You are currently viewing a new version of our website. To view the old version click .
MDPIMDPI
Search all articles
Sensors
Download PDF
  • Article
  • Open Access

5 March 2024

BEC Defender: QR Code-Based Methodology for Prevention of Business Email Compromise (BEC) Attacks

,
,
,
and
1
Cyber Crime Division, Hellenic Police, 173 Alexandras Avenue, 11522 Athens, Greece
2
Department of Informatics and Telecommunications, University of Ioannina, Kostaki Artas, 47150 Arta, Greece
3
Department of Materials Science and Engineering, University of Ioannina, 45110 Ioannina, Greece
4
Independent Researcher, 10678 Athens, Greece
Sensors2024, 24(5), 1676;https://doi.org/10.3390/s24051676
This article belongs to the Special Issue Data Protection and Privacy in Industry 4.0 Era
Version Notes
Order Reprints

Abstract

In an era of ever-evolving and increasingly sophisticated cyber threats, protecting sensitive information from cyberattacks such as business email compromise (BEC) attacks has become a top priority for individuals and enterprises. Existing methods used to counteract the risks linked to BEC attacks frequently prove ineffective because of the continuous development and evolution of these malicious schemes. This research introduces a novel methodology for safeguarding against BEC attacks called the BEC Defender. The methodology implemented in this paper augments the authentication mechanisms within business emails by employing a multi-layered validation process, which includes a MAC address as an identity token, QR code generation, and the integration of timestamps as unique identifiers. The BEC-Defender algorithm was implemented and evaluated in a laboratory environment, exhibiting promising results against BEC attacks by adding an extra layer of authentication.

1. Introduction

Email has become an integral part of our daily lives, with over 333.2 billion emails sent and received per day in 2022 worldwide [1]. However, the convenience of email has also led to an increase in cyberattacks, including business email compromise (BEC) attacks. In a BEC attack, an attacker impersonates a legitimate sender to deceive the receiver into sending money or sensitive information.
More specifically, in a typical business email compromise (BEC) scheme, the perpetrators carefully select their target and employ a series of tactics to gather valuable information from open-source intelligence (OSINT) techniques [2] and then construct an elaborated malicious email, often assuming the identity of a trusted entity or source. Within this fraudulent email, the attacker may employ sophisticated social engineering techniques, designed to manipulate and coerce the recipient into taking actions that ultimately benefit the scammer. Alternatively, the email may include malicious payloads, such as viruses concealed in various attachments or deceitful links. These malicious actions serve multiple nefarious purposes. Firstly, they aim to compromise the victim’s communication channels, potentially allowing the scammer to intercept sensitive information. Moreover, the attacker may seek to extract money or valuable data from the unsuspecting victim [3,4]. In essence, BEC attacks represent a multifaceted threat that combines careful target selection, information gathering, persuasive impersonation, and the deployment of harmful software or links to achieve illegal objectives.
These attacks are often successful because they exploit human error, such as trusting an email’s contents without verifying its authenticity. In 2022 alone, BEC attacks resulted in losses of nearly USD 2.7 billion globally, which is an escalation of approximately USD 350 million from the preceding year (2021), and a notable surge of around USD 860 million from the year 2020, according to the FBI statistics report [5].
Figure 1 depicts a general BEC scheme timeline. In Step 1, the attackers identify a target, most commonly a CEO or CFO. The primary objective of the attacker is to extract financial gains or confidential data by assuming the identity of a high-ranking individual within a corporation. However, the final or intermediary victims can range from the CEO or CFO to employees within different departments, such as accountants or IT personnel. In Step 2, the attackers employ social engineering techniques in order to gather information about the victim or victims (employees or associates in the targeting enterprise), and, in Step 3, the attacker crafts a sophisticated email in order to extract funds or intercept sensitive information (Step 4) [6].
Figure 1. Business email compromise timeline.
To mitigate business email compromise (BEC) attacks and ensure the security of online communications, individuals, enterprises, and critical infrastructures employ a range of both technical and non-technical tools for their protection.
The primary category of tools, known as technical solutions, encompasses a variety of defenses, such as antivirus software to shield against malicious payloads, antimalware programs, email protocols like DMARC (Domain-Based Message Authentication, Reporting, and Conformance), machine learning algorithms, encryption methods, multi-factor authentication (MFA) solutions, and other specialized services. DMARC shields against domain spoofing through digital signatures, ensuring email integrity, but determined attackers can manipulate email addresses to deceive recipients. Antivirus and antimalware software plays a crucial role in guarding against malicious URLs and programs, relying on widespread adoption and updates, but it remains susceptible to emerging threats and social engineering techniques. Machine learning algorithms show promise in classifying emails and identifying BEC attack patterns but require the analysis of large amounts of data, particularly within email body text. Encryption provides substantial security benefits but faces challenges such as complexity, key management, compatibility issues, and potential processing overhead. Multi-factor authentication (MFA) offers an additional layer of protection but introduces challenges in terms of convenience, compatibility, and the phishing risk, leaving room for uncertainty in BEC attacks.
The second group centers on non-technical safeguards/countermeasures, which are equally vital. Among these, user awareness training stands out as an essential element in educating personnel about BEC threats and phishing tactics. Clearly defined security policies and the establishment of specialized social engineering departments further bolster an organization’s resilience against BEC attacks. The main drawback of non-technical measurements is that they rely heavily on the human factor, introducing unique challenges and demanding constant vigilance and adaptation due to the ever-evolving nature of BEC attacks. In essence, these non-technical strategies are crucial components, but they require a deep understanding of the human element in security, acknowledging its dual role in both bolstering and undermining the defense effectiveness against cybercriminal tactics.
Despite the availability of these multifaceted tools and strategies, the implementation process and the complexity of the defenses can often overwhelm the average user. Experienced scammers, recognizing this challenge, often exploit and capitalize on the vulnerabilities stemming from limited awareness and technical gaps, highlighting the persistent requirement for heightened vigilance, continuous education, and innovative security measures amidst the ever-changing threat environment.
To address this issue, this research proposes a novel methodology called the BEC Defender that leverages various authentication techniques to secure email communication and protect against BEC attacks.
The methodology capitalizes on particular user attributes and QR code technology to secure email communication with an additional layer of authentication. The user attributes encompass the sender’s MAC address, IP address, and hostname, and the email creation timestamp. These attributes are encoded via a dedicated algorithm, resulting in an output that is transmuted into a QR code. Subsequently, the user includes the generated QR code when attaching it to the email, allowing the receiver to authenticate the legitimacy of the sender’s identity. This proposed scheme is designed in its current state for desktop and laptop devices.
With the proposed methodology described in this research, the authors aim to create a tool for defending against BEC attacks by stopping the attacker in Step 2 (Figure 1), which involves the impersonation of a trusted entity or source. The impersonation of a trusted entity is a critical element in business email compromise attacks and significantly contributes to their success.
In this paper, we present the theoretical foundation and implementation details of our solution in an effort to enhance email security and protection against BEC attacks. We also provide an overview of related works and discuss the advantages and limitations of our proposed solution.

2. Literature Review Methodology

A systematic search strategy across various academic search engines, such as Google Scholar, Core, Scopus, and Science.gov, were employed to conduct the literature review.
This process involved the utilization of multiple keywords and key phrases, such as “BEC”, “DMARC”, “BEC prevention methods”, “Message Authentication Code–MAC”, “QR technology”, “email security”, etc. Following a pilot search, an inclusion/exclusion procedure was employed in which articles irrelevant to this study were excluded, while those relevant were included and analyzed. Furthermore, additional searches using the referenced works of relevant articles were also conducted (the snowball effect).
For the experimental section of this research, various searches were conducted using multiple keywords and key phrases, such as “protection against BEC using physical properties of the computer”, “authentication using MAC address”, “identification using MAC address”, “cryptographic solutions for email protection”, “spoofing MAC addresses”, and others, using the same academic search engines mentioned earlier. The total procedure of the research methodology is depicted in Figure 2.
Figure 2. Steps of research methodology.
Despite being utilized in numerous systematic studies, this methodology possesses certain limitations. One limitation is its potential to restrict the scope of the review or study, which could result in readers lacking a comprehensive understanding of the subject matter. Furthermore, our data collection was constrained to only four scientific search engines, potentially limiting the number of publications considered in our review. Although these sources are considered reliable, the limitation lies in not exploring all possible sources to identify relevant articles related to our study objectives.

4. Proposed Methodology

To implement our solution, the BEC Defender collects the sender’s MAC address, IP address, and hostname, and a timestamp. Each of these components serves a specific purpose: the MAC address acts as an identifier, challenging spoofing attempts; the IP address and username provide additional data for forensic analysis and database classification; and the timestamp ensures that the validation token remains valid for a limited duration, typically three hours from its creation.
In the next step, a message authentication code (MAC) is generated using the MAC address, and all the above mentioned data are converted into a QR code, which can be sent along with the email. When the receiver receives the email, they can decode the QR code using the BEC Defender and then proceed to the sender verification procedure.
This authentication is accomplished by cross-referencing the sender against a preapproved list and comparing the original timestamp with the recipient’s system time. The time differential between the two timestamps should not exceed 10,800 s, which is equivalent to a 3 h window, effectively preventing potential attacks, such as man-in-the-middle exploits and replay attacks.

4.1. Background

This Section presents the concepts necessary for presenting the subsequent Sections and the proposed methodology. The proposed solution builds on several well-established cryptographic techniques, including message authentication code (MAC) and QR code technology.

4.1.1. Message Authentication Code (MAC)

A message authentication code (MAC) is a cryptographic code that is enclosed in a message or in data in order to ensure the message’s integrity and authenticity. Message authentication codes (MACs) offer an effective method for verifying that a message remains unaltered during transmission and that the sender’s identity is genuine [54]. The generation of a message authentication code involves applying a specific cryptographic algorithm to the message, resulting in the creation of a unique code. This process ensures the integrity and authenticity of the message. Upon receiving the message and the associated MAC, the recipient has the ability to recompose the MAC using the same key and the received message. If the recalculated MAC matches the one initially received, the receiver confirms that the message remained unaltered during transmission and indeed originated from the party possessing the corresponding secret key.
MACs are extensively used in a variety of security protocols and applications, like network communication, secure data storage, banking applications, and validation techniques. They offer a reliable way to confirm the authenticity and integrity of data, thereby establishing themselves as an element of secure communication [55,56].

4.1.2. Quick-Response (QR) Codes

Quick-Response (QR) codes [57] are two-dimensional barcodes that can store information such as text, URLs, or contact information. QR codes are widely used in various applications, such as ticketing, inventory management, and marketing. The advantage of QR codes is their ability to store a large amount of data, making them ideal for transmitting encrypted data securely. They are also considered a user-friendly approach when it comes to transferring data.

4.2. Implementation

In this Section, we present the development of the algorithm designed to fortify online communications against malicious acts, with a specific focus on countering business email compromise (BEC) attacks. The algorithm was created using the Python programming language and was tested across both the Windows and Linux operating systems. For the evaluation process, testing emails were established using Gmail accounts, serving as the sender and receiver in simulated scenarios.
By employing Python as the programming language, the algorithm leverages its versatility and functionality, ensuring robust implementation and ease of integration. The choice of the Windows and Linux OS terminals allows for broader applicability and cross-platform compatibility, catering to a wide range of users.
The use of Gmail accounts as the testing environment enables real-world simulations, facilitating the comprehensive testing of the algorithm’s effectiveness in safeguarding against BEC attacks. By mimicking actual communication scenarios, the algorithm’s resilience can be thoroughly assessed.
Throughout this Section, we will delve into the core concepts, methodologies, and step-by-step creation of the algorithm, elucidating how it bolsters online communication security and acts as a crucial defense against malicious cyber threats, particularly in the context of BEC attacks.
Figure 3 and Figure 4 describe the procedure of the QR code generation, which contains the sender’s information and the procedure used for the decryption and evaluation of the sender identity through a comparison of the information included. The algorithm aims to serve as a robust security measure for email communication.
Figure 3. Description of BEC-Defender algorithm for sender procedure.
Figure 4. Description of BEC-Defender algorithm for receiver procedure.

Initialization Phase

Our scheme incorporates a crucial initialization phase to ensure secure communication. In the case of communication between different enterprises/organizations, it is suggested that both recipients are pre-distributed a common symmetric key via physical interaction or by exchanging post office mail. This ensures the confidentiality and integrity of the key exchange process. Once this prerequisite is met, the recipients can proceed to register their MAC addresses by following the algorithm outlined below.
MAC address Database creation
Each user has to register their MAC address via one recipient. The user has to send a registration form to the technical department that contains the following information:
  • SHA2 MAC address;
  • Hostname (hostnames are typically configured by users for their devices, particularly in the case of desktops and laptops).
This information is stored in a database in the user’s private system and contains two columns of information with the above gathered data. Each recipient follows the following algorithm to register their MAC address:
Algorithm for Registration
Input: MAC Address, Hostname
Output: Success or Failure
  • Generate the Hash Code for the MAC Address using the SHA2 algorithm and store it in SHA2MAC.
  • If SHA2MAC Address exists in Database, then
    • Write “Already Exists”
    • Returns “Failure”
  • else
    • Store SHA2MAC and hostname and new record generated in the database
    • Write “Record Saved”
    • Returns “Success”
  • end if
  • Stop.
Sender
From the sender’s perspective, this algorithm will execute a series of well-defined steps to guarantee the secure transmission of information. More analytically,
  • MAC address collection and the hashing of the MAC address: The algorithm encodes the sender’s MAC address using a keyed-hash message authentication code (HMAC). We utilize the SHA2 hash function to generate the message authentication code, employing a shared symmetric key;
  • Cipher text creation and encryption: Next, the algorithm encrypts the information of the IP address, hostname, and timestamp. The message is encrypted using a 32-byte key, resulting in a ciphertext. More specifically, Fernet encryption is employed with the help of the equivalent library in Python;
  • Cipher text and MAC code integration: The cipher text and message authentication code are merged into a new message structure. This process is facilitated by the use of the “|” character, which serves as a delimiter;
  • QR code generation: In the final step of the process, the MAC code, along with the cipher text, are encoded into a QR code. This QR code can be conveniently included in the sender’s email, making it a convenient and secure method for transmitting the data.
The proposed scheme for secure communication is based on symmetric cryptography. In order to enhance the strength of the communication and mitigate the risk of relying solely on a single symmetric key, we have opted for the utilization of two common secret keys. This approach safeguards against potential vulnerabilities that may arise from phishing attacks, during which the key could be exposed. By employing this dual-key system, we ensure a higher level of security and resilience in our communication framework. To enhance the security and privacy of our communication system, we have implemented a robust scheme that employs two distinct secret keys. The first key is exclusively used for encryption, ensuring that the transmitted data remain confidential and protected from unauthorized access. The second key serves the crucial purpose of generating and verifying the message authentication code (MAC), guaranteeing the authenticity and integrity of the exchanged messages.
Receiver
Upon receiving the encrypted QR code to the testing email, the algorithm commences the validation process:
  • First, it decodes the QR code and, with the use of the “|” character, extracts the cipher text and the message authentication code;
  • Next, the algorithm commences the decryption of the cipher text using the encryption key in order to extract the hostname and the timestamp;
  • In the initial validation process, the receiver reconstructs the message authentication code (MAC) using the authentication key and the stored hashed value of the MAC address of the data source linked to the corresponding hostname. This reconstructed MAC code is then compared with the received MAC code. If the two MAC codes match, the algorithm proceeds to the next validation step. However, if the MAC codes do not match, the algorithm generates the message “Message has been altered”;
  • Finally, the next validation requirement involves assessing the decrypted timestamp. By comparing the sender’s timestamp with the receiver’s timestamp (the blue line in Figure 3), the algorithm ensures that the timeframe between the QR code’s creation and receipt is within three hours. If this condition is met, the algorithm confirms the third validation requirement and prints the message “Message is authentic”. However, if the timeframe exceeds three hours, indicating a potential replay attack or unauthorized delay, the algorithm identifies it as a red flag.
In conclusion, the BEC-Defender algorithm introduces a robust validation system to guarantee the authenticity of the sender’s identity while eradicating the risks of replay attacks and man-in-the-middle exploits. Through the utilization of data encryption, MAC code verification, the creation of QR codes, and the incorporation of timestamps as distinctive markers, the BEC-Defender algorithm delivers a secure and effective strategy for fortifying email communications against potential threats and serves as a proactive defense against BEC attacks.

5. Performance Evaluation

To thoroughly evaluate the robustness of the proposed algorithm and its efficacy in enhancing email communication security, an extensive testing phase was conducted. This comprehensive assessment encompassed 10 diverse email accounts sourced from various providers, such as Gmail, Yahoo, and Proton Mail. To ensure comprehensive testing, virtual machines were utilized to simulate different operating systems, including Windows 10, Ubuntu, and Kali Linux.
Over the course of the evaluation, more than 100 tests were carried out on these virtual machines, with each test involving the use of different MAC addresses, while the predefined list of MAC addresses in the algorithm databases was limited to 10 permittable values. To achieve this, the Technitium MAC Address Changer v6 program was employed on Windows OS, while the MacChanger program was utilized on the Ubuntu/Kali Linux operating systems. These tools facilitated the generation of distinct MAC addresses for each test by spoofing the original MAC address, enabling a wide range of scenarios for examination.
By conducting tests across various email providers and operating systems, the algorithm’s adaptability and efficiency were thoroughly examined. The use of virtual machines ensured a controlled testing environment, eliminating potential interference from actual hardware configurations.
Table A1 (Appendix ATable A1) shows the permitted ten out of fifty MAC addresses for the tests conducted in the Windows operating system with various spoofed MAC addresses, which are presented in Table A2 (Appendix ATable A2).
To assess the viability of the proposed solution, we consider a scenario in which Sender (A) aims to transmit an email to Receiver (B) containing sensitive information or orders. It is essential for Sender (A) to guarantee that the recipient can authenticate their identity securely. Sender (A) incorporates the QR code into the email body or attaches it. The QR code that Sender (A) created though the BEC-Defender algorithm encloses the encrypted data and the message authentication code, as mentioned earlier in the Proposed Methodology Section.
Upon receipt, Receiver (B) employs an algorithm to decode the QR code and verify the identity of Sender (A). The algorithm performs a series of cross-validations:
1. The algorithm cross-references the sender’s MAC code with the generated MAC code. If the two MAC codes are identical, the algorithm proceeds to the next validation. Through this procedure, the algorithm verifies whether the encoded MAC address included in the QR code matches any of the preapproved values on the data source. If a match is found, the algorithm proceeds to the third and final validation;
2. In the final step, the algorithm compares the timestamp of the QR code creation with the current execution timestamp. If the time elapsed between these two events is less than three hours, the algorithm concludes all the validations and prints out a “Message is authentic” response.
If any of the above validations fail, the algorithm will generate a response indicating that the message has been altered. To enhance the resilience of the algorithm against replay attacks, we can introduce a random number into the calculation of the SHA2 hash function.
As a result, Receiver (B) will have two validation procedures to verify the identity of Sender (A). The first validation ensures that the email originated from a trusted source. The second validation, tied to the timeframe, protects against the potential interception and misuse of the unique QR code by malicious actors attempting to create fraudulent emails with identical tokens. This multi-layered authentication process significantly enhances the security and trustworthiness of email communication, particularly in scenarios that require stringent identity validation.
Table 2 exhibits some of the results during the testing phase. The first column of Table 2 refers to 10 of the total MAC address values (Appendix A Table A1 and Table A2).
Table 2. Results of various tests using BEC-Defender algorithm. The algorithm performs various validations to ensure the sender’s verification.
The second column of Table 2 refers to the first validation process of the BEC-Defender algorithm, which, as described earlier in the Proposed Methodology Section, compares the new generated MAC commenced by the algorithm for the receiver with that of the sender.
Five out of ten of these values are permitted, meaning that they are part of the database that includes permitted MAC address values and which the algorithm uses to cross-reference with the MAC address included in the sender’s QR code. The remaining five MAC addresses are those not included in the database, meaning that they will not pass the validation process.
Columns four, five, and six in Table 2 correspond to the creation date/time of the QR code, the validation date/time of the QR code, and the timestamp validation status. In order to characterize the timestamp validation status as valid, it is required that the duration between the creation and validation date/time of the QR code falls within the 3 h timeframe.
Through these various tests, the proposed algorithm’s solution was tested, providing valuable insights into its effectiveness at safeguarding email communication against potential threats, like business email compromise (BEC) attacks. The results of these tests play a vital role in validating the algorithm’s capabilities and establishing its credibility as a powerful solution in the realm of cyber defense.

6. Discussion

6.1. Advantages–Limitations

The proposed solution offers several advantages over traditional email systems. Firstly, the use of QR codes as an additional layer of authentication enhances the security of the email communication. By requiring the sender to provide additional identification data encrypted within the QR code, the system mitigates the risk of impersonation and prevents unauthorized individuals from sending fraudulent emails.
Secondly, the encryption of the sender’s data provides a high level of confidentiality and data integrity. The use of encryption ensures that only the intended recipient can decrypt and access the sender’s information, preventing eavesdropping and unauthorized access.
Furthermore, the incorporation of a preapproved list of MAC addresses adds an extra layer of security. By comparing the sender’s information with this list, the program can quickly identify and flag any suspicious or unauthorized senders, reducing the risk of falling victim to BEC attacks. The MAC address value of the sender is encoded in order to prevent potential data theft via eavesdropping.
Ultimately, by including a timestamp in the message and implementing a three-hour window, the algorithm aims to protect against replay attacks and potential man-in-the-middle exploits.
Despite its advantages, the proposed solution also has some limitations that need to be considered. Firstly, the program relies on both the sender and receiver using the system for secure email communication. This means that the widespread adoption and awareness of the program in a company are essential for its effectiveness. Additionally, the initial setup and configuration process may require technical expertise, potentially limiting its accessibility to only IT staff.
Secondly, the program’s reliance on the preapproved list assumes that the list itself is secure and free from any unauthorized modifications. Regular reviews and updates of the approved list are necessary to maintain its integrity.

6.2. Conclusion–Future Work

In conclusion, email security is a critical concern in today’s digital landscape, with BEC attacks posing a significant threat. The BEC Defender is a promising methodology that uses a programmable QR code system for secure email communication, incorporates encryption and authentication techniques, and shows promise in enhancing email security and preventing BEC attacks.
By leveraging MAC code, data encryption, and QR code technology and a preapproved list of senders’ information, the BEC Defender adds layers of confidentiality, integrity, and authentication to email communication. However, it is essential to address the limitations, such as user adoption, the system setup, and the need for continuous updates to maintain its effectiveness.
Future research directions may involve the use of other types of encryptions, updating and refining the user interface to make it more user-friendly and accessible, exploring the integration of additional authentication methods, such as two-factor authentication or biometric authentication, and conducting thorough security audits to identify and address potential vulnerabilities. Moreover, future work could aim to adapt our BEC-Defender algorithm solution into an add-on or plugin that is compatible with a range of web browsers, simplifying its usage for the end user.
With continuous improvements and widespread adoption, the proposed methodology has the potential to significantly enhance email security, protect against BEC attacks, and provide users with a safer and more secure email communication experience.

Author Contributions

Conceptualization, A.P. and G.L.; writing—original draft preparation, A.P. and G.L.; Python programming, A.P., G.L., and G.P., writing—review and editing, A.P., G.L., V.L., and E.G.; supervision V.L. and E.G. All authors have read and agreed to the published version of the manuscript.

Funding

The support of this work from the project “Immersive Virtual, Augmented and Mixed Reality Center of Epirus” (MIS 5047221), which is implemented under the Action “Reinforcement of the Research and Innovation Infrastructure”, funded by the Operational Programme “Competitiveness, Entrepreneurship and Innovation” (NSRF 2014-2020) and co-financed by Greece and the European Union (European Regional Development Fund).

Institutional Review Board Statement

Not applicable.

Data Availability Statement

Data are contained within the article.

Conflicts of Interest

The authors declare no conflicts of interest.

Appendix A

Table A1. Permitted MAC addresses.
Table A1. Permitted MAC addresses.
Permitted MAC Addresses
02-F2-74-7F-8F-5A
00-05-54-05-63-14
18-97-FF-0B-42-FB
50-F0-D3-3B-A8-B8
8C-7C-92-51-42-E6
34-A7-09-D2-12-96
00-11-0A-7E-5A-AC
00-15-2A-CF-6D-67
00-05-08-A5-E3-C7
18-14-20-6E-30-E1
Table A2. Non-permitted MAC addresses.
Table A2. Non-permitted MAC addresses.
Non-Permitted MAC Addresses
02-70-B0-A7-24-A200-07-A9-FA-63-A0
02-3D-08-AB-95-5600-25-B9-6D-80-DE
02-BD-D1-75-55-D100-30-AC-DB-7C-24
02-1A-2C-E6-D4-9B24-93-CA-D6-85-5F
02-02-A7-57-B4-A844-6D-57-D8-51-73
02-00-85-4E-FD-EA00-19-49-FA-02-0A
02-01-C6-9D-2D-AD00-04-27-DC-BC-1C
02-0E-F0-92-A5-1D54-4A-00-05-3B-CC
02-68-95-E8-13-1300-0E-D0-EB-D0-68
00-20-74-35-4D-2900-18-FA-C6-0A-3E
00-C0-AD-10-23-1300-1A-6A-10-57-AD
02-1E-43-C7-B8-FD00-16-03-24-7C-DD
00-25-16-7B-9F-FC00-A0-B5-46-26-55
00-11-D8-6A-C8-18C0-5E-6F-43-14-B0
00-0D-C1-08-EC-2600-0A-DF-41-FC-4B
00-1A-94-82-42-D100-25-D8-E0-ED-54
00-0A-06-96-27-E494-8B-03-7B-84-1D
00-90-78-3C-78-86F4-15-63-C8-63-11
00-01-42-F2-C5-7B00-1F-75-66-3D-9A
00-30-71-87-34-1D64-9A-BE-47-97-8F

References

  1. Oberlo. Available online: https://www.oberlo.com/statistics/how-many-emails-are-sent-per-day (accessed on 1 November 2023).
  2. Pastor-Galindo, J.; Nespoli, P.; Mármol, F.G.; Pérez, G.M. The not yet exploited goldmine of OSINT: Opportunities, open challenges and future trends. IEEE Access 2020, 8, 10282–10304. [Google Scholar] [CrossRef]
  3. Al-Musib, N.S.; Al-Serhani, F.M.; Humayun, M.; Jhanjhi, N.Z. Business email compromise (BEC) attacks. Mater. Today Proc. 2021, 81, 497–503. [Google Scholar] [CrossRef]
  4. Cross, C.; Gillett, R. Exploiting trust for financial gain: An overview of business email compromise (BEC) fraud. J. Financ. Crime 2020, 27, 871–884. [Google Scholar] [CrossRef]
  5. FBI. Internet Crime Report. 2022. Available online: https://www.ic3.gov/Media/PDF/AnnualReport/2022IC3Report.pdf (accessed on 25 April 2023).
  6. González-Granadillo, G.; González-Zarzosa, S.; Diaz, R. Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures. Sensors 2021, 21, 4759. [Google Scholar] [CrossRef] [PubMed]
  7. Singhal, A.; Pavithr, R.S. Degree certificate authentication using QR code and smartphone. Int. J. Comput. Appl. 2015, 120, 38–43. [Google Scholar] [CrossRef]
  8. Aini, Q.; Rahardja, U.; Tangkaw, M.R.; Santoso, N.P.L.; Khoirunisa, A. Embedding a blockchain technology pattern into the QR code for an authentication certificate. J. Online Inform. 2020, 5, 239–244. [Google Scholar] [CrossRef]
  9. Kuacharoen, P.; Warasart, M. Paper-based document authentication using digital signature and qr code. In Proceedings of the International Conference on Computer Engineering and Technology, Bangkok, Thailand, 12–13 May 2012; Volume 40, pp. 1–5. [Google Scholar]
  10. Tkachenko, I.; Puech, W.; Destruel, C.; Strauss, O.; Gaudin, J.M.; Guichard, C. Two-level QR code for private message sharing and document authentication. IEEE Trans. Inf. Forensics Secur. 2015, 11, 571–583. [Google Scholar] [CrossRef]
  11. Kapoor, V.; Abraham, V.S.; Singh, R. Elliptic curve cryptography. Ubiquity 2008, 9, 1–8. [Google Scholar] [CrossRef]
  12. Kazmirchuk, S.; Ilyenko, A.; Ilyenko, S. Digital Signature Authentication Scheme with Message Recovery Based on the Use of Elliptic Curves. In Advances in Computer Science for Engineering and Education II; Hu, Z., Petoukhov, S., Dychka, I., He, M., Eds.; Springer: Berlin/Heidelberg, Germany, 2020; pp. 279–288. [Google Scholar] [CrossRef]
  13. Lu, J.; Yang, Z.; Li, L.; Yuan, W.; Li, L.; Chang, C.C. Multiple schemes for mobile payment authentication using QR code and visual cryptography. Mob. Inf. Syst. 2017, 2017, 4356038. [Google Scholar] [CrossRef]
  14. Liao, K.C.; Lee, W.H. A novel user authentication scheme based on QR-code. J. Netw. 2010, 5, 937–941. [Google Scholar] [CrossRef]
  15. Oh, D.S.; Kim, B.H.; Lee, J.K. A Study on Authentication System Using QR Code for Mobile Cloud Computing Environment. In Future Information Technology. Communications in Computer and Information Science; Park, J.J., Yang, L.T., Lee, C., Eds.; Springer: Berlin/Heidelberg, Germany, 2011; Volume 184. [Google Scholar] [CrossRef]
  16. Choi, K.; Lee, C.; Jeon, W.; Lee, K.; Won, D. A mobile based anti-phishing authentication scheme using QR code. In Proceedings of the International Conference on Mobile IT Convergence IEEE, Gumi, Republic of Korea, 26–28 September 2011; pp. 109–113. [Google Scholar]
  17. Bairwa, A.K.; Joshi, S. Mutual authentication of nodes using session token with fingerprint and MAC address validation. Egypt. Inform. J. 2021, 22, 479–491. [Google Scholar] [CrossRef]
  18. Kumar, M.; Mishra, R. An overview of MANET: History, challenges and applications. Indian J. Comput. Sci. Eng. 2012, 3, 121–125. [Google Scholar]
  19. Chen, C. QR Code Authentication with Embedded Message Authentication Code. Mob. Netw. Appl. 2017, 22, 383–394. [Google Scholar] [CrossRef]
  20. Papathanasiou, A.; Liontos, G.; Liagkou, V.; Glavas, E. Business Email Compromise (BEC) Attacks: Threats, Vulnerabilities and Countermeasures-A Perspective on the Greek Landscape. J. Cybersecur. Priv. 2023, 3, 610–637. [Google Scholar] [CrossRef]
  21. Kucherawy, Μ.; Elizabeth, Z.; Domain-Based Message Authentication, Reporting, and Conformance (DMARC). RFC. 2015. Available online: https://www.rfc-editor.org/rfc/rfc7489 (accessed on 10 November 2023).
  22. Nightingale, J.S. Email Authentication Mechanisms: DMARC, SPF and DKIM; US Department of Commerce, National Institute of Standards and Technology: Gaithersburg, MD, USA, 2017. [Google Scholar]
  23. Derouet, E. Fighting phishing and securing data with email authentication. Comput. Fraud Secur. 2016, 2016, 5–8. [Google Scholar] [CrossRef]
  24. Teerakanok, S.; Yasuki, H.; Uehara, T. A Practical Solution against Business Email Compromise (BEC) Attack using Invoice Checksum. In Proceedings of the 2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C), Macau, China, 11–14 December 2020; pp. 160–167. [Google Scholar]
  25. Särökaari, N. Phishing Attacks and Mitigation Tactics. Master’s Thesis, University of Jyväskylä, Jyväskylä, Finland, 2020. Available online: https://jyx.jyu.fi/bitstream/handle/123456789/72569/1/URN%3ANBN%3Afi%3Ajyu-202011116604.pdf (accessed on 19 November 2023).
  26. Sagiroglu, S.; Canbek, G. Keyloggers: Increasing threats to computer security and privacy. IEEE Technol. Soc. Mag. 2009, 28, 10–17. [Google Scholar] [CrossRef]
  27. Boyd, I.M. The Fundamentals of Computer Hacking; SANS Institute: Rockville, MD, USA, 2021. [Google Scholar]
  28. Nisha, T.N.; Bakari, D.; Shukla, C. Business E-mail Compromise—Techniques and Countermeasures. In Proceedings of the International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE) IEEE, Noida, India, 4–5 March 2021; pp. 217–222. [Google Scholar]
  29. Atlam, H.F.; Oluwatimilehin, O. Business Email Compromise Phishing Detection Based on Machine Learning: A Systematic Literature Review. Electronics 2023, 12, 42. [Google Scholar] [CrossRef]
  30. Cidon, A.; Gavish, L.; Bleier, I.; Korshun, N.; Schweighauser, M.; Tsitkin, A. High Precision Detection of Business Email Compromise. In Proceedings of the 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, USA, 14–16 August 2019; pp. 1291–1307. [Google Scholar]
  31. Cohen, A.; Nissim, N.; Elovici, Y. Novel Set of General Descriptive Features For Enhanced Detection of Malicious Emails Using Machine Learning Methods. Expert Syst. Appl. 2018, 110, 143–169. [Google Scholar] [CrossRef]
  32. Shamir, A.; Identity-Based Cryptosystems and Signature Schemes. In Ibn Al-Haitham Journal for Pure and Applied Sciences (IHJPAS) Special Issue; 2021; Volume 2021, pp. 82–95. Available online: https://api.semanticscholar.org/CorpusID:1402295 (accessed on 27 November 2023).
  33. Sabir, M.; Yousaf, M. Design and Implementation of an End-to-End Web based Trusted Email System. Procedia Comput. Sci. 2018, 141, 231–238. [Google Scholar] [CrossRef]
  34. Mailvelope Inc. Available online: https://www.mailvelope.com/en (accessed on 27 November 2023).
  35. Secure Gmail Plugin. Available online: https://www.securegroup.com/encryption/ (accessed on 29 November 2023).
  36. Ruoti, S.; Andersen, J.; Zappala, D.; Seamons, K. Why Johnny still, still can’t encrypt: Evaluating the usability of a modern PGP client. arXiv. 2015, arXiv:1510.08555. Available online: https://api.semanticscholar.org/CorpusID:5189682 (accessed on 29 October 2023).
  37. Ometov, A.; Bezzateev, S.; Mäkitalo, N.; Andreev, S.; Mikkonen, T.; Koucheryavy, Y. Multi-Factor Authentication: A Survey. Cryptography 2018, 2, 1. [Google Scholar] [CrossRef]
  38. Papathanasaki, M.; Maglaras, L.; Ayres, N. Modern Authentication Methods: A Comprehensive Survey. In AI, Computer Science and Robotics Technology; IntechOpen: London, UK, 2022. [Google Scholar] [CrossRef]
  39. Küpçü, A. Distributing trusted third parties. SIGACT News 2013, 44, 92–112. [Google Scholar] [CrossRef]
  40. Paulin, A.; Welzer, T. A universal system for fair non-repudiable certified e-mail without a trusted third party. Comput. Secur. 2013, 32, 207–218. [Google Scholar] [CrossRef]
  41. ProtonMail, Proton Technologies AG Plugin. Available online: https://protonmail.com/ (accessed on 28 November 2023).
  42. AlSabah, M.; Tomescu, A.; Lebedev, I.; Serpanos, D.; Devadas, S. PriviPK: Certificate-less and secure email communication. Comput. Secur. 2017, 70, 1–15. [Google Scholar] [CrossRef]
  43. Brown, I.; Snow, C. A proxy approach to e-mail security. Softw.-Pract. Exp. 1999, 29, 1049–1060. [Google Scholar] [CrossRef]
  44. Jammalamadaka, R.; Horst, T.; Mehrotra, S.; Seamons, K.; Venkatasubramanian, N. Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine. In Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC), Miami Beach, FL, USA, 11–15 December 2006. [Google Scholar]
  45. Nurhaida, I.; Ramayanti, D.; Riesaputra, R. Digital signature & encryption implementation for increasing authentication, integrity, security and data non-repudiation. Int. Res. J. Comput. Sci. 2017, 4, 4–14. [Google Scholar]
  46. Rai, A.K.; Singh, M.; Sudheendramouli, H.C.; Panwar, V.; Balaji, N.A.; Kukreti, R. Digital Signature for Content Authentication. In Proceedings of the International Conference on Advances in Computing, Communication and Applied Informatics (ACCAI), Chennai, India, 25–26 May 2023; pp. 1–6. [Google Scholar]
  47. Lax, G.; Buccafurri, F.; Caminiti, G. Digital Document Signing: Vulnerabilities and Solutions. Inf. Secur. J. A Glob. Perspect. 2015, 24, 1–14. [Google Scholar] [CrossRef]
  48. Kasodhan, R.; Gupta, N. A New Approach of Digital Signature Verification based on BioGamal Algorithm. In Proceedings of the 3rd International Conference on Computing Methodologies and Communication (ICCMC), Erode, India, 27–29 March 2019; pp. 10–15. [Google Scholar] [CrossRef]
  49. Jensen, M.L.; Dinger, M.; Wright, R.T.; Thatcher, J.B. Training to mitigate phishing attacks using mindfulness techniques. J. Manag. Inf. Syst. 2017, 34, 597–626. [Google Scholar] [CrossRef]
  50. Burgess, A.; Jackson, T.; Edwards, J. Email training significantly reduces email defects. Int. J. Inf. Manag. 2005, 25, 71–83. [Google Scholar] [CrossRef]
  51. HaveIBeenPwned (HIBP). Available online: https://haveibeenpwned.com (accessed on 2 November 2023).
  52. DeHashed. Available online: https://www.dehashed.com (accessed on 20 October 2023).
  53. Bazzell, M. Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information, 3rd ed.; CreateSpace Independent Publishing Platform: Scotts Valley, CA, USA, 2016; pp. 154–166. [Google Scholar]
  54. Preneel, B.; Van Oorschot, P.C. On the security of iterated message authentication codes. IEEE Trans. Inf. Theory 1999, 45, 188–199. [Google Scholar] [CrossRef]
  55. Kaur, R.; Sangal, A.L.; Kumar, K. Mac based multicast source authentication: A survey. Int. J. Comput. Appl. 2012, 37, 42–50. [Google Scholar] [CrossRef]
  56. Ohta, K.; Matsui, M. Differential attack on message authentication codes. In Proceedings of the Advances in Cryptology—CRYPTO ’93: 13th Annual International Cryptology Conference, Santa Barbara, CA, USA, 22–26 August 1993. [Google Scholar]
  57. Pandya, K.H.; Galiyawala, H.J. A Survey on QR Codes: In context of Research and Application. Int. J. Emerg. Technol. Adv. Eng. 2014, 4, 258–262. [Google Scholar]
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Article Metrics

Citations

Article Access Statistics

Journal Statistics
Multiple requests from the same IP address are counted as one view.
Download PDF
IMUs Can Estimate Hip and Knee Range of Motion during Walking Tasks but Are Not Sensitive to Changes in Load or Grade
Previous
An Infrared Image Defect Detection Method for Steel Based on Regularized YOLO
Next