike it, it’s pretty hilarious sometimes.
ReCaptcha: Outfits rule.
lol