Search results
1 – 10 of 19Cassandra Cross and Rosalie Gillett
This paper aims to explore current knowledge of business email compromise (BEC) fraud, or approaches that specifically target organisations for financial gain, through the…
Abstract
Purpose
This paper aims to explore current knowledge of business email compromise (BEC) fraud, or approaches that specifically target organisations for financial gain, through the exploitation of trusted relationships. BEC fraud affects organisations globally and is estimated to have netted offenders over US$26bn since 2016. Despite the sheer magnitude of these losses, there is a dearth of academic research seeking to better understand this crime type, and prevent it from occurring.
Design/methodology/approach
This review summarises the known literature on BEC fraud. It uses a variety of academic and industry sources to ascertain the current state of knowledge, including how it is perpetrated, its impact (on businesses and individuals), how law enforcement have responded and its prevention.
Findings
This review highlights many gaps in knowledge surrounding BEC fraud. There has been a large focus on the technical aspects of BEC fraud, to the detriment of the human elements. Often, BEC fraud is successful through targeted and effective use of social engineering techniques and is able to overcome any technical solutions through the manipulation of personal relationships. Further, while the financial impacts of BEC fraud are obvious, there is no known research which has explored the non-financial harms of BEC fraud (across organisational and individual perspectives). With companies starting to (unsuccessfully) take legal action against those who have responded, there is a clear need to understand how organisations can better respond to incidents when they occur. Finally, there are gaps in knowledge on what is the best combination of both technical and human measures to prevent BEC fraud.
Research limitations/implications
This review is based on information presently available, and as indicated, there are significant gaps in what is currently known.
Practical implications
This review highlights the need to undertake research into the current gaps, with a view to improving best practice knowledge on prevention and response.
Social implications
Currently unknown, BEC fraud is posited to have significant impacts at both personal and collective levels. Increased knowledge of these non-financial impacts will improve how organisations respond to BEC fraud and how employees can be supported before and after an incident occurs.
Originality/value
Despite the magnitude of the problem, there is limited academic scholarship on BEC fraud. This literature review offers a summary of current knowledge and advocates a strong research agenda moving forward.
Details
Keywords
To explain the fraud schemes known as business email compromise (BEC) and executive impersonation that are growing in popularity, and the threat they pose to financial…
Abstract
Purpose
To explain the fraud schemes known as business email compromise (BEC) and executive impersonation that are growing in popularity, and the threat they pose to financial institutions.
Design/methodology/approach
This article explains BEC and executive impersonation and how they are carried out, and discusses how regulations and practical operational steps are trying to address this fraud issue.
Findings
Financial institutions should understand the potential for legal and regulatory risks posed by BEC and executive impersonation, and consider taking steps to create a proactive, culture of skepticism and heightened awareness to combat this type of fraud.
Originality/value
This article is adapted from the original report issued by the American Institute of CPAs and has been updated to address specifics concerning financial institutions.
Details
Keywords
Ishmael Mugari, Maxwell Kunambura, Emeka E. Obioha and Norah R. Gopo
This study aims to explore the nature and impacts of cybercrime in the Zimbabwean retail sector and evaluate the effectiveness of the current measures to deal with cybercrime.
Abstract
Purpose
This study aims to explore the nature and impacts of cybercrime in the Zimbabwean retail sector and evaluate the effectiveness of the current measures to deal with cybercrime.
Design/methodology/approach
This study adopted a mixed research design on a sample of 38 retail players in a small mining town, Bindura, who were selected using stratified random and purposive sampling techniques. Data were collected through a mainly closed-ended questionnaire and in-depth interview guide. Statistical Package for Social Sciences (SPSS) was used to analyse quantitative data, whereas summative content analysis was used to analyse qualitative data.
Findings
Virus dissemination, hacking and card fraud were identified as the major forms of cybercrime prevalent in the retail sector. Additional security costs, loss of sensitive data and direct financial losses were found to be the major impacts posed by cybercrime on retail sector. It was also established that the current internal measures and policing efforts to fight cybercrime in the retail sector were ineffective.
Originality/value
This study provides context-specific information on the scourge of cybercrime in a developing third world country that has of late been characterised by a myriad of other socioeconomic challenges. Although similar studies have been conducted in other parts of the globe, there has been a dearth of literature on retail sector cybercrime in Zimbabwe. This study also interrogates the Zimbabwean retail sector’s preparedness in dealing with this contemporary threat.
Details
Keywords
Eileen M. Decker, Matthew Morin and Eric M. Rosner
This chapter explores the laws and unique challenges associated with the investigation and prosecution of cybercrime. Crimes that involve the misuse of computers (e.g., hacking…
Abstract
This chapter explores the laws and unique challenges associated with the investigation and prosecution of cybercrime. Crimes that involve the misuse of computers (e.g., hacking, denial of service, and ransomware attacks) and criminal activity that uses computers to commit the act are both covered (e.g., fraud, theft, and money laundering). This chapter also describes the roles of the various federal agencies involved in investigating cybercrime, common cybercrime terms and trends, the statutes frequently used to prosecute cybercrimes, and the challenges and complexity of investigating cybercrime.
Details
Keywords
Molly Cooper, Yair Levy, Ling Wang and Laurie Dringus
This study introduces the concept of audiovisual alerts and warnings as a way to reduce phishing susceptibility on mobile devices.
Abstract
Purpose
This study introduces the concept of audiovisual alerts and warnings as a way to reduce phishing susceptibility on mobile devices.
Design/methodology/approach
This study has three phases. The first phase included 32 subject matter experts that provided feedback toward a phishing alert and warning system. The second phase included development and a pilot study to validate a phishing alert and warning system prototype. The third phase included delivery of the Phishing Alert and Warning System (PAWSTM mobile app) to 205 participants. This study designed, developed, as well as empirically tested the PAWSTM mobile app that alerted and warned participants to the signs of phishing in emails on mobile devices.
Findings
The results of this study indicated audio alerts and visual warnings potentially lower phishing susceptibility in emails. Audiovisual warnings appeared to assist study participants in noticing phishing emails more easily and in less time than without audiovisual warnings.
Practical implications
This study's implications to mitigation of phishing emails are key, as it appears that alerts and warnings added to email applications may play a significant role in the reduction of phishing susceptibility.
Originality/value
This study extends the existing information security body of knowledge on phishing prevention and awareness by using audiovisual alerts and warnings to email recipients tested in real-life applications.
Details
Keywords
This paper aims to help build awareness with financial institutions about the money laundering risks posed by individuals who have been unknowingly recruited as Money Mules and…
Abstract
Purpose
This paper aims to help build awareness with financial institutions about the money laundering risks posed by individuals who have been unknowingly recruited as Money Mules and the measures that financial institutions can adopt to detect illicit funds which are being received into the bank accounts of low risk or medium risk customers who are unknowingly recruited as “Money Mules”.
Design/methodology/approach
The research took the form of a desk study, which analysed various documents and reports such as a 2019 report on Money Mules by the European Union Agency for Law Enforcement Cooperation (EUROPOL); a 2019 and 2020 report on Money Mules by the Federal Bureau of Investigation (FBI) and the Better Business Bureau (BBB); the Financial Action Task Force Guidance on the Risk Based Approach to Combating Money Laundering and Terrorist Financing (High Level Principles and Procedures) 2007; the Financial Action Task Force Recommendations 2012; the United Kingdom’s Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017; the United States Federal Financial Institutions Examination Council Bank Secrecy Act/Anti-Money Laundering Examination Manual 2014; Transparency International Corruption Perceptions Index 2018; The UK Proceeds of Crime Act 2002 (as amended); the Joint Money Laundering Steering Group JMLSG, Prevention of money laundering/combating terrorist financing: Guidance for the UK financial sector Part I June 2017 (Amended December 2017); the United States Codified Bank Secrecy Act Regulations (31 CFR); the Nigerian Money Laundering Prohibition Act 2011 (as amended); and the Joint Money Laundering Steering Group JMLSG, Prevention of money laundering/combating terrorist financing: Guidance for the UK financial sector Part II: Sectoral Guidance June 2017 (Amended December 2017).
Findings
This paper determined that financial institutions may be able to prevent proceeds of crime from being laundered by individuals who have been unknowingly recruited as Money Mules if they focus monitoring resources on the emotionally vulnerable customers like newcomers to the country, unemployed people who may have lost their jobs because of a pandemic like COVID-19, students and those in economic hardship; pay very close attention to the country of origin where the funds emanate from; pay very close attention to the country where the funds are being transferred to; and pay close attention to frequent large cash deposits followed by wire transfers.
Originality/value
While most articles focus on the money laundering risk(s) associated with Money Mules and the measures that individuals can use to ensure that their bank accounts are not used by criminals to launder illicit funds, this paper focuses on the different mechanisms that banks can use to detect illicit funds which are being received into the bank accounts of low risk or medium risk customers who are unknowingly recruited as “Money Mules”. This paper recommends a proportional approach that balances anti-money laundering measures, financial inclusion and human rights. The mechanisms/measures which have been extensively discussed in this paper will help banks to identify, assess and understand their money laundering and terrorist financing risks as it relates to Money Mules and take commensurate measures to mitigate them.
Details
Keywords
Sam Takavarasha Jr, Renier Van Heerden, Surendra Collin Thakur and Annelie Jordaan
Kalyan Nagaraj, Biplab Bhattacharjee, Amulyashree Sridhar and Sharvani GS
Phishing is one of the major threats affecting businesses worldwide in current times. Organizations and customers face the hazards arising out of phishing attacks because of…
Abstract
Purpose
Phishing is one of the major threats affecting businesses worldwide in current times. Organizations and customers face the hazards arising out of phishing attacks because of anonymous access to vulnerable details. Such attacks often result in substantial financial losses. Thus, there is a need for effective intrusion detection techniques to identify and possibly nullify the effects of phishing. Classifying phishing and non-phishing web content is a critical task in information security protocols, and full-proof mechanisms have yet to be implemented in practice. The purpose of the current study is to present an ensemble machine learning model for classifying phishing websites.
Design/methodology/approach
A publicly available data set comprising 10,068 instances of phishing and legitimate websites was used to build the classifier model. Feature extraction was performed by deploying a group of methods, and relevant features extracted were used for building the model. A twofold ensemble learner was developed by integrating results from random forest (RF) classifier, fed into a feedforward neural network (NN). Performance of the ensemble classifier was validated using k-fold cross-validation. The twofold ensemble learner was implemented as a user-friendly, interactive decision support system for classifying websites as phishing or legitimate ones.
Findings
Experimental simulations were performed to access and compare the performance of the ensemble classifiers. The statistical tests estimated that RF_NN model gave superior performance with an accuracy of 93.41 per cent and minimal mean squared error of 0.000026.
Research limitations/implications
The research data set used in this study is publically available and easy to analyze. Comparative analysis with other real-time data sets of recent origin must be performed to ensure generalization of the model against various security breaches. Different variants of phishing threats must be detected rather than focusing particularly toward phishing website detection.
Originality/value
The twofold ensemble model is not applied for classification of phishing websites in any previous studies as per the knowledge of authors.
Details