Exploiting trust for financial gain: an overview of business email compromise (BEC) fraud
Date | 22 April 2020 |
Published date | 22 April 2020 |
Pages | 871-884 |
DOI | https://doi.org/10.1108/JFC-02-2020-0026 |
Author | Cassandra Cross,Rosalie Gillett |
Subject Matter | Accounting & Finance,Financial risk/company failure,Financial crime |
Exploiting trust for financial gain:
an overview of business email
compromise (BEC) fraud
Cassandra Cross
Cybersecurity Cooperative Research Centre, Brisbane,
Australia and Faculty of Law, School of Justice,
Queensland University of Technology, Brisbane, Australia, and
Rosalie Gillett
Faculty of Law, School of Justice, Queensland University of Technology,
Brisbane, Australia
Abstract
Purpose –This paper aims to explore current knowledge of business email compromise (BEC) fraud, or
approaches that specifically target organisations for financial gain, through the exploitation of trusted
relationships. BEC fraud affects organisations globally and is estimated to have netted offenders over US
$26bn since 2016. Despitethe sheer magnitude of these losses, there is a dearth of academic research seeking
to better understandthis crime type, and prevent it from occurring.
Design/methodology/approach –This review summarises the known literature on BEC fraud. It
uses a variety of academic and industry sources to ascertain the current state of knowledge, including
how it is perpetrated, its impact (on businessesand individuals), how law enforcement have responded
and its prevention.
Findings –This review highlights many gaps in knowledge surrounding BEC fraud. There has be en a
large focus on the technical aspects of BEC fraud, to the detriment of the human elements. Often, BEC
fraud is successful through targeted and effective use of social engineerin g techniques and is able to
overcome any technical solutions through the manipulation of personal relationships. Further, while the
financial impacts of BEC fraud are obvious, there is no known research which has explored the non-
financial harms of BEC fraud (across organisational and individual perspectives). Wi th companies
starting to (unsuccessfully) take legal action against those who have responded, there is a clear need to
understand how organisations can better respond to incidents when they occur. Finally, th ere are gaps
in knowledge on what is the best combination of both technical and h uman measures to prevent BEC
fraud.
Research limitations/implications –This review is based on informationpresently available, and as
indicated,there are significant gaps in what is currentlyknown.
Practical implications –This review highlights the need to undertake research into the current gaps,
with a view toimproving best practice knowledge on preventionand response.
Social implications –Currently unknown, BEC fraud is posited to have significant impacts at both
personal and collective levels. Increased knowledge of these non-financial impacts will improve how
organisations respond to BEC fraud and how employees can be supported be fore and after an incident
occurs.
This work has been supported by the Cyber Security Research Centre Limited whose activities are
partially funded by the Australian Government’s Cooperative Research Centres Programme.
Overview of
business email
compromise
871
Journalof Financial Crime
Vol.27 No. 3, 2020
pp. 871-884
© Emerald Publishing Limited
1359-0790
DOI 10.1108/JFC-02-2020-0026
The current issue and full text archive of this journal is available on Emerald Insight at:
https://www.emerald.com/insight/1359-0790.htm
To continue reading
Request your trial