Business email compromise: a systematic review of understanding, detection, and challenges
Business email compromise: a systematic review of understanding, detection, and challenges
Business Email Compromise (BEC) is a widespread fraud targeting businesses and individuals to obtain financial benefits and gain access to highly sensitive data. BEC fraud significantly impacts almost all organizations worldwide, resulting in substantial losses. Despite its prevalence, there is a shortage of research on understanding and protecting against this fraud. Consequently, this paper aims to survey existing BEC detection techniques. It first provides an overview of the methods and strategies used by attackers in BEC schemes. It also reviews existing BEC detection and prevention techniques, including both technical and non-technical solutions. The strengths of each technique are objectively discussed, and their limitations are critically analyzed. Finally, this study offers a thorough set of current challenges in BEC detection and outlines future research directions, providing valuable guidance for improving security measures against BEC fraud.
BEC detection, Business Email Compromise (BEC), Email threat, Systematic literature review
Almutairi, Amirah
93ab82cb-5649-45b5-b6a7-a1ce15446354
Kang, BooJoong
cfccdccd-f57f-448e-9f3c-1c51134c48dd
Alhashimy, Nawfal
e73b96f2-bf15-40cb-9af5-23c10ea8e319
25 August 2025
Almutairi, Amirah
93ab82cb-5649-45b5-b6a7-a1ce15446354
Kang, BooJoong
cfccdccd-f57f-448e-9f3c-1c51134c48dd
Alhashimy, Nawfal
e73b96f2-bf15-40cb-9af5-23c10ea8e319
Almutairi, Amirah, Kang, BooJoong and Alhashimy, Nawfal
(2025)
Business email compromise: a systematic review of understanding, detection, and challenges.
Computers & Security, 158, [104630].
(doi:10.1016/j.cose.2025.104630).
Abstract
Business Email Compromise (BEC) is a widespread fraud targeting businesses and individuals to obtain financial benefits and gain access to highly sensitive data. BEC fraud significantly impacts almost all organizations worldwide, resulting in substantial losses. Despite its prevalence, there is a shortage of research on understanding and protecting against this fraud. Consequently, this paper aims to survey existing BEC detection techniques. It first provides an overview of the methods and strategies used by attackers in BEC schemes. It also reviews existing BEC detection and prevention techniques, including both technical and non-technical solutions. The strengths of each technique are objectively discussed, and their limitations are critically analyzed. Finally, this study offers a thorough set of current challenges in BEC detection and outlines future research directions, providing valuable guidance for improving security measures against BEC fraud.
Text
1-s2.0-S0167404825003190-main
- Version of Record
More information
Accepted/In Press date: 7 August 2025
e-pub ahead of print date: 20 August 2025
Published date: 25 August 2025
Keywords:
BEC detection, Business Email Compromise (BEC), Email threat, Systematic literature review
Identifiers
Local EPrints ID: 505843
URI: http://eprints.soton.ac.uk/id/eprint/505843
ISSN: 0167-4048
PURE UUID: cc00e2ce-b291-4357-8665-b93eb9f7887e
Catalogue record
Date deposited: 21 Oct 2025 16:47
Last modified: 22 Oct 2025 02:01
Export record
Altmetrics
Contributors
Author:
Amirah Almutairi
Author:
BooJoong Kang
Author:
Nawfal Alhashimy
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics