中山管理評論

  期刊全文閱覽

中山管理評論  2023/3

第31卷第1期 數位轉型教學個案專刊  p.171-200

DOI:10.6160/SYSMR.202303_31(1).0006


題目
凱舟濾材-中小企業透過數位技術防堵BEC詐騙
Caware Filtering Corporation- SME Use Digital Technology to Prevent BEC Fraud
(161_M64376cad52d45_Full.pdf 2,801KB)

作者
張敏華、黃子佳、戴佑真/國立中山大學企業管理學系、國立中山大學企業管理學系、國立中山大學行銷傳播管理所
Min-Hua Chang, Tzu-Chia Huang, You-Zhen Dai/

Department of Business Administration,National Sun Yet-sen University; Department of Business Administration,National Sun Yet-sen University; Department of Institute of Marketing Communication,National Sun Yet-sen University


摘要(中文)

網際網路、電子郵件其無國界、低成本、即時性及多元互動等特點,是凱舟跨國商務溝通高度依賴的科技媒介。2019年變臉駭客利用「社交工程技巧」,獲取凱舟業務部員工電子郵件帳密,並接管其帳戶長期監看。根據與客戶往來郵件中洩漏的信息,設定縝密且合理的攻擊手法,多方交叉發信。詐騙客戶將貨款匯至其所預設的假帳戶,造成財損、客戶關係破裂和高管引咎辭職等刻不容緩的挑戰。 透過凱舟BEC攻擊始末,主旨在培養學生辨識與學會防範BEC的能力,提升資安意識。這包括理解駭客使用的技術與非技術性的手法,體會凱舟與客戶遭受經濟與非經濟面的損害。以有限資源組合有效的解決方案,強化商務經濟活動的安全,並帶來數位應用思維質變的成果。

(161_M64376cad52d45_Abs.pdf(檔案不存在))

關鍵字(中文)

商務電子郵件詐騙(BEC)、數位轉型、資訊安全、社交工程、網路攻擊


摘要(英文)

Caware’s international business highly relies on the convenient benefits from internet-web tech due to its features of cross border, low cost, real time and multi-parties communication. In 2019, The BEC hackers alter "social engineering technics" to snatch the log access of Caware sales employee's email account, and follow with consequently surveillance all emails within this account. By monitoring the leached messages and information of emails back-and-forth between Caware & her customers, the hackers locate the target customer & timing with a logical and meticulous manner written scrip. The hackers played the role of customer and supplier between Caware and her customer by sending-and-replying emails in order to hitch the trust of Caware & her supplier. Eventually, the fraud of BEC with hitched trust of Caware & her customer works to let the customer wire order payment into a new bank account which is a fraud bank account. The loss of money, infringement of customer relationship, and job quitting of some related core staffs are all timely crucial challenges for Caware's business operation. From understanding the story of Caware's BEC case, the main goal of this case coaching is to develop the students' sensibility and judgement against BEC attack, prevention skill, and to raise cyber security sensibility therefrom. The acquisition from this coach session includes majorly the illustration of BEC hacker technics of either technical or non-technical manner and to figure the loss of Caware and her customers in the economic-wise or non-economic-wise as well. The side effect of coaching goal shall also shape out how to propose the most optimized solution portfolio by leverage limited resource, the security enhancement of business trading, and to alter the digitalization transformation in decision maker's mindset.

(161_M64376cad52d45_Abs.pdf(檔案不存在))

關鍵字(英文)

Business Email Compromise(BEC), Digital Transformation, Information Security, Social Engineering, Cyberattack


政策與管理意涵


參考文獻

吳志明、朱素玥、方文昌,2006,「供應鏈關係中信任與承諾影響因素之研究-交易成本及社會交換理論觀點」,資訊管理學報,13卷S期:91~118。(Wu, C. M., Chu, S. Y., and Fang, W. C., 2006, “The Study of Trust and Commitment Influence Factors in Supply Chain Relationships-Transaction Cost and Social Exchange Theories Perspectives,” Journal of Information Management, Vol. 13, No. S, 91-118.)
Al-Musib, N. S., Al-Serhani, F. M., Humayun, H., and Jhanjhi, N. Z., 2021, “Business Email Compromise (BEC) Attacks,” Proceedings of Materials Today, Selection and Peer-review under Responsibility of the Scientific Committee of the International Virtual Conference on Sustainable Materials (IVCSM-2k20).
Button, M., McNaugton, N. C., Kerr, J., and Owen, R., 2014, “Online Frauds: Learning from Victims why They Fall for These Scams,” Australian and New Zealand Journal of Criminology, Vol. 47, No. 3, 391-408.
Cross, C. and Rosalie G., 2020, “Exploiting Trust for Financial Gain: An Overview of Business Email Compromise (BEC) Fraud,” Journal of Financial Crime, Vol. 27, No. 3, 871-884.
Jakobsson, M., 2016, “Case Study: Business Email Compromise” in Jakobsson, M. (Ed.) Understanding Social Engineering Based Scams, First Edition, New York: Springer, 115-122.
Matt, C., Thomas H., and Alexander B., 2015, “Digital Transformation Strategies,” Business & Information Systems Engineering, Vol. 57, No. 5, 339-343.
Morgan, R. M. and Hunt, S. D., 1994, “The Commitment-trust Theory of Relationship Marketing,” Journal of Marketing, Vol. 58, No. 3, 20-38.
Rebovich, D., Layne, J., Jiandani, J., and Hage, S., 2000, The National Public Survey on White Collar Crime, 1st, Morgantown, WV: National White Collar Crime Center.
Myojin, S. and Babaguchi, N., 2020, “A Logical Consideration on Fraudulent Email Communication,” Artificial Life and Robotics, Vol. 25, No. 3, 475-481.
Zweighaft, D., 2017, “Business Email Compromise and Executive Impersonation: Are Financial Institutions Exposed?” Journal of Investment Compliance, Vol. 18, No. 1, 1-7.