{"title":"A Practical Solution Against Business Email Compromise (BEC) Attack using Invoice Checksum","authors":"Songpon Teerakanok, Hiroaki Yasuki, T. Uehara","doi":"10.1109/QRS-C51114.2020.00036","DOIUrl":null,"url":null,"abstract":"This research presents a practical countermeasure against the problem of the bogus invoice scheme, one of the most threatening BEC attacks in modern business. We introduce a straightforward yet highly practical method of creating a checksum from the invoice and shared secret information. Using the generated checksum allows the recipient to confirm the authenticity and integrity of the invoice before proceeding with the actual payment. In this work, generating and verifying of checksum information are done via a smartphone application. Also, the predetermined secret information is stored inside the smartphone to provide better protection against data theft. Lastly, an Android-based application for checksum generation and verification, supporting both manual input and QR code scan, is implemented to demonstrate the use case scenario and practicability of the proposed method.","PeriodicalId":358174,"journal":{"name":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/QRS-C51114.2020.00036","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4
Abstract
This research presents a practical countermeasure against the problem of the bogus invoice scheme, one of the most threatening BEC attacks in modern business. We introduce a straightforward yet highly practical method of creating a checksum from the invoice and shared secret information. Using the generated checksum allows the recipient to confirm the authenticity and integrity of the invoice before proceeding with the actual payment. In this work, generating and verifying of checksum information are done via a smartphone application. Also, the predetermined secret information is stored inside the smartphone to provide better protection against data theft. Lastly, an Android-based application for checksum generation and verification, supporting both manual input and QR code scan, is implemented to demonstrate the use case scenario and practicability of the proposed method.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
