Business Email Compromise (BEC) Fraud and How to Prevent it
DOI:
https://doi.org/10.21532/apfjournal.v8i2.307Keywords:
Business Email Compromise (BEC), Fraud, Fraud Prevention, Risk ManagementAbstract
Cybercrime is on the rise both at the national and cross-border levels. The latest mode of cybercrime is fraud using Business Email Compromise (BEC). A qualitive analysis method with literature study is applied to discuss two key questions of this paper. First, how does the BEC scheme occur?. Second, how an organization/company can prevent/mitigate the risk of BEC fraud. This paper concludes that BEC can be executed in the form of phishing emails sent by perpetrators (both internal and external actors of the organization) to the target victim (organization’s employees) in order to deceive and obtain financial gain. Various efforts can be made by an organization/company to prevent the risk of BEC fraud, among others in the form of implementing a risk management system, implementing an information security management system, and increasing the organization’s internal awareness.References
Aggarwal, V. (2022), Why Business Email Compromise Still Tops ransomware for Total Losses, https://www.csoonline.com/article/3670548/why-business-email-compromise-still-tops-ransomware-for-total-losses.html.
Andriyanto, T. (2022). Komunikasi Termediasi Penipuan dengan Modus Business Email Compromise (BEC), Jurnal Riset Komunikasi (Jurkom), 5(2), 220-243. 10.38194/jurkom.v5i2.627.
Armorblox. (2020). What is Business Email Compromise? A Definitive Guide to BEC. Cisco.
Asaf, Cidon, et.al, 2019, High Precision Detection of Business Email Compromise. California: Proceedings of the 28th USENIX Security Symposium.
Association of Certified Fraud Examiners (ACFE), Fraud 101: What is Fraud, fraud#:~:text=%E2%80%9CFraud%E2%80%9D%20is%20any%20activity%20that,%E2%80%9D%20(Black’s%20Law%20Dictionary).
CNN. (2022). RI Dihantam 700 Juta Serangan Siber di 2022, Pemerasan Dominan. CNN Indonesia.
Cross, C. (2020). Exploiting Trust For Financial Gain: An Overview Of Business Email Compromise (BEC) Fraud. Journal of Financial Crime, 27(3), 871-884. 10.1108/JFC-02-2020-0026.
Dirgantara, A. (2021). Penipu Perusahaan Asing Rp84,4M Lakukan Aksinya dengan Modus E-mail Bisnis. Detik.com. https://news.detik.com/berita/d-5748751/penipu-perusahaan-asing-rp-848-m-lakukan-aksinya-dengan-modus-e-mail-bisnis.
Dokyung, Lee, et al, 2020, A Study on the Effective Countermeasure of Business Email Compromise (BEC) Attack by AI, Vol. 30, No. 5, Sep.
Dutcher, C. P. (2022). Pandemic Phishing: Business Email Compromise during Covid-19. Dissertation. Utica University, No: 29170430.
European Union Agency for Law Enforcement (Europol). (2019). CEO/Business Email Compromise (BEC) Fraud. https://www.europol.europa.eu/sites/default/files/documents/4_ceo-bec_fraud.pdf.
FBI. (2021). Internet Crime Report. Federal Bureau Investigation. https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf.
FBI. (2022). Business Email Compromise (BEC). Federal Bureau Investigation. https://www.fbi.gov/file-repository/email-compromise_508.pdf.
Luxiana, K. M. (2020). Penipuan dengan Modus Business Email Compromise terhadap Perusahaan Asing. Detik.com.
MUFG Bank. (2022). Don’t be a Victim of BEC!, https://www.mufg.co.id/images/editor/files/To_prevent_Business_E-mail_Compromise_ind.pdf.
Muncaster, P. (2021). Banking Insider Accused of Role in $1m BEC Scheme. Infosecurity Magazine. https://www.infosecurity-magazine.com/news/banking-insider-accused-role-bec/.
PECB. (2016). Business Email Compromise (BEC): Don’t Bite the Bait. Professional Evaluation Board and Certification. www.pecb.com.
PECB. (2022). Cybersecurity Risk Assessment. Professional Evaluation Board and Certification. https://insights.pecb.com/tag/cybersecurity/page/2/.
PPATK. (2021). Penilaian Risiko Indonesia Terhadap Tindak Pidana Pencucian Uang. Pusat Pelaporan dan Analisis Transaksi Keuangan. https://www.ppatk.go.id/publikasi/read/150/penilaian-risiko-indonesia-terhadap-tindak-pidana-pencucian-uang-tahun-2021.html.
Remorin, L., Flores, R., Matsukawa, B. (2022). Tracking Trends in Business Email Compromise (BEC) Schemes. Trend Micro Forward-Looking Threat Research (FTR) Teamss. Trend Micro TM.
Rianto, A. (2000). Metode Penelitian Sosial dan Hukum. Granit.
Sean, A., Shahar. (2019), An Examination of User Detection of Business Email Compromise Amongst Corporate Professionals. Dissertation. Doctor of Philosophy in Information Systems, College of Computing and Engineering, Nova Southeastern University.
Soekanto, S. (2006). Pengantar Penelitian Hukum. UI Press.
United Nations. (2000). Crimes Related to Computer Networks: Background Paper for the Workshop on Crimes Related to the Computer Network. https://worldcat.org/title/4769476134.
Vinocur, J. (2022). Death by a Thousand Paper Cuts: The Scourge That Is Business Email Compromise. https://media.goldbergsegalla.com/wp-content/uploads/2022/04/22085043/Death-by-a-Thousand-Paper-Cuts_Vinocur.pdf.
Vorobeva, A., Khisaeva, G., Zakoldaev, D., Kotenko, I. (2022). Detection of Business Email Compromise Attacks with Writing Style Analysis. Springer. https://doi.org/10.1007/978-981-16-9576-6_18.
Winata. (2020). Ratusan Rekening di RI Tampung Duit Kejahatan Siber Capai Rp 1T. MEDCOM. https://www.medcom.id/nasional/hukum/8kolgXYK-ratusan-rekening-di-ri-tampung-duit-kejahatan-siber-capai-rp1-t.
Zulfahmi, M. (2022). Mencegah Serangan Rekayasa Sosial dengan Human Firewall, Jurnal Sistem dan Teknologi Informasi, 10(1).
Zweighaft, D. (2017). Business Email Compromise and Executive Imper-sonation: Are Financial Institutions Exposed?. Journal of Investment Compliance, 18(1), 1-7. 10.1108/JOIC-02-2017-0001.