This section will explain on the education based scenario where, a end user named 'X' hacks into 'Y' email account and found out if there's a link to the Paypal account and is very interested in steal or making fund transfer to his Paypal account.
• 'X' has two different Paypal accounts, one is the real/authentic and the other merely for transferring of funds.
• 'X' can utilize the account 'fake' to get any forms of payments to be transferred upon.
• Now user 'X' use the email searcher within the web application, found an "activation email by Paypal". 'X' now access the paypal web site and begin a "Forgot password" request. (So that the username and password can be sent across from the network and into the victims' email account.
• Once 'X' the email request appears in the inbox, begins the transferring of $500.00USD, as an example into his 'fake' or dummy Paypal account in order for him to either purchase items online.
• User 'X' performs an item purchase.
• Paypal will send a purchased or transferred of funds to the victim's email address. User 'X' clears off all the invoice and emails sent by Paypal when once he did a purchase online or a transfer of funds.
Listed are some security logics by Paypal:-
• If an unauthorized user has transferred funds into another, and there is modification made to the funds, e.g. funds = $100.00USD, purchased = $50.00USD, so therefore, applicable amount that can be request back is left with $50.00USD. (This is upon when the user has found out that an illegal activity has perform and user sent an email regarding of what's, then Paypal takes necessary actions by transferring the remaining amount or funds made by the other authorized party).
• Purchasing of items online with the "transferred" amount must be made on that particular day. It usually takes about days or weeks for the user to find out that a suspicious fund transferred that has been made. (Depending on the frequent checks of the authorized user in paypal).