Search results

This paper aims to explore current knowledge of business email compromise (BEC) fraud, or approaches that specifically target organisations for financial gain, through the exploitation of trusted relationships. BEC fraud affects organisations globally and is estimated to have netted offenders over US$26bn since 2016. Despite the sheer magnitude of these losses, there is a dearth of academic research seeking to better understand this crime type, and prevent it from occurring.

This review summarises the known literature on BEC fraud. It uses a variety of academic and industry sources to ascertain the current state of knowledge, including how it is perpetrated, its impact (on businesses and individuals), how law enforcement have responded and its prevention.

This review highlights many gaps in knowledge surrounding BEC fraud. There has been a large focus on the technical aspects of BEC fraud, to the detriment of the human elements. Often, BEC fraud is successful through targeted and effective use of social engineering techniques and is able to overcome any technical solutions through the manipulation of personal relationships. Further, while the financial impacts of BEC fraud are obvious, there is no known research which has explored the non-financial harms of BEC fraud (across organisational and individual perspectives). With companies starting to (unsuccessfully) take legal action against those who have responded, there is a clear need to understand how organisations can better respond to incidents when they occur. Finally, there are gaps in knowledge on what is the best combination of both technical and human measures to prevent BEC fraud.

This review is based on information presently available, and as indicated, there are significant gaps in what is currently known.

This review highlights the need to undertake research into the current gaps, with a view to improving best practice knowledge on prevention and response.

Currently unknown, BEC fraud is posited to have significant impacts at both personal and collective levels. Increased knowledge of these non-financial impacts will improve how organisations respond to BEC fraud and how employees can be supported before and after an incident occurs.

Despite the magnitude of the problem, there is limited academic scholarship on BEC fraud. This literature review offers a summary of current knowledge and advocates a strong research agenda moving forward.

To explain the fraud schemes known as business email compromise (BEC) and executive impersonation that are growing in popularity, and the threat they pose to financial institutions.

This article explains BEC and executive impersonation and how they are carried out, and discusses how regulations and practical operational steps are trying to address this fraud issue.

Financial institutions should understand the potential for legal and regulatory risks posed by BEC and executive impersonation, and consider taking steps to create a proactive, culture of skepticism and heightened awareness to combat this type of fraud.

This article is adapted from the original report issued by the American Institute of CPAs and has been updated to address specifics concerning financial institutions.

This study aims to explore the nature and impacts of cybercrime in the Zimbabwean retail sector and evaluate the effectiveness of the current measures to deal with cybercrime.

This study adopted a mixed research design on a sample of 38 retail players in a small mining town, Bindura, who were selected using stratified random and purposive sampling techniques. Data were collected through a mainly closed-ended questionnaire and in-depth interview guide. Statistical Package for Social Sciences (SPSS) was used to analyse quantitative data, whereas summative content analysis was used to analyse qualitative data.

Virus dissemination, hacking and card fraud were identified as the major forms of cybercrime prevalent in the retail sector. Additional security costs, loss of sensitive data and direct financial losses were found to be the major impacts posed by cybercrime on retail sector. It was also established that the current internal measures and policing efforts to fight cybercrime in the retail sector were ineffective.

This study provides context-specific information on the scourge of cybercrime in a developing third world country that has of late been characterised by a myriad of other socioeconomic challenges. Although similar studies have been conducted in other parts of the globe, there has been a dearth of literature on retail sector cybercrime in Zimbabwe. This study also interrogates the Zimbabwean retail sector’s preparedness in dealing with this contemporary threat.

This chapter explores the laws and unique challenges associated with the investigation and prosecution of cybercrime. Crimes that involve the misuse of computers (e.g., hacking, denial of service, and ransomware attacks) and criminal activity that uses computers to commit the act are both covered (e.g., fraud, theft, and money laundering). This chapter also describes the roles of the various federal agencies involved in investigating cybercrime, common cybercrime terms and trends, the statutes frequently used to prosecute cybercrimes, and the challenges and complexity of investigating cybercrime.

This study introduces the concept of audiovisual alerts and warnings as a way to reduce phishing susceptibility on mobile devices.

This study has three phases. The first phase included 32 subject matter experts that provided feedback toward a phishing alert and warning system. The second phase included development and a pilot study to validate a phishing alert and warning system prototype. The third phase included delivery of the Phishing Alert and Warning System (PAWS^TM mobile app) to 205 participants. This study designed, developed, as well as empirically tested the PAWS^TM mobile app that alerted and warned participants to the signs of phishing in emails on mobile devices.

The results of this study indicated audio alerts and visual warnings potentially lower phishing susceptibility in emails. Audiovisual warnings appeared to assist study participants in noticing phishing emails more easily and in less time than without audiovisual warnings.

This study's implications to mitigation of phishing emails are key, as it appears that alerts and warnings added to email applications may play a significant role in the reduction of phishing susceptibility.

This study extends the existing information security body of knowledge on phishing prevention and awareness by using audiovisual alerts and warnings to email recipients tested in real-life applications.

This paper aims to help build awareness with financial institutions about the money laundering risks posed by individuals who have been unknowingly recruited as Money Mules and the measures that financial institutions can adopt to detect illicit funds which are being received into the bank accounts of low risk or medium risk customers who are unknowingly recruited as “Money Mules”.

The research took the form of a desk study, which analysed various documents and reports such as a 2019 report on Money Mules by the European Union Agency for Law Enforcement Cooperation (EUROPOL); a 2019 and 2020 report on Money Mules by the Federal Bureau of Investigation (FBI) and the Better Business Bureau (BBB); the Financial Action Task Force Guidance on the Risk Based Approach to Combating Money Laundering and Terrorist Financing (High Level Principles and Procedures) 2007; the Financial Action Task Force Recommendations 2012; the United Kingdom’s Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017; the United States Federal Financial Institutions Examination Council Bank Secrecy Act/Anti-Money Laundering Examination Manual 2014; Transparency International Corruption Perceptions Index 2018; The UK Proceeds of Crime Act 2002 (as amended); the Joint Money Laundering Steering Group JMLSG, Prevention of money laundering/combating terrorist financing: Guidance for the UK financial sector Part I June 2017 (Amended December 2017); the United States Codified Bank Secrecy Act Regulations (31 CFR); the Nigerian Money Laundering Prohibition Act 2011 (as amended); and the Joint Money Laundering Steering Group JMLSG, Prevention of money laundering/combating terrorist financing: Guidance for the UK financial sector Part II: Sectoral Guidance June 2017 (Amended December 2017).

This paper determined that financial institutions may be able to prevent proceeds of crime from being laundered by individuals who have been unknowingly recruited as Money Mules if they focus monitoring resources on the emotionally vulnerable customers like newcomers to the country, unemployed people who may have lost their jobs because of a pandemic like COVID-19, students and those in economic hardship; pay very close attention to the country of origin where the funds emanate from; pay very close attention to the country where the funds are being transferred to; and pay close attention to frequent large cash deposits followed by wire transfers.

While most articles focus on the money laundering risk(s) associated with Money Mules and the measures that individuals can use to ensure that their bank accounts are not used by criminals to launder illicit funds, this paper focuses on the different mechanisms that banks can use to detect illicit funds which are being received into the bank accounts of low risk or medium risk customers who are unknowingly recruited as “Money Mules”. This paper recommends a proportional approach that balances anti-money laundering measures, financial inclusion and human rights. The mechanisms/measures which have been extensively discussed in this paper will help banks to identify, assess and understand their money laundering and terrorist financing risks as it relates to Money Mules and take commensurate measures to mitigate them.

Phishing is one of the major threats affecting businesses worldwide in current times. Organizations and customers face the hazards arising out of phishing attacks because of anonymous access to vulnerable details. Such attacks often result in substantial financial losses. Thus, there is a need for effective intrusion detection techniques to identify and possibly nullify the effects of phishing. Classifying phishing and non-phishing web content is a critical task in information security protocols, and full-proof mechanisms have yet to be implemented in practice. The purpose of the current study is to present an ensemble machine learning model for classifying phishing websites.

A publicly available data set comprising 10,068 instances of phishing and legitimate websites was used to build the classifier model. Feature extraction was performed by deploying a group of methods, and relevant features extracted were used for building the model. A twofold ensemble learner was developed by integrating results from random forest (RF) classifier, fed into a feedforward neural network (NN). Performance of the ensemble classifier was validated using k-fold cross-validation. The twofold ensemble learner was implemented as a user-friendly, interactive decision support system for classifying websites as phishing or legitimate ones.

Experimental simulations were performed to access and compare the performance of the ensemble classifiers. The statistical tests estimated that RF_NN model gave superior performance with an accuracy of 93.41 per cent and minimal mean squared error of 0.000026.

The research data set used in this study is publically available and easy to analyze. Comparative analysis with other real-time data sets of recent origin must be performed to ensure generalization of the model against various security breaches. Different variants of phishing threats must be detected rather than focusing particularly toward phishing website detection.

The twofold ensemble model is not applied for classification of phishing websites in any previous studies as per the knowledge of authors.