Social Engineering HP for Fun and Profit
by haxadecimal
We all know how bad HP support is.
Calling for help is taking a gamble on who you will be connected to and, more importantly, where you will be connected. Luckily, the money saving system of IT and customer service outsourcing has its weaknesses that can be exploited.
First, let me address the usual protocol when you call HP for technical support.
The end user dials the toll-free number and is dumped into an automated system where they choose what kind of support they need and what type of product they are calling about. The caller is then connected to a live call router. This person is the bottom of the barrel, as far as support reps go, and is generally in India.
The call router will ask you for your basic information, the serial number of the product you are calling about, and a brief description of the issue you are having. They are also required by company policy to offer to sell you something (usually an extended warranty) and give you a case number before sending you off into the actual technical support queue.
At this point you are routed to the next level of support, which is going to either be India, South America, Canada or the USA.
Once again, these are all outsourced companies and not HP. The tech support rep will ask you for your case ID number, verify your information, and then proceed to troubleshoot or assist you with your issue. The main weakness of this system is that they will log virtually anything you tell them into HP's support software.
Say you purchase a used computer and need help with it. You call them and provide them the serial number and, even though the original owner's information will pop-up, they will still add you as the current user/owner so that you can receive support. This means that you can go down to your local mega-mart and jot down some serial numbers and start having some fun.
Another weakness is in getting replacement parts.
HP sends out two types of replacement parts, exchangeable and non-exchangeable.
If your battery is bad, they will send you a new one with a return label to send back the old one. If you do not return it, they will charge your credit card for the replacement. But a non-exchangeable part, like an AC adapter, will be sent free of charge, without taking a credit card number and without the need to return the old part. Other non-exchangeable parts are headphones, TV tuners, and pretty much anything that comes in the box with the system, other than the battery.
The best part about this is that you can request tons of this stuff and they will never bill you. And, since you are giving an alias with serial numbers you took down from store display units, it will never look suspicious in the system.
Yet another weakness they have comes from the use of outsourced case managers.
These are the top of the food chain as far as support goes.
Their only job is to make you, the end user, happy, and are authorized to provide you with free upgrades, replacement computers, free software, and extended warranties. If you request to speak with a case manager, the agent is required by company policy to honor your request; they will either immediately transfer you or schedule a call back.
It is not unusual for a case manager to simply send out a replacement unit to keep a caller happy. If they take this course of action, they send you a FedEx label to return the "defective" product.
Use your imagination and you can exploit them. I personally was on a call where a man was sent a new computer because he could not remember his AOL password and blamed HP for it.
Have fun.