Search results

This study aims to investigate how phishers apply persuasion principles and construct deceptive URLs in mobile instant messaging (MIM) phishing.

In total, 67 examples of real-world MIM phishing attacks were collected from various online sources. Each example was coded using established guidelines from the literature to identify the persuasion principles, and the URL construction techniques employed.

The principles of social proof, liking and authority were the most widely used in MIM phishing, followed by scarcity and reciprocity. Most phishing examples use three persuasion principles, often a combination of authority, liking and social proof. In contrast to email phishing but similar to vishing, the social proof principle was the most commonly used in MIM phishing. Phishers implement the social proof principle in different ways, most commonly by claiming that other users have already acted (e.g. crafting messages that indicate the sender has already benefited from the scam). In contrast to email, retail and fintech companies are the most commonly targeted in MIM phishing. Furthermore, phishers created deceptive URLs using multiple URL obfuscation techniques, often using spoofed domains, to make the URL complex by adding random characters and using homoglyphs.

The insights from this study provide a theoretical foundation for future research on the psychological aspects of phishing in MIM apps. The study provides recommendations that software developers should consider when developing automated anti-phishing solutions for MIM apps and proposes a set of MIM phishing awareness training tips.

This study aims to examine how advance fee fraud (AFF) scammers build their criminal expertise over time and why the AFF scamming deception process succeeds.

This study is interpretive, based on case study interview data with two scammers operating in Africa. The interviews were done over a period of time, and the data collection and analysis processes were iterative, primarily driven by the interview data.

The authors identify four processes that explain how scammers build criminal expertise, namely, socializing with scammers, accepting scamming definitions, practicing scamming techniques and manipulating digital technologies. The fourth process (manipulating digital technologies) also explains why scammer’s tactics are successful.

AFF scamming is a major crime affecting individuals and organizations worldwide, yet it remains under researched as little is known about scammers, their expertise and why their deceptive techniques are successful. The first contribution identifies four processes by which individuals build scamming criminal expertise as they transition from scammers-in-the-making to full-blown active scammers. The second contribution identifies the rationalizations used by scammers-in-the-making and scammers to justify transitioning into scamming and engaging in scamming criminality. The third contribution explains how the digital environment contributes to the processes of building scamming criminal expertise and why scammer’s deceptive tactics are sometimes successful.

The purpose of this paper is to scrutinise the effectiveness of four derivative exchanges’ enforcement efforts since 2007. These exchanges include the Commodity Exchange Inc. and ICE Futures US from the United States and ICE Futures Europe and the London Metal Exchange from the UK.

The paper examines 799 enforcement notices published by four exchanges through a behavioural science lens: HUMANS conceived by Hunt (2023) in Humanizing Rules: Bringing Behavioural Science to Ethics and Compliance.

The paper finds the effectiveness of the exchanges’ enforcement efforts to be a mixed picture as financial markets transition from the digital to artificial intelligence era. Humans remain a key cog in the wheel of market participants’ trading operations, albeit their roles have changed. Despite this, some elements of exchanges’ enforcement regimes have not kept pace with the move from floor to remote trading. However, in other respects, their efforts are or should be, effective, at least in behavioural terms.

The paper’s findings are arguably limited to exchanges based in Anglophone jurisdictions. The information published by the exchanges is variable, making “like-for-like” comparisons difficult in some areas.

The paper makes several recommendations that, if adopted, could help exchanges to increase the potency of their enforcement programmes.

A key aim of the paper is to shift the lens through which the debate concerning the efficacy of exchange-level oversight is conducted. Hitherto, a legal lens has been used, whereas this paper uses a behavioural lens.

The purpose of this paper is to examine the effectiveness of two regulatory initiatives in developing awareness of conduct risk associated with algorithmic and direct-electronic access (DEA) trading at broker-dealers: the UK Financial Conduct Authority’s algorithmic trading compliance in the wholesale markets and Commission Delegated Regulation 2017/589 (CDR 589) to the second Markets in Financial Instruments Directive.

A qualitative examination of 15 semi-structured interviews with representatives of London Metal Exchange member firms, their clients and regulators.

This paper finds that the key conduct related messages in algorithmic trading compliance in the wholesale markets may not yet be fully embedded at broker–dealers. This is because of a perceived simplicity of the algorithms deployed by broker dealers or, alternatively, a lack of reflection on their impact. Conversely, a concern exists that clients’ deployment of algorithms on DEA channels provided by broker–dealers increase conduct risk. However, the threat of harm posed by clients is not envisaged in current definitions of conduct risk. Accordingly, CDR 2017/589 does not currently require firms to evaluate clients’ awareness of it.

This study’s findings are limited to the insights provided by 15 participants.

This paper contributes to existing research by deepening understanding of conduct risk arising from algorithmic trading and DEA. To account for the potential harm arising from clients’ activities, this paper proposes a revision to Miles’s definition of conduct risk. This is complemented by a proposed amendment to CDR 2017/589 to require evaluation of clients’ understanding of conduct risk.

The Cloud of Things (IoT) that refers to the integration of the Cloud Computing (CC) and the Internet of Things (IoT), has dramatically changed the way treatments are done in the ubiquitous computing world. This integration has become imperative because the important amount of data generated by IoT devices needs the CC as a storage and processing infrastructure. Unfortunately, security issues in CoT remain more critical since users and IoT devices continue to share computing as well as networking resources remotely. Moreover, preserving data privacy in such an environment is also a critical concern. Therefore, the CoT is continuously growing up security and privacy issues. This paper focused on security and privacy considerations by analyzing some potential challenges and risks that need to be resolved. To achieve that, the CoT architecture and existing applications have been investigated. Furthermore, a number of security as well as privacy concerns and issues as well as open challenges, are discussed in this work.

The purpose of the study is to identify cybersecurity threats that hinder the adoption of digital banking and provide sustainable strategies to combat cybersecurity risks in the banking industry.

Systematic literature review guidelines were used to conduct a quantitative synthesis of empirical evidence regarding the impact of cybersecurity threats and risks on the adoption of digital banking.

A total of 84 studies were initially examined, and after applying the selection and eligibility criteria for this systematic review, 58 studies were included. These selected articles consistently identified identity theft, malware attacks, phishing and vishing as significant cybersecurity threats that hinder the adoption of digital banking.

With the country’s banking sector being new in this area, this study contributes to the scant literature on cyber security, which is mostly in need due to the myriad breaches that the industry has already suffered thus far.

This study aims to investigate the contribution of blockchain technology to supply chain risk management and its impact on performance among Indian manufacturing companies.

Drawing on a resource-based view, dynamic capability and system of systems theory, this study examines the direct relationships between blockchain, supply chain risk management and supply chain performance. The authors validate the mediating effects of three supply chain risk management components, namely supply risk management, demand risk management and cyber security management, on financial transaction reliability and information reliability. Data were collected from 204 Indian manufacturing companies that have adopted blockchain technology.

The results demonstrate that companies adopting blockchain technology have experienced positive outcomes in managing supply chain-related risks, financial transaction reliability and information reliability. These findings provide valuable guidance to managers, highlighting blockchain as a competitive advantage for supply chain management.

To the best of the authors’ knowledge, no previous research on blockchain-based risk management capabilities has been conducted.

Distinguishing phishing emails from legitimate emails continues to be a difficult task for most individuals. This study aims to investigate the psycholinguistic factors associated with deception in phishing email text and their effect on end-user ability to discriminate phishing emails from legitimate emails.

Email messages and end-user decisions collected from a laboratory phishing study were validated and analyzed using natural language processing methods (Linguistic Inquiry Word Count) and penalized regression models (LASSO and Elastic Net) to determine the linguistic dimensions that attackers may use in phishing emails to deceive end-users and measure the impact of such choices on end-user susceptibility to phishing.

We found that most participants, who played the role of a phisher in the study, chose to deceive their end-user targets by pretending to be a familiar individual and presenting time pressure or deadlines. Results show that use of words conveying certainty (e.g. always, never) and work-related features in the phishing messages predicted higher end-user vulnerability. On the contrary, use of words that convey achievement (e.g. earn, win) or reward (cash, money) in the phishing messages predicted lower end-user vulnerability because such features are usually observed in scam-like messages.

Insights from this research show that analyzing emails for psycholinguistic features associated with computer-mediated deception could be used to fine-tune and improve spam and phishing detection technologies. This research also informs the kinds of phishing attacks that must be prioritized in antiphishing training programs.

Applying natural language processing and statistical modeling methods to analyze results from a laboratory phishing experiment to understand deception from both attacker and end-user is novel. Furthermore, results from this work advance our understanding of the linguistic factors associated with deception in phishing email text and its impact on end-user susceptibility.

The purpose of this study is to discuss the harmful use of deepfakes in an organizational context, based on the only two cases the authors found that were addressed by the media from the perspective of corporate fraud. This study offers an overview of deepfake technology, and in particular, examines five W questions to better decipher the impact of these tools on organizations: What is deepfake? Who is the fraudster and who is targeted? Why use them and how? And What after? Based on these five W questions, this study provides an in-depth discussion of the two cases identified. Even though this technology has several advantages, this study examines its dark side.

Using comparative analysis, the authors study the only two known and publicized fraud cases by using deepfakes that have targeted chief executive officers to date.

The paper provides an extensive picture of the unethical and illicit use of deepfakes in an organizational context and discusses how this technology could affect fraud risk. In addition, the analysis of cases shows that voice-generating software, combined with other fraud schemes such as business email compromise, facilitates the commission of the fraud, as the victims feel confident because they recognize the speaker’s voice and emails. The analysis shows that any organization could be vulnerable to this technology. The median costs of this type of fraud can be high. For the two cases identified, the estimated losses amounted to US$243,000 and US$35,000,000, respectively.

This paper adds new insights to the scarce research on deepfakes and financial crime by investigating the causes and consequences of the unethical and illicit use of deepfakes. It has several implications for organizations, boards of directors, management and regulatory authorities.

This paper aims to present a low-cost, edge-fed, windmill-shaped, notch-band eliminator, circular monopole antenna which is practically loaded with a complementary split ring resonator (CSRR) in the middle of the radiating conductor and also uses a partial ground to obtain wide-band performance.

To compensate for the reduced value of gain and reflection coefficient because of the full (complete) ground plane at the bottom of the substrate, the antenna is further loaded with a partial ground and a CSRR. The reduction in the length of ground near the feed line improves the impedance bandwidth, and introduced CSRR results in improved gain with an additional resonance spike. This results in a peak gain 3.895dBi at the designed frequency 2.45 GHz. The extending of three arms in the circular patch not only led to an increase of peak gain by 4.044dBi but also eliminated the notch band and improved the fractional bandwidth 1.65–2.92 GHz.

The work reports a –10dB bandwidth from 1.63 GHz to 2.91 GHz, which covers traditional coverage applications and new specific uses applications such as narrow LTE bands for future internet of things (NB-IoT) machine-to-machine communications 1.8/1.9/2.1/2.3/2.5/2.6 GHz, industry, automation and business-critical cases (2.1/2.3/2.6 GHz), industrial, society and medical applications such as Wi-MAX (3.5 GHz), Wi-Fi3 (2.45 GHz), GSM (1.9 GHz), public safety band, Bluetooth (2.40–2.485 GHz), Zigbee (2.40–2.48Ghz), industrial scientific medical (ISM) band (2.4–2.5 GHz), WCDMA (1.9, 2.1 GHz), 3 G (2.1 GHz), 4 G LTE (2.1–2.5 GHz) and other personal communication services applications. The estimated RLC electrical equivalent circuit is also presented at the end.

Because of full coverage of Bluetooth, Zigbee, WiFi3 and ISM band, the proposed fabricated antenna is suitable for low power, low data rate and wireless/wired short-range IoT-enabled medical applications.

The antenna is fabricated on a piece (66.4 mm × 66.4 mm × 1.6 mm) of low-cost low profile FR-4 epoxy substrate (0.54 λ_g × 0.54 λ_g) with a dielectric constant of 4.4, a loss tangent of 0.02 and a thickness of 1.6 mm. The antenna reflection coefficient, impedance and VSWR are tested on the Keysight technology (N9917A) vector network analyzer, and the radiation pattern is measured in an anechoic chamber.