You must be familiar with the term phishing, or phishing scam. It is an online hacking attack where an individual involved in online hacking tricks a victim into giving away secret information such as log-in details, financial data and so on, without the latter realizing the true nature of the scam.

So you can understand the potential use of phishing to online hacking criminals who wish to perpetrate identity theft. The term itself originates from phone phreaking, a word that traces its way to early hacking incidents reported in the media and identity theft cases. Though based on a simple underlying concept, perpetrators can weave an elaborate con aimed at ‘phishing’ the identity details of a target. These may then be used to mail bomb another target, other online hacking activity or even to access the target’s financial data.

Online Hacking: How Phishing Scammers Operate

Phishers try to con you into providing them with sensitive info such as email/ login data, which they can then put into their nefarious online hacking skills and use it to make money out of the system.

One very vulnerable target for phishers is your PayPal account. PayPal is a web-based payment processing system that lets you transfer money to and from your PayPal account with your credit or debit card, thus avoiding the risk of revealing your credit card details to every e-commerce website you shop at.

This does make PayPal a particularly meaty target for online hacking. If you wanted to take money out of other people’s PayPal accounts, all you would really need is their email address and password. Then you sign in to their account, and send the money to an account you have set up.

What phishers will do is email PayPal customers with an email that looks like an official email from PayPal. It will have the PayPal logo and format and will look exactly like official PayPal emails to customers. It may even come from an address that looks like PayPal’s official website. It will go on to say it is a random security check or some other technical procedure and that you are required to type in your user name and password. It will then thank you and say the check or whatever other scheme it claims to be is complete. In the meantime, the phisher will have your password and can clear out your account.

While this is a basic example, there are countless variations of increasing complexity that will be used to try and entice customers to give out bank account details, credit card details or other sensitive information. It can often be next to impossible for the average customer to detect that the email or website is not the official one of the company it is supposed to be from and they are therefore very dangerous.

Any suspect email that has even a remote possibility of being a phishing attempt must be immediately notified to the concerned party that is being mimicked; often your bank or credit card company or PayPal account. You need not be a Sherlock Holmes to spot such a scam: no bank or payment processor would ask for your password in an email, so if a purported bank or bank employee requests such information then its time to hit the panic button.

Keep watching this online hacking weblog for the  latest online hacking news.