{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T23:33:36Z","timestamp":1780356816581,"version":"3.54.1"},"reference-count":57,"publisher":"MDPI AG","issue":"5","license":[{"start":{"date-parts":[[2024,3,5]],"date-time":"2024-03-05T00:00:00Z","timestamp":1709596800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"mmersive Virtual, Augmented and Mixed Reality Center of Epirus","award":["MIS 5047221"],"award-info":[{"award-number":["MIS 5047221"]}]},{"name":"mmersive Virtual, Augmented and Mixed Reality Center of Epirus","award":["NSRF 2014-2020"],"award-info":[{"award-number":["NSRF 2014-2020"]}]},{"name":"Competitiveness, Entrepreneurship and Innovation","award":["MIS 5047221"],"award-info":[{"award-number":["MIS 5047221"]}]},{"name":"Competitiveness, Entrepreneurship and Innovation","award":["NSRF 2014-2020"],"award-info":[{"award-number":["NSRF 2014-2020"]}]},{"name":"European Regional Development Fund","award":["MIS 5047221"],"award-info":[{"award-number":["MIS 5047221"]}]},{"name":"European Regional Development Fund","award":["NSRF 2014-2020"],"award-info":[{"award-number":["NSRF 2014-2020"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>In an era of ever-evolving and increasingly sophisticated cyber threats, protecting sensitive information from cyberattacks such as business email compromise (BEC) attacks has become a top priority for individuals and enterprises. Existing methods used to counteract the risks linked to BEC attacks frequently prove ineffective because of the continuous development and evolution of these malicious schemes. This research introduces a novel methodology for safeguarding against BEC attacks called the BEC Defender. The methodology implemented in this paper augments the authentication mechanisms within business emails by employing a multi-layered validation process, which includes a MAC address as an identity token, QR code generation, and the integration of timestamps as unique identifiers. The BEC-Defender algorithm was implemented and evaluated in a laboratory environment, exhibiting promising results against BEC attacks by adding an extra layer of authentication.<\/jats:p>","DOI":"10.3390\/s24051676","type":"journal-article","created":{"date-parts":[[2024,3,5]],"date-time":"2024-03-05T03:03:20Z","timestamp":1709607800000},"page":"1676","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["BEC Defender: QR Code-Based Methodology for Prevention of Business Email Compromise (BEC) Attacks"],"prefix":"10.3390","volume":"24","author":[{"given":"Anastasios","family":"Papathanasiou","sequence":"first","affiliation":[{"name":"Cyber Crime Division, Hellenic Police, 173 Alexandras Avenue, 11522 Athens, Greece"},{"name":"Department of Informatics and Telecommunications, University of Ioannina, Kostaki Artas, 47150 Arta, Greece"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-7197-2196","authenticated-orcid":false,"given":"George","family":"Liontos","sequence":"additional","affiliation":[{"name":"Department of Materials Science and Engineering, University of Ioannina, 45110 Ioannina, Greece"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Georgios","family":"Paparis","sequence":"additional","affiliation":[{"name":"Independent Researcher, 10678 Athens, Greece"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1162-5490","authenticated-orcid":false,"given":"Vasiliki","family":"Liagkou","sequence":"additional","affiliation":[{"name":"Department of Informatics and Telecommunications, University of Ioannina, Kostaki Artas, 47150 Arta, Greece"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5604-3507","authenticated-orcid":false,"given":"Euripides","family":"Glavas","sequence":"additional","affiliation":[{"name":"Department of Informatics and Telecommunications, University of Ioannina, Kostaki Artas, 47150 Arta, Greece"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2024,3,5]]},"reference":[{"key":"ref_1","unstructured":"(2023, November 01). Oberlo. Available online: https:\/\/www.oberlo.com\/statistics\/how-many-emails-are-sent-per-day."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"10282","DOI":"10.1109\/ACCESS.2020.2965257","article-title":"The not yet exploited goldmine of OSINT: Opportunities, open challenges and future trends","volume":"8","author":"Nespoli","year":"2020","journal-title":"IEEE Access"},{"key":"ref_3","first-page":"497","article-title":"Business email compromise (BEC) attacks","volume":"81","author":"Humayun","year":"2021","journal-title":"Mater. Today Proc."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"871","DOI":"10.1108\/JFC-02-2020-0026","article-title":"Exploiting trust for financial gain: An overview of business email compromise (BEC) fraud","volume":"27","author":"Cross","year":"2020","journal-title":"J. Financ. Crime"},{"key":"ref_5","unstructured":"FBI (2023, April 25). Internet Crime Report, Available online: https:\/\/www.ic3.gov\/Media\/PDF\/AnnualReport\/2022IC3Report.pdf."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Gonz\u00e1lez-Granadillo, G., Gonz\u00e1lez-Zarzosa, S., and Diaz, R. (2021). Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures. Sensors, 21.","DOI":"10.3390\/s21144759"},{"key":"ref_7","first-page":"38","article-title":"Degree certificate authentication using QR code and smartphone","volume":"120","author":"Singhal","year":"2015","journal-title":"Int. J. Comput. Appl."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"239","DOI":"10.15575\/join.v5i2.583","article-title":"Embedding a blockchain technology pattern into the QR code for an authentication certificate","volume":"5","author":"Aini","year":"2020","journal-title":"J. Online Inform."},{"key":"ref_9","unstructured":"Kuacharoen, P., and Warasart, M. (2012, January 12\u201313). Paper-based document authentication using digital signature and qr code. Proceedings of the International Conference on Computer Engineering and Technology, Bangkok, Thailand."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"571","DOI":"10.1109\/TIFS.2015.2506546","article-title":"Two-level QR code for private message sharing and document authentication","volume":"11","author":"Tkachenko","year":"2015","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1386853.1378356","article-title":"Elliptic curve cryptography","volume":"9","author":"Kapoor","year":"2008","journal-title":"Ubiquity"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Hu, Z., Petoukhov, S., Dychka, I., and He, M. (2020). Advances in Computer Science for Engineering and Education II, Springer.","DOI":"10.1007\/978-3-030-16621-2"},{"key":"ref_13","first-page":"4356038","article-title":"Multiple schemes for mobile payment authentication using QR code and visual cryptography","volume":"2017","author":"Lu","year":"2017","journal-title":"Mob. Inf. Syst."},{"key":"ref_14","first-page":"937","article-title":"A novel user authentication scheme based on QR-code","volume":"5","author":"Liao","year":"2010","journal-title":"J. Netw."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Park, J.J., Yang, L.T., and Lee, C. (2011). Future Information Technology. Communications in Computer and Information Science, Springer.","DOI":"10.1007\/978-3-642-22333-4"},{"key":"ref_16","unstructured":"Choi, K., Lee, C., Jeon, W., Lee, K., and Won, D. (2011, January 26\u201328). A mobile based anti-phishing authentication scheme using QR code. Proceedings of the International Conference on Mobile IT Convergence IEEE, Gumi, Republic of Korea."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"479","DOI":"10.1016\/j.eij.2021.03.003","article-title":"Mutual authentication of nodes using session token with fingerprint and MAC address validation","volume":"22","author":"Bairwa","year":"2021","journal-title":"Egypt. Inform. J."},{"key":"ref_18","first-page":"121","article-title":"An overview of MANET: History, challenges and applications","volume":"3","author":"Kumar","year":"2012","journal-title":"Indian J. Comput. Sci. Eng."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"383","DOI":"10.1007\/s11036-016-0772-y","article-title":"QR Code Authentication with Embedded Message Authentication Code","volume":"22","author":"Chen","year":"2017","journal-title":"Mob. Netw. Appl."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"610","DOI":"10.3390\/jcp3030029","article-title":"Business Email Compromise (BEC) Attacks: Threats, Vulnerabilities and Countermeasures-A Perspective on the Greek Landscape","volume":"3","author":"Papathanasiou","year":"2023","journal-title":"J. Cybersecur. Priv."},{"key":"ref_21","unstructured":"Kucherawy, \u039c., Elizabeth, Z., and Domain-Based Message Authentication, Reporting, and Conformance (DMARC) (2023, November 10). RFC. Available online: https:\/\/www.rfc-editor.org\/rfc\/rfc7489."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Nightingale, J.S. (2017). Email Authentication Mechanisms: DMARC, SPF and DKIM, US Department of Commerce, National Institute of Standards and Technology.","DOI":"10.6028\/NIST.TN.1945"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1016\/S1361-3723(16)30079-3","article-title":"Fighting phishing and securing data with email authentication","volume":"2016","author":"Derouet","year":"2016","journal-title":"Comput. Fraud Secur."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Teerakanok, S., Yasuki, H., and Uehara, T. (2020, January 11\u201314). A Practical Solution against Business Email Compromise (BEC) Attack using Invoice Checksum. Proceedings of the 2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C), Macau, China.","DOI":"10.1109\/QRS-C51114.2020.00036"},{"key":"ref_25","unstructured":"S\u00e4r\u00f6kaari, N. (2020). Phishing Attacks and Mitigation Tactics. [Master\u2019s Thesis, University of Jyv\u00e4skyl\u00e4]. Available online: https:\/\/jyx.jyu.fi\/bitstream\/handle\/123456789\/72569\/1\/URN%3ANBN%3Afi%3Ajyu-202011116604.pdf."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1109\/MTS.2009.934159","article-title":"Keyloggers: Increasing threats to computer security and privacy","volume":"28","author":"Sagiroglu","year":"2009","journal-title":"IEEE Technol. Soc. Mag."},{"key":"ref_27","unstructured":"Boyd, I.M. (2021). The Fundamentals of Computer Hacking, SANS Institute."},{"key":"ref_28","unstructured":"Nisha, T.N., Bakari, D., and Shukla, C. (2021, January 4\u20135). Business E-mail Compromise\u2014Techniques and Countermeasures. Proceedings of the International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE) IEEE, Noida, India."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Atlam, H.F., and Oluwatimilehin, O. (2023). Business Email Compromise Phishing Detection Based on Machine Learning: A Systematic Literature Review. Electronics, 12.","DOI":"10.3390\/electronics12010042"},{"key":"ref_30","unstructured":"Cidon, A., Gavish, L., Bleier, I., Korshun, N., Schweighauser, M., and Tsitkin, A. (2019, January 14\u201316). High Precision Detection of Business Email Compromise. Proceedings of the 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, USA."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"143","DOI":"10.1016\/j.eswa.2018.05.031","article-title":"Novel Set of General Descriptive Features For Enhanced Detection of Malicious Emails Using Machine Learning Methods","volume":"110","author":"Cohen","year":"2018","journal-title":"Expert Syst. Appl."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Shamir, A., and Identity-Based Cryptosystems and Signature Schemes (2023, November 27). In Ibn Al-Haitham Journal for Pure and Applied Sciences (IHJPAS) Special Issue; 2021; Volume 2021, pp. 82\u201395. Available online: https:\/\/api.semanticscholar.org\/CorpusID:1402295.","DOI":"10.30526\/2021.IHICPAS.2655"},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"231","DOI":"10.1016\/j.procs.2018.10.176","article-title":"Design and Implementation of an End-to-End Web based Trusted Email System","volume":"141","author":"Sabir","year":"2018","journal-title":"Procedia Comput. Sci."},{"key":"ref_34","unstructured":"(2023, November 27). Mailvelope Inc. Available online: https:\/\/www.mailvelope.com\/en."},{"key":"ref_35","unstructured":"(2023, November 29). Secure Gmail Plugin. Available online: https:\/\/www.securegroup.com\/encryption\/."},{"key":"ref_36","unstructured":"Ruoti, S., Andersen, J., Zappala, D., and Seamons, K. (2015). Why Johnny still, still can\u2019t encrypt: Evaluating the usability of a modern PGP client. arXiv., Available online: https:\/\/api.semanticscholar.org\/CorpusID:5189682."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Ometov, A., Bezzateev, S., M\u00e4kitalo, N., Andreev, S., Mikkonen, T., and Koucheryavy, Y. (2018). Multi-Factor Authentication: A Survey. Cryptography, 2.","DOI":"10.3390\/cryptography2010001"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Papathanasaki, M., Maglaras, L., and Ayres, N. (2022). AI, Computer Science and Robotics Technology, IntechOpen.","DOI":"10.5772\/acrt.08"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"92","DOI":"10.1145\/2491533.2491553","article-title":"Distributing trusted third parties","volume":"44","year":"2013","journal-title":"SIGACT News"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"207","DOI":"10.1016\/j.cose.2012.11.006","article-title":"A universal system for fair non-repudiable certified e-mail without a trusted third party","volume":"32","author":"Paulin","year":"2013","journal-title":"Comput. Secur."},{"key":"ref_41","unstructured":"(2023, November 28). ProtonMail, Proton Technologies AG Plugin. Available online: https:\/\/protonmail.com\/."},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cose.2017.04.008","article-title":"PriviPK: Certificate-less and secure email communication","volume":"70","author":"AlSabah","year":"2017","journal-title":"Comput. Secur."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"1049","DOI":"10.1002\/(SICI)1097-024X(199910)29:12<1049::AID-SPE271>3.0.CO;2-1","article-title":"A proxy approach to e-mail security","volume":"29","author":"Brown","year":"1999","journal-title":"Softw.-Pract. Exp."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Jammalamadaka, R., Horst, T., Mehrotra, S., Seamons, K., and Venkatasubramanian, N. (2006, January 11\u201315). Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine. Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC), Miami Beach, FL, USA.","DOI":"10.1109\/ACSAC.2006.23"},{"key":"ref_45","first-page":"4","article-title":"Digital signature & encryption implementation for increasing authentication, integrity, security and data non-repudiation","volume":"4","author":"Nurhaida","year":"2017","journal-title":"Int. Res. J. Comput. Sci."},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Rai, A.K., Singh, M., Sudheendramouli, H.C., Panwar, V., Balaji, N.A., and Kukreti, R. (2023, January 25\u201326). Digital Signature for Content Authentication. Proceedings of the International Conference on Advances in Computing, Communication and Applied Informatics (ACCAI), Chennai, India.","DOI":"10.1109\/ACCAI58221.2023.10200472"},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1080\/19393555.2014.998843","article-title":"Digital Document Signing: Vulnerabilities and Solutions","volume":"24","author":"Lax","year":"2015","journal-title":"Inf. Secur. J. A Glob. Perspect."},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Kasodhan, R., and Gupta, N. (2019, January 27\u201329). A New Approach of Digital Signature Verification based on BioGamal Algorithm. Proceedings of the 3rd International Conference on Computing Methodologies and Communication (ICCMC), Erode, India.","DOI":"10.1109\/ICCMC.2019.8819710"},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"597","DOI":"10.1080\/07421222.2017.1334499","article-title":"Training to mitigate phishing attacks using mindfulness techniques","volume":"34","author":"Jensen","year":"2017","journal-title":"J. Manag. Inf. Syst."},{"key":"ref_50","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1016\/j.ijinfomgt.2004.10.004","article-title":"Email training significantly reduces email defects","volume":"25","author":"Burgess","year":"2005","journal-title":"Int. J. Inf. Manag."},{"key":"ref_51","unstructured":"(2023, November 02). HaveIBeenPwned (HIBP). Available online: https:\/\/haveibeenpwned.com."},{"key":"ref_52","unstructured":"(2023, October 20). DeHashed. Available online: https:\/\/www.dehashed.com."},{"key":"ref_53","unstructured":"Bazzell, M. (2016). Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information, CreateSpace Independent Publishing Platform. [3rd ed.]."},{"key":"ref_54","doi-asserted-by":"crossref","first-page":"188","DOI":"10.1109\/18.746787","article-title":"On the security of iterated message authentication codes","volume":"45","author":"Preneel","year":"1999","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_55","first-page":"42","article-title":"Mac based multicast source authentication: A survey","volume":"37","author":"Kaur","year":"2012","journal-title":"Int. J. Comput. Appl."},{"key":"ref_56","doi-asserted-by":"crossref","unstructured":"Ohta, K., and Matsui, M. (1993, January 22\u201326). Differential attack on message authentication codes. Proceedings of the Advances in Cryptology\u2014CRYPTO \u201993: 13th Annual International Cryptology Conference, Santa Barbara, CA, USA.","DOI":"10.1007\/3-540-48329-2_18"},{"key":"ref_57","first-page":"258","article-title":"A Survey on QR Codes: In context of Research and Application","volume":"4","author":"Pandya","year":"2014","journal-title":"Int. J. Emerg. Technol. Adv. Eng."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/5\/1676\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T14:09:20Z","timestamp":1760105360000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/5\/1676"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,5]]},"references-count":57,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2024,3]]}},"alternative-id":["s24051676"],"URL":"https:\/\/doi.org\/10.3390\/s24051676","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,3,5]]}}}