skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


  • Home
  • Search Results
  • Page 1 of 1

Search for: All records

Creators/Authors contains: "Simpson, Geoffrey"

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

  1. ; (, Proceedings of the APWG Symposium on Electronic Crime Research)
    null (Ed.)
    We examine approximately nine months of data on losses from business email compromise (BEC) reported to the FBI’s Internet Crime Complaint Center in 2017. We describe the empirically observed loss distribution.We study differences in the amounts attempted stolen when the attacks were successful or not.We show that money stolen and transmitted internationally is less likely to be recovered. We also find, somewhat surprisingly, that illicit transfers to in-state banks are also more likely to succeed. Finally, we study state-level differences among BEC target selection and asset recovery. 
    more » « less
    Accepted Manuscript Full Text Available
  2. ; ; (, Proceedings of the APWG Symposium on Electronic Crime Research)
    null (Ed.)
    We identify over a quarter of a million domains used by medium and large companies within the .com registry. We find that for around 7% of these companies very similar domain names have been registered with character changes that are intended to be indistinguishable at a casual glance. These domains would be suitable for use in Business Email Compromise frauds. Using historical registration and name server data we identify the timing, rate, and movement of these look-alike domains over a ten year period. This allows us to identify clusters of registrations which are quite clearly malicious and show how the criminals have moved their activity over time in response to countermeasures. Although the malicious activity peaked in 2016, there is still sufficient ongoing activity to cause concern. 
    more » « less
    Accepted Manuscript Full Text Available