Search results

This study aims to investigate how phishers apply persuasion principles and construct deceptive URLs in mobile instant messaging (MIM) phishing.

In total, 67 examples of real-world MIM phishing attacks were collected from various online sources. Each example was coded using established guidelines from the literature to identify the persuasion principles, and the URL construction techniques employed.

The principles of social proof, liking and authority were the most widely used in MIM phishing, followed by scarcity and reciprocity. Most phishing examples use three persuasion principles, often a combination of authority, liking and social proof. In contrast to email phishing but similar to vishing, the social proof principle was the most commonly used in MIM phishing. Phishers implement the social proof principle in different ways, most commonly by claiming that other users have already acted (e.g. crafting messages that indicate the sender has already benefited from the scam). In contrast to email, retail and fintech companies are the most commonly targeted in MIM phishing. Furthermore, phishers created deceptive URLs using multiple URL obfuscation techniques, often using spoofed domains, to make the URL complex by adding random characters and using homoglyphs.

The insights from this study provide a theoretical foundation for future research on the psychological aspects of phishing in MIM apps. The study provides recommendations that software developers should consider when developing automated anti-phishing solutions for MIM apps and proposes a set of MIM phishing awareness training tips.

The purpose of this paper is to scrutinise the effectiveness of four derivative exchanges’ enforcement efforts since 2007. These exchanges include the Commodity Exchange Inc. and ICE Futures US from the United States and ICE Futures Europe and the London Metal Exchange from the UK.

The paper examines 799 enforcement notices published by four exchanges through a behavioural science lens: HUMANS conceived by Hunt (2023) in Humanizing Rules: Bringing Behavioural Science to Ethics and Compliance.

The paper finds the effectiveness of the exchanges’ enforcement efforts to be a mixed picture as financial markets transition from the digital to artificial intelligence era. Humans remain a key cog in the wheel of market participants’ trading operations, albeit their roles have changed. Despite this, some elements of exchanges’ enforcement regimes have not kept pace with the move from floor to remote trading. However, in other respects, their efforts are or should be, effective, at least in behavioural terms.

The paper’s findings are arguably limited to exchanges based in Anglophone jurisdictions. The information published by the exchanges is variable, making “like-for-like” comparisons difficult in some areas.

The paper makes several recommendations that, if adopted, could help exchanges to increase the potency of their enforcement programmes.

A key aim of the paper is to shift the lens through which the debate concerning the efficacy of exchange-level oversight is conducted. Hitherto, a legal lens has been used, whereas this paper uses a behavioural lens.

The purpose of this paper is to systematically analyze the literature around regulatory compliance and market manipulation in capital markets through the use of bibliometrics and propose future research directions. Under the domain of capital markets, this theme is a niche area of research where greater academic investigations are required. Most of the research is fragmented and limited to a few conventional aspects only. To address this gap, this study engages in a large-scale systematic literature review approach to collect and analyze the research corpus in the post-2000 era.

The big data corpus comprising research articles has been extracted from the scientific Scopus database and analyzed using the VoSviewer application. The literature around the subject has been presented using bibliometrics to give useful insights on the most popular research work and articles, top contributing journals, authors, institutions and countries leading to identification of gaps and potential research areas.

Based on the review, this study concludes that, even in an era of global market integration and disruptive technological advancements, many important aspects of this subject remain significantly underexplored. Over the past two decades, research has lagged behind the evolution of capital market crime and market regulations. Finally, based on the findings, the study suggests important future research directions as well as a few research questions. This includes market manipulation, market regulations and new-age technologies, all of which could be very useful to researchers in this field and generate key inputs for stock market regulators.

The limitation of this research is that it is based on Scopus database so the possibility of omission of some literature cannot be completely ruled out. More advanced machine learning techniques could be applied to decode the finer aspects of the studies undertaken so far.

Increased integration among global markets, fast-paced technological disruptions and complexity of financial crimes in stock markets have put immense pressure on market regulators. As economies and equity markets evolve, good research investigations can aid in a better understanding of market manipulation and regulatory compliance. The proposed research directions will be very useful to researchers in this field as well as generate key inputs for stock market regulators to deal with market misbehavior.

This study has adopted a period-wise broad-based scientific approach to identify some of the most pertinent gaps in the subject and has proposed practical areas of study to strengthen the literature in the said field.

The purpose of the study is to identify cybersecurity threats that hinder the adoption of digital banking and provide sustainable strategies to combat cybersecurity risks in the banking industry.

Systematic literature review guidelines were used to conduct a quantitative synthesis of empirical evidence regarding the impact of cybersecurity threats and risks on the adoption of digital banking.

A total of 84 studies were initially examined, and after applying the selection and eligibility criteria for this systematic review, 58 studies were included. These selected articles consistently identified identity theft, malware attacks, phishing and vishing as significant cybersecurity threats that hinder the adoption of digital banking.

With the country’s banking sector being new in this area, this study contributes to the scant literature on cyber security, which is mostly in need due to the myriad breaches that the industry has already suffered thus far.

This study aims to investigate the contribution of blockchain technology to supply chain risk management and its impact on performance among Indian manufacturing companies.

Drawing on a resource-based view, dynamic capability and system of systems theory, this study examines the direct relationships between blockchain, supply chain risk management and supply chain performance. The authors validate the mediating effects of three supply chain risk management components, namely supply risk management, demand risk management and cyber security management, on financial transaction reliability and information reliability. Data were collected from 204 Indian manufacturing companies that have adopted blockchain technology.

The results demonstrate that companies adopting blockchain technology have experienced positive outcomes in managing supply chain-related risks, financial transaction reliability and information reliability. These findings provide valuable guidance to managers, highlighting blockchain as a competitive advantage for supply chain management.

To the best of the authors’ knowledge, no previous research on blockchain-based risk management capabilities has been conducted.

Automatic dependent surveillance-broadcast (ADS-B) is the foundational technology of the next generation air transportation system defined by Federal Aviation Authority and is one of the most precise ways for tracking aircraft position. ADS-B is intended to provide greater situational awareness to the pilots by displaying the traffic information like aircraft ID, altitude, speed and other critical parameters on the Cockpit Display of Traffic Information displays in the cockpit. Unfortunately, due to the initial proposed nature of ADS-B protocol, it is neither encrypted nor has any other innate security mechanisms, which makes it an easy target for malicious attacks. The system is vulnerable to various active and passive attacks like message ingestion, message deletion, eavesdropping, jamming, etc., which has become an area of concern for the aviation industry. The purpose of this study is to propose a method based on modified advanced encryption standard (AES) algorithm to secure the ADS=B messages and increase the integrity of ADS-B data transmissions.

Though there are various cryptographic and non-cryptographic methods proposed to secure ADS-B data transmissions, it is evident that most of these systems have limitations in terms of cost, implementation or feasibility. The new proposed method implements AES encryption techniques on the ADS-B data on the sender side and correlated decryption mechanism at the receiver end. The system is designed based on the flight schedule data available from any flight planning systems and implementing the AES algorithm on the ADS-B data from each aircraft in the flight schedule.

The suitable hardware was developed using Raspberry pi, ESP32 and Ra-02. Several runs were done to verify the original message, transmitted data and received data. During transmission, encryption algorithm was being developed, which has got very high secured transmission, and during the reception, the data was secured. Field test was conducted to validate the transmission and quality. Several trials were done to validate the transmission process. The authors have successfully shown that the ADS-B data can be encrypted using AES algorithm. The authors are successful in transmitting and receiving the ADS-B data packet using the discussed hardware and software methodology. One major advantage of using the proposed solution is that the information received is encrypted, and the receiver ADS-B system can decrypt the messages on the receiving end. This clearly proves that when the data is received by an unknown receiver, the messages cannot be decrypted, as the receiver is not capable of decrypting the AES-authenticated messages transmitted by the authenticated source. Also, AES encryption is highly unlikely to be decrypted if the encryption key and the associated decryption key are not known.

Implementation of the developed solution in actual onboard avionics systems is not within the scope of this research. Hence, assessing in the real-time distances is not covered.

The authors propose to extend this as a software solution to the onboard avionics systems by considering the required architectural changes. This solution can also bring in positive results for unmanned air vehicles in addition to the commercial aircrafts. Enhancement of security to the key operational and navigation data elements is going to be invaluable for future air traffic management and saving lives of people.

The proposed solution has been practically implemented by developing the hardware and software as part of this research. This has been clearly brought out in the paper. The implementation has been tested using the actual ADS-B data/messages received from using the ADS-B receiver. The solution works perfectly, and this brings immense value to the aircraft-to-aircraft and aircraft-to-ground communications, specifically while using ADS-B data for communicating the position information. With the proposed architecture and minor software updates to the onboard avionics, this solution can enhance safety of flights.

The purpose of this study is to review and synthesize the literature on in-app advertising, identify gaps and propose future research directions.

The authors use a systematic literature review (SLR) approach, following the PRISMA guidelines, to investigate the current state of research in in-app advertising. The study uses 44 shortlisted articles from the Scopus and Web of Science databases. Using the Theory-Context-Characteristics-Methodology (TCCM) framework, the authors analyze the gaps in theory, context, characteristics and methods.

Using thematic analysis, the authors identify five main themes in the in-app advertising literature, namely, ad platform optimization; mobile app user psychology and behavior; ad effectiveness; ad fraud; and security, privacy and other user concerns. The findings show the need for empirical research, with a strong theoretical foundation in emerging ad formats of in-app advertising, user behavior and buy-side of in-app advertising.

This is a maiden study to conduct a domain-based SLR in the emerging field of in-app advertising using the TCCM framework. The authors highlight the key differences between in-app advertising and mobile web advertising. The authors propose theories in the advertising field that could be used in future empirical studies of in-app advertising.

El propósito de esta investigación es revisar y sintetizar la literatura sobre la publicidad en Apps, identificar lagunas y proponer futuras direcciones de investigación.

Utilizamos un enfoque de revisión sistemática de la literatura, siguiendo las directrices PRISMA, para investigar el estado actual de la investigación en publicidad en aplicaciones. El estudio utiliza 44 artículos preseleccionados de las bases de datos Scopus y Web of Science (WoS). Utilizando el marco Teoría-Contexto-Características-Metodología (TCCM), analizamos las lagunas en teoría, contexto, características y métodos.

Mediante un análisis temático, identificamos cinco temas principales en la literatura sobre publicidad en aplicaciones, a saber: optimización de plataformas publicitarias; psicología y comportamiento de los usuarios de aplicaciones móviles; eficacia publicitaria; fraude publicitario; seguridad, privacidad y otras preocupaciones de los usuarios. Nuestros hallazgos muestran la necesidad de investigación empírica, con una sólida base teórica en los formatos publicitarios emergentes de la publicidad en Apps, el comportamiento del usuario y el buy-side de la publicidad en Apps.

Se trata de un estudio pionero para realizar una revisión sistemática de la literatura basada en el dominio en el campo emergente de la publicidad en Apps utilizando el marco TCCM. Destacamos las principales diferencias entre la publicidad en aplicaciones y la publicidad en la web para móviles. Proponemos teorías en el campo de la publicidad que podrían utilizarse en futuros estudios empíricos sobre la publicidad en Apps.

本研究旨在回顾和总结有关应用内广告的文献, 找出差距并提出未来的研究方向。

我们采用系统性文献综述方法, 遵循 PRISMA 指南, 调查应用内广告的研究现状。研究使用了 Scopus 和 Web of Science (WoS) 数据库中的 44 篇入围文章。利用理论-背景-特征-方法（TCCM）框架, 我们分析了理论、背景、特征和方法方面的差距。

通过主题分析, 我们确定了应用内广告文献的五大主题, 即广告平台优化; 移动应用用户心理和行为; 广告效果; 广告欺诈; 安全、隐私和其他用户关注点。我们的研究结果表明, 有必要在应用内广告的新兴广告形式、用户行为和应用内广告买方等方面开展实证研究, 并奠定坚实的理论基础。

这是一项首次使用 TCCM 框架对新兴的应用内广告领域进行基于领域的系统性文献综述的研究。我们强调了应用内广告与移动网络广告的主要区别。我们提出了广告领域的理论, 可用于未来的应用内广告实证研究。

The study aims to determine whether audited organizations experience differences between external audits and official controls.

A survey among 100 organic food producers was conducted to explore differences regarding the usability of external audits and official controls. The survey was conducted in 2020 using the computer-assisted telephone interview (CATI) method supplemented by the computer-assisted web interview (CAWI) method. Organizations processing organic farming products in Poland were chosen for the study.

Three primary benefits associated with external audits and official controls were identified, i.e. (1) enabling and initiating activities related to the improvement of the organization, (2) improving the financial performance of the organization and (3) enhancing credibility. For most organizations, the assessment of these features was at the same level for both external audits and official control. However, if these assessments differed, commercial audits were assessed at a higher level than official controls.

The study is limited to only one specific type of manufacturing organization and one European country.

The literature review shows some conceptual differences between audits and official controls, but the results of this study show that the business environment does not perceive these differences as significant. Thus, the value of the study is reflected in the conclusion that both external audits and official controls are considered useful and credible approaches to monitoring the quality within the organization, which allows us to state that external evaluation is generally seen as an opportunity to improve the performance of the organization.

In the modern digital realm, while artificial intelligence (AI) technologies pave the way for unprecedented opportunities, they also give rise to intricate cybersecurity issues, including threats like deepfakes and unanticipated AI-induced risks. This study aims to address the insufficient exploration of AI cybersecurity awareness in the current literature.

Using in-depth surveys across varied sectors (N = 150), the authors analyzed the correlation between the absence of AI risk content in organizational cybersecurity awareness programs and its impact on employee awareness.

A significant AI-risk knowledge void was observed among users: despite frequent interaction with AI tools, a majority remain unaware of specialized AI threats. A pronounced knowledge difference existed between those that are trained in AI risks and those who are not, more apparent among non-technical personnel and sectors managing sensitive information.

This study paves the way for thorough research, allowing for refinement of awareness initiatives tailored to distinct industries.

It is imperative for organizations to emphasize AI risk training, especially among non-technical staff. Industries handling sensitive data should be at the forefront.

Ensuring employees are aware of AI-related threats can lead to a safer digital environment for both organizations and society at large, given the pervasive nature of AI in everyday life.

Unlike most of the papers about AI risks, the authors do not trust subjective data from second hand papers, but use objective authentic data from the authors’ own up-to-date anonymous survey.

The purpose of this study is to increase awareness of current supply chain (SC) security-related issues by providing an extensive analysis of existing SC security solutions and their limitations. The security of SCs has received increasing attention from researchers, due to the emerging risks associated with their distributed nature. The increase in risk in SCs comes from threats that are inherently similar regardless of the type of SC, thus, requiring similar defence mechanisms. Being able to identify the types of threats will help developers to build effective defences.

In this work, we provide an analysis of the threats, possible attacks and traceability solutions for SCs, and highlight outstanding problems. Through a comprehensive literature review (2015–2021), we analysed various SC security solutions, focussing on tracking solutions. In particular, we focus on three types of SCs: digital, food and pharmaceutical that are considered prime targets for cyberattacks. We introduce a systematic categorization of threats and discuss emerging solutions for prevention and mitigation.

Our study shows that the current traceability solutions for SC systems do not offer a broadened security analysis and fail to provide extensive protection against cyberattacks. Furthermore, global SCs face common challenges, as there are still unresolved issues, especially those related to the increasing SC complexity and interconnectivity, where cyberattacks are spread across suppliers.

This is the first time that a systematic categorization of general threats for SC is made based on an existing threat model for hardware SC.