Something Phish-y is Going On Here: A Teaching Case on Business Email Compromise-Reference-Cited by-同舟云学术

Something Phish-y is Going On Here: A Teaching Case on Business Email Compromise

Published:2019-12-16 Issue:1 Volume:14 Page:A1-A9
ISSN:1936-1270
Container-title:Current Issues in Auditing
language:en
Short-container-title:

Author:

Bakarich Kathleen M.¹^ORCID,Baranek Devon²^ORCID

Affiliation:

1. Hofstra University

2. Rider University

Abstract

SUMMARY This case utilizes a real-world example of a U.S. public company that fell victim to a Business Email Compromise (BEC) scheme in which an employee inadvertently wired millions of dollars to fraudulent accounts based upon email instructions purportedly sent by a company executive and external legal counsel. This is a timely issue to examine given its rising prevalence and magnitude in the corporate world. The case allows students to examine a topic (phishing techniques and email scams) that they are likely to be familiar with on a conceptual level, through the lens of internal controls and external auditing. Examining the case information, SEC filings, and auditing guidance, students will gain an understanding of internal control issues related to BEC and critically think of ways to remediate or implement controls to reduce cybersecurity risk, as well as consider the external auditor's growing responsibilities related to technology and its associated risks.

Publisher

American Accounting Association

Subject

Accounting

Link

http://meridian.allenpress.com/cia/article-pdf/14/1/A1/2780794/i1936-1270-14-1-a1.pdf

Reference16 articles.

1. American Institute of Certified Public Accountants (AICPA). 2019. SOC for cybersecurity: Information for CPAs. Available at: https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/cybersecurityforcpas.html

2. Department of Justice (DOJ). 2018. Best practices for victim response and reporting of cyber incidents, Version 2.0. Available at: https://www.justice.gov/criminal-ccips/file/1096971/download

3. Federal Bureau of Investigation (FBI). 2017a.Internet Crime Compliance Center: 2017 internal crime report. Available at: https://pdf.ic3.gov/2017_IC3Report.pdf

4. Federal Bureau of Investigation (FBI). 2017b.Business e-mail compromise: Cyber-enabled financial fraud on the rise globally. Available at: https://www.fbi.gov/news/stories/business-e-mail-compromise-on-the-rise

5. Federal Bureau of Investigation (FBI). 2018a.Internet Crime Complaint Center (IC3) public service announcement. Business e-mail compromise: The 12 billion dollar scam. Available at: https://www.ic3.gov/media/2018/180712.aspx

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Social Engineering Attacks and Countermeasures;Perspectives on Ethical Hacking and Penetration Testing;2023-09-11

2. Business Email Compromise (BEC) Attacks: Threats, Vulnerabilities and Countermeasures—A Perspective on the Greek Landscape;Journal of Cybersecurity and Privacy;2023-09-02

3. Cybersecurity;Health Informatics;2023

4. Accountants, Cybersecurity Isn't Just for “Techies”: Incorporating Cybersecurity into the Accounting Curriculum;Issues in Accounting Education;2022-02-10

5. Online Grooming;White-Collar Crime Online;2021-10-06