Business email compromise: A systematic review of understanding, detection, and challenges

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-08-20 DOI:10.1016/j.cose.2025.104630

Amirah Almutairi , BooJoong Kang , Nawfal Alhashimy

引用次数: 0

Abstract

Business Email Compromise (BEC) is a widespread fraud targeting businesses and individuals to obtain financial benefits and gain access to highly sensitive data. BEC fraud significantly impacts almost all organizations worldwide, resulting in substantial losses. Despite its prevalence, there is a shortage of research on understanding and protecting against this fraud. Consequently, this paper aims to survey existing BEC detection techniques. It first provides an overview of the methods and strategies used by attackers in BEC schemes. It also reviews existing BEC detection and prevention techniques, including both technical and non-technical solutions. The strengths of each technique are objectively discussed, and their limitations are critically analyzed. Finally, this study offers a thorough set of current challenges in BEC detection and outlines future research directions, providing valuable guidance for improving security measures against BEC fraud.

查看原文本刊更多论文

商业电子邮件妥协：对理解、检测和挑战的系统回顾

商务电子邮件泄露（BEC）是一种广泛存在的针对企业和个人的欺诈行为，目的是获取经济利益和获取高度敏感的数据。BEC欺诈严重影响了全球几乎所有的组织，造成了巨大的损失。尽管它很普遍，但缺乏对这种欺诈行为的理解和保护的研究。因此，本文旨在综述现有的BEC检测技术。本文首先概述了攻击者在BEC方案中使用的方法和策略。它还回顾了现有的BEC检测和预防技术，包括技术和非技术解决方案。客观地讨论了每种技术的优势，并批判性地分析了它们的局限性。最后，本研究提出了当前BEC检测面临的挑战，并概述了未来的研究方向，为改进针对BEC欺诈的安全措施提供了有价值的指导。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.