Exploiting trust for financial gain: an overview of business email compromise (BEC) fraud

Cassandra Cross and Rosalie Gillett

Journal of Financial Crime, 2020, vol. 27, issue 3, 871-884

Abstract: Purpose - This paper aims to explore current knowledge of business email compromise (BEC) fraud, or approaches that specifically target organisations for financial gain, through the exploitation of trusted relationships. BEC fraud affects organisations globally and is estimated to have netted offenders over US$26bn since 2016. Despite the sheer magnitude of these losses, there is a dearth of academic research seeking to better understand this crime type, and prevent it from occurring. Design/methodology/approach - This review summarises the known literature on BEC fraud. It uses a variety of academic and industry sources to ascertain the current state of knowledge, including how it is perpetrated, its impact (on businesses and individuals), how law enforcement have responded and its prevention. Findings - This review highlights many gaps in knowledge surrounding BEC fraud. There has been a large focus on the technical aspects of BEC fraud, to the detriment of the human elements. Often, BEC fraud is successful through targeted and effective use of social engineering techniques and is able to overcome any technical solutions through the manipulation of personal relationships. Further, while the financial impacts of BEC fraud are obvious, there is no known research which has explored the non-financial harms of BEC fraud (across organisational and individual perspectives). With companies starting to (unsuccessfully) take legal action against those who have responded, there is a clear need to understand how organisations can better respond to incidents when they occur. Finally, there are gaps in knowledge on what is the best combination of both technical and human measures to prevent BEC fraud. Research limitations/implications - This review is based on information presently available, and as indicated, there are significant gaps in what is currently known. Practical implications - This review highlights the need to undertake research into the current gaps, with a view to improving best practice knowledge on prevention and response. Social implications - Currently unknown, BEC fraud is posited to have significant impacts at both personal and collective levels. Increased knowledge of these non-financial impacts will improve how organisations respond to BEC fraud and how employees can be supported before and after an incident occurs. Originality/value - Despite the magnitude of the problem, there is limited academic scholarship on BEC fraud. This literature review offers a summary of current knowledge and advocates a strong research agenda moving forward.

Keywords: Fraud; Police; Social engineering; Prevention; Victims; Business email compromise (search for similar items in EconPapers)
Date: 2020
References: Add references at CitEc
Citations:

Downloads: (external link)
https://www.emerald.com/insight/content/doi/10.110 ... d&utm_campaign=repec (text/html)
https://www.emerald.com/insight/content/doi/10.110 ... d&utm_campaign=repec (application/pdf)
Access to full text is restricted to subscribers

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:eme:jfcpps:jfc-02-2020-0026

DOI: 10.1108/JFC-02-2020-0026

Access Statistics for this article

Journal of Financial Crime is currently edited by Dr Li Hong Xing and Prof Barry Rider

More articles in Journal of Financial Crime from Emerald Group Publishing Limited
Bibliographic data for series maintained by Emerald Support ().