Cybercrime against organizations is a daily threat and targeting companies of all sizes. Cyberattacks are continually evolving and becoming more complex. Cybercriminals utilize email attacks as their most used method to compromise corporations for financial gain. Email attacks have evolved into sophisticated scams which target businesses that conduct wire transfers as part of their business operations. The FBI has announced a new evolution of email attacks called Business Email Compromise (BEC) scams which utilize social engineering, phishing, and email hacking to manipulate employees into conducting fraudulent wire transfers. The goal of this study was to use cybersecurity experts to validate the BEC detection measurement criteria for user skills and an awareness training program amongst corporate professionals. BEC attacks have attributed to over $26 billion in financial losses across the globe and are continually increasing. A Delphi methodology was utilized to attain feedback from 30 cybersecurity experts to develop and validate the BEC detection measure and awareness training. Results show that there are four contributing attributes to BEC detection: email authenticity detection skills, malicious mobile application detection skills, ability to detect mobile malware indicators, and the ability to detect phishing emails. The research study concludes with discussions and future research recommendations.
Aviv, Shahar; Levy, Yair; Wang, Ling; and Geri, Nitza, "An expert assessment of corporate professional users to measure business email compromise detection skills and develop a knowledge and awareness training program" (2019). WISP 2019 Proceedings. 19.