Figure 4 - uploaded by Alaa Nehme
Content may be subject to copyright.
Anti-Phishing Behavior Spectrum Axiom 1 1. The anti-phishing cognitive system has three layered-systems with three-level objectives and disturbance factors.
Context in source publication
Context 1
... we view EPIT to be incorporative of the adoption and avoidance approaches in information security. Additionally, we consider anti-phishing behavior to lie on a continuous spectrum of avoidance and adoption behaviors ( Figure 4). PMT and risk analysis lie at the adoption and avoidance positions respectively. ...
Similar publications
Se desarrolla un análisis bibliométrico sobre artículos científicos referentes a México en temas de ciberseguridad, publicados entre 2015 y 2020 e indizados en los portales ScienceDirect, Redalyc y Dialnet. Se toman en consideración indicadores como la productividad por año, por revista, por institución y por autor, así como el contenido temático d...
Citations
Criminologists and crime prevention practitioners recognize the importance of geographical places to crime activities and the role that place managers might play in effectively preventing crime. Indeed, over the past several decades, a large body of work has highlighted the tendency for crime to concentrate across an assortment of geographic areas, where place management tends to be absent or weak. Nevertheless, there has been a paucity of research evaluating place management strategies and cybercrime within the virtual domain. The purpose of this study was to investigate the effectiveness of place management techniques on reducing cybercrime incidents in an online setting. Using data derived from the information technology division of a large urban research university in the United States, this study evaluated the impact of an anti-phishing training program delivered to employees that sought to increase awareness and understanding of methods to better protect their “virtual places” from cybercrimes. Findings are discussed within the context of the broader crime and place literature.
Purpose
This paper aims to explore current knowledge of business email compromise (BEC) fraud, or approaches that specifically target organisations for financial gain, through the exploitation of trusted relationships. BEC fraud affects organisations globally and is estimated to have netted offenders over US$26bn since 2016. Despite the sheer magnitude of these losses, there is a dearth of academic research seeking to better understand this crime type, and prevent it from occurring.
Design/methodology/approach
This review summarises the known literature on BEC fraud. It uses a variety of academic and industry sources to ascertain the current state of knowledge, including how it is perpetrated, its impact (on businesses and individuals), how law enforcement have responded and its prevention.
Findings
This review highlights many gaps in knowledge surrounding BEC fraud. There has been a large focus on the technical aspects of BEC fraud, to the detriment of the human elements. Often, BEC fraud is successful through targeted and effective use of social engineering techniques and is able to overcome any technical solutions through the manipulation of personal relationships. Further, while the financial impacts of BEC fraud are obvious, there is no known research which has explored the non-financial harms of BEC fraud (across organisational and individual perspectives). With companies starting to (unsuccessfully) take legal action against those who have responded, there is a clear need to understand how organisations can better respond to incidents when they occur. Finally, there are gaps in knowledge on what is the best combination of both technical and human measures to prevent BEC fraud.
Research limitations/implications
This review is based on information presently available, and as indicated, there are significant gaps in what is currently known.
Practical implications
This review highlights the need to undertake research into the current gaps, with a view to improving best practice knowledge on prevention and response.
Social implications
Currently unknown, BEC fraud is posited to have significant impacts at both personal and collective levels. Increased knowledge of these non-financial impacts will improve how organisations respond to BEC fraud and how employees can be supported before and after an incident occurs.
Originality/value
Despite the magnitude of the problem, there is limited academic scholarship on BEC fraud. This literature review offers a summary of current knowledge and advocates a strong research agenda moving forward.