An application of cyberpsychology in business email compromise

• URL: http://arxiv.org/abs/2011.11112v2
• Date: Tue, 24 Nov 2020 09:53:57 GMT
• Title: An application of cyberpsychology in business email compromise
• Authors: Shadrack Awah Buo
• Abstract summary: This paper introduces Business Email Compromise (BEC) and why it is becoming a major issue to businesses worldwide. It also presents a case study of a BEC incident against Unatrac Holding Ltd and analyses the techniques used by the cybercriminals to defraud the company.
• Score: 0.0
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: This paper introduces Business Email Compromise (BEC) and why it is becoming a major issue to businesses worldwide. It also presents a case study of a BEC incident against Unatrac Holding Ltd and analyses the techniques used by the cybercriminals to defraud the company. A critical analysis of the psychological and sociotechnical impacts of BEC to both the company and employees are conducted, and potential risk mitigations strategies and recommendations are provided to prevent future attacks.

Related papers

• Techniques of Modern Attacks [51.56484100374058]
  Advanced Persistent Threats (APTs) represent a complex method of attack aimed at specific targets.<n>I will investigate both the attack life cycle and cutting-edge detection and defense strategies proposed in recent academic research.<n>I aim to highlight the strengths and limitations of each approach and propose more adaptive APT mitigation strategies.
  arXiv  Detail & Related papers  (2026-01-19T22:15:25Z)
• S3C2 SICP Summit 2025-06: Vulnerability Response Summit [51.90004414779634]
  Researchers from the NSF-supported Secure Software Supply Chain Center (S3C2) and the Software Innovation Campus Paderborn (SICP) conducted a Vulnerability Response Summit.<n>The goal of the Summit is to enable sharing between industry practitioners having practical experiences and challenges with software supply chain security.
  arXiv  Detail & Related papers  (2025-12-02T10:05:41Z)
• When AI Agents Collude Online: Financial Fraud Risks by Collaborative LLM Agents on Social Platforms [101.2197679948061]
  We study the risks of collective financial fraud in large-scale multi-agent systems powered by large language model (LLM) agents.<n>We present MultiAgentFraudBench, a large-scale benchmark for simulating financial fraud scenarios.
  arXiv  Detail & Related papers  (2025-11-09T16:30:44Z)
• A Systematic Review of Security Communication Strategies: Guidelines and Open Challenges [47.205801464292485]
  We identify user difficulties including information overload, technical comprehension, and balancing security awareness with comfort. Our findings reveal consistent communication paradoxes: users require technical details for credibility yet struggle with jargon and need risk awareness without experiencing anxiety. This work contributes to more effective security communication practices that enable users to recognize and respond to cybersecurity threats appropriately.
  arXiv  Detail & Related papers  (2025-04-02T20:18:38Z)
• Comprehensive Digital Forensics and Risk Mitigation Strategy for Modern Enterprises [0.0]
  This study outlines an approach to cybersecurity, including proactive threat anticipation, forensic investigations, and compliance with regulations like CCPA. Key threats such as social engineering, insider risks, phishing, and ransomware are examined, along with mitigation strategies leveraging AI and machine learning. The findings emphasize the importance of continuous monitoring, policy enforcement, and adaptive security measures to protect sensitive data.
  arXiv  Detail & Related papers  (2025-02-26T23:18:49Z)
• Countering Autonomous Cyber Threats [40.00865970939829]
  Foundation Models present dual-use concerns broadly and within the cyber domain specifically. Recent research has shown the potential for these advanced models to inform or independently execute offensive cyberspace operations. This work evaluates several state-of-the-art FMs on their ability to compromise machines in an isolated network and investigates defensive mechanisms to defeat such AI-powered attacks.
  arXiv  Detail & Related papers  (2024-10-23T22:46:44Z)
• Privacy Risks of General-Purpose AI Systems: A Foundation for Investigating Practitioner Perspectives [47.17703009473386]
  Powerful AI models have led to impressive leaps in performance across a wide range of tasks. Privacy concerns have led to a wealth of literature covering various privacy risks and vulnerabilities of AI models. We conduct a systematic review of these survey papers to provide a concise and usable overview of privacy risks in GPAIS.
  arXiv  Detail & Related papers  (2024-07-02T07:49:48Z)
• ABI Approach: Automatic Bias Identification in Decision-Making Under Risk based in an Ontology of Behavioral Economics [46.57327530703435]
  Risk seeking preferences for losses, driven by biases such as loss aversion, pose challenges and can result in severe negative consequences. This research introduces the ABI approach, a novel solution designed to support organizational decision-makers by automatically identifying and explaining risk seeking preferences.
  arXiv  Detail & Related papers  (2024-05-22T23:53:46Z)
• QBER: Quantifying Cyber Risks for Strategic Decisions [0.0]
  We introduce QBER approach to offer decision-makers measurable risk metrics. The QBER evaluates losses from cyberattacks, performs detailed risk analyses based on existing cybersecurity measures, and provides thorough cost assessments. Our contributions involve outlining cyberattack probabilities and risks, identifying Technical, Economic, and Legal (TEL) impacts, creating a model to gauge impacts, suggesting risk mitigation strategies, and examining trends and challenges in implementing widespread Cyber Risk Quantification (CRQ)
  arXiv  Detail & Related papers  (2024-05-06T14:25:58Z)
• QuantTM: Business-Centric Threat Quantification for Risk Management and Cyber Resilience [0.259990372084357]
  QuantTM is an approach that incorporates views from operational and strategic business representatives to collect threat information. It empowers the analysis of threats' impacts and the applicability of security controls.
  arXiv  Detail & Related papers  (2024-02-21T21:34:06Z)
• Critical Analysis and Countermeasures Tactics, Techniques and Procedures (TTPs) that targeting civilians: A case study On Pegasus [0.0]
  This paper investigates the targeting of journalists and activists by the malware Pegasus. Examines the far-reaching consequences of these attacks for cybersecurity policy. Describes some of the most important tactics that businesses may use to reduce the danger of cyberattacks.
  arXiv  Detail & Related papers  (2023-10-01T19:28:03Z)
• On the Security Risks of Knowledge Graph Reasoning [71.64027889145261]
  We systematize the security threats to KGR according to the adversary's objectives, knowledge, and attack vectors. We present ROAR, a new class of attacks that instantiate a variety of such threats. We explore potential countermeasures against ROAR, including filtering of potentially poisoning knowledge and training with adversarially augmented queries.
  arXiv  Detail & Related papers  (2023-05-03T18:47:42Z)
• SECAdvisor: a Tool for Cybersecurity Planning using Economic Models [0.587978226098469]
  Lack of investments and perverse economic incentives are the root cause of cyberattacks. This article introduces SECAdvisor, a tool to support cybersecurity planning using economic models.
  arXiv  Detail & Related papers  (2023-04-16T22:31:50Z)
• Graph Mining for Cybersecurity: A Survey [61.505995908021525]
  The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society. Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities. With the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance.
  arXiv  Detail & Related papers  (2023-04-02T08:43:03Z)
• Probabilistic Categorical Adversarial Attack & Adversarial Training [45.458028977108256]
  The existence of adversarial examples brings huge concern for people to apply Deep Neural Networks (DNNs) in safety-critical tasks. How to generate adversarial examples with categorical data is an important problem but lack of extensive exploration. We propose Probabilistic Categorical Adversarial Attack (PCAA), which transfers the discrete optimization problem to a continuous problem that can be solved efficiently by Projected Gradient Descent.
  arXiv  Detail & Related papers  (2022-10-17T19:04:16Z)
• An Uncommon Task: Participatory Design in Legal AI [64.54460979588075]
  We examine a notable yet understudied AI design process in the legal domain that took place over a decade ago. We show how an interactive simulation methodology allowed computer scientists and lawyers to become co-designers.
  arXiv  Detail & Related papers  (2022-03-08T15:46:52Z)
• A framework for effective corporate communication after cyber security incidents [2.66512000865131]
  Major cyber security incidents can represent a cyber crisis for an organisation, in particular because of the associated risk of reputational damage. This research seeks to tackle this problem through a critical, multi-faceted investigation into the efficacy of crisis communication and public relations following a data breach. It does so by drawing on academic literature, obtained through a systematic literature review, and real-world case studies. The validity of this framework is demonstrated by its evaluation through interviews with senior industry professionals, as well as a critical assessment against relevant practice and research.
  arXiv  Detail & Related papers  (2020-09-19T11:08:53Z)
• The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation [34.08068963253976]
  This report surveys the landscape of potential security threats from malicious uses of AI, and proposes ways to better forecast, prevent, and mitigate these threats.<n>After analyzing the ways in which AI may influence the threat landscape in the digital, physical, and political domains, we make four high-level recommendations for AI researchers and other stakeholders.
  arXiv  Detail & Related papers  (2018-02-20T18:07:50Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.