Rahayu Ahmad,Ramayah Thurasamy

DOI: https://doi.org/10.13052/jcsm2245-1439.1133

2022-06-17

Journal of Cyber Security and Mobility

Abstract:Cybercrimes are increasing at an alarming rate and cause detrimental effects to the victims. Routine Activity Theory (RAT) is commonly used to understand the factors influencing cybercrime victimization. However, there have been inconsistent findings on the applicability of RAT theory. This study performs a Systematic Literature Review analysis to consolidate and provide a coherent analysis of the related studies employing RAT theory for cybercrime victimization. The articles were also differentiated based on the cybercrimes topologies being investigated; (a) cybercrime dependent (hacking and malware) and (b) cybercrime enabled (phishing, fraud and identity theft). The findings suggest that a refined specification and operationalization of RAT’S construct tailoring to the types of cybercrimes can arguably yield more accurate application and interpretation of RAT Theory in cybercrimes. Consequently, this will address the inaccurate measurement issues of some of the RATS’s constructs, leading to inconclusive effects on cybercrime victimization. In addition, there is a need for more longitudinal studies to disentangle the effect of RAT’s construct during pre and post cybercrimes. Security advocates can apply the findings of this research to formulate relevant cybercrime awareness programs. The findings also shed some insights into which groups should be targeted for different cybercrime educational and awareness programs. This study can increase the awareness among citizens in terms of their online activities, their attributes and the types of protection from becoming cybercrime victims.

Chris Stiff,Meike Reeves

DOI: https://doi.org/10.1080/00223980.2023.2286451

Abstract:Cybercrime is a growing problem, with increasing numbers of people reporting they have been a victim. However, the literature has tended to focus on the characteristics of the perpetrator and has often neglected to examine how the individual differences of victims may have an impact. This paper investigates how the Dark Triad - Machiavellianism, narcissism, and psychopathy - may increase the chances of being a victim of online crime. To do this, the Cyber Routine Activities Theory was applied, which suggests victimization is a result of two things: 1) a user's routine online activity which may bring them into contact with nefarious others and/or makes them an attractive target, and 2) the lack of a "capable guardian" who can defend against such nefarious others. Using an online survey (N = 328), we measured Internet users' Dark Triad traits, along with their engagement in various online activities and the preventative measures used against potential criminals. Findings demonstrated that narcissism and psychopathy increased the likelihood of victimization, but Machiavellianism did not. These relationships were moderated by gender. However, contrary to other work using the Cyber-RAT, preventative measures (e.g. knowledge of computers, presence of anti-virus programs) did not seem to impact on the likelihood of victimization. The challenges of using these findings to reduce cybercrime and future work are then discussed.

Sebastian Wachs,Anna Michelsen,Michelle F Wright,Manuel Gámez-Guadix,Carmen Almendros,Yeji Kwon,Eun-Yeong Na,Ruthaychonnee Sittichai,Ritu Singh,Ramakrishna Biswal,Anke Görzig,Takuya Yanagida

DOI: https://doi.org/10.1089/cyber.2019.0426

Abstract:Little attention has been given academically to empirically tested theoretical frameworks that aim at measuring the risk of adolescents falling victim to cybergrooming. To this end, we have applied the routine activity theory (RAT) to investigate whether exposure to motivated offenders (PC/laptop ownership and Internet access in one's own bedroom), capable guardianship (parental mediation strategies of Internet use), and target suitability (adolescents' online disclosure of private information) might predict cybergrooming victimization among adolescents. Using data from a cross-sectional survey of 5,938 adolescents from Germany, India, South Korea, Spain, Thailand, and the United States, ranging in age from 12 to 18 (M = 14.77, SD = 1.60), we found that PC/laptop ownership and Internet access in one's own bedroom, parental mediation, and online disclosure are all directly associated with cybergrooming victimization. Although instructive parental mediation is negatively related to online disclosure and cybergrooming victimization, restrictive mediation is positively related to both. In addition, online disclosure partially mediated the relationship between parental mediation and cybergrooming victimization. The analyses confirm the effectiveness of applying RAT to cybergrooming. Moreover, this study highlights the need for prevention programs, including lessons on age-appropriate information and communication technology usage and access, to educate parents on using instructive strategies of Internet mediation, and inform adolescents about how to avoid disclosing too much private information online. RAT could function as a theoretical framework for these programs.

James Hawdon,Katalin Parti,Thomas E Dearden

DOI: https://doi.org/10.1007/s12103-020-09534-4

Abstract:The COVID-19 pandemic has radically altered life, killing hundreds of thousands of people and leading many countries to issue "stay-at-home" orders to contain the virus's spread. Based on insights from routine activity theory (Cohen & Felson 1979), it is likely that COVID-19 will influence victimization rates as people alter their routines and spend more time at home and less time in public. Yet, the pandemic may affect victimization differently depending on the type of crime as street crimes appear to be decreasing while domestic crimes may be increasing. We consider a third type of crime: cybercrime. Treating the pandemic as a natural experiment, we investigate how the pandemic has affected rates of cybervictimization. We compare pre-pandemic rates of victimization with post-pandemic rates of victimization using datasets designed to track cybercrime. After considering how the pandemic may alter routines and affect cybervictimization, we find that the pandemic has not radically altered cyberroutines nor changed cybervictimization rates. However, a model using routine activity theory to predict cybervictimization offers clear support for the theory's efficacy both before and after the pandemic. We conclude by considering plausible explanations for our findings.

Eric Rutger Leukfeldt

DOI: https://doi.org/10.48550/arXiv.1506.00769

2015-06-02

Abstract:This paper compares the risk factors for becoming a victim of two types of phishing: high-tech phishing (using malicious software) and low-tech phishing (using e-mails and telephone calls). These risk factors are linked to possibilities for situational crime prevention. Data from a cybercrime victim survey in the Netherlands (n=10,316) is used. Based on routine activity theory, the multivariate analyses include thirty variables. The findings show situational crime prevention has to be aimed at groups other than just the users themselves. Criminals are primarily interested in popular online places and the onus is on the owners of these virtual places to protect their visitors from getting infected.

Computers and Society

E Rutger Leukfeldt

DOI: https://doi.org/10.1089/cyber.2014.0008

Abstract:This article investigates phishing victims, especially the increased or decreased risk of victimization, using data from a cybercrime victim survey in the Netherlands (n=10,316). Routine activity theory provides the theoretical perspective. According to routine activity theory, several factors influence the risk of victimization. A multivariate analysis was conducted to assess which factors actually lead to increased risk of victimization. The model included background and financial data of victims, their Internet activities, and the degree to which they were "digitally accessible" to an offender. The analysis showed that personal background and financial characteristics play no role in phishing victimization. Among eight Internet activities, only "targeted browsing" led to increased risk. As for accessibility, using popular operating systems and web browsers does not lead to greater risk, while having up-to-date antivirus software as a technically capable guardian has no effect. The analysis showed no one, clearly defined group has an increased chance of becoming a victim. Target hardening may help, but opportunities for prevention campaigns aimed at a specific target group or dangerous online activities are limited. Therefore, situational crime prevention will have to come from a different angle. Banks could play the role of capable guardian.

Maria Bada,Jason R. C. Nurse

DOI: https://doi.org/10.48550/arXiv.2308.15948

2023-08-30

Cryptography and Security

Abstract:While modern society benefits from a range of technological advancements, it also is exposed to an ever-increasing set of cybersecurity threats. These affect all areas of life including business, government, and individuals. To complement technology solutions to this problem, it is crucial to understand more about cybercriminal perpetrators themselves, their use of technology, psychological aspects, and profiles. This is a topic that has received little socio-technical research emphasis in the technology community, has few concrete research findings, and is thus a prime area for development. The aim of this article is to explore cybercriminal activities and behavior from a psychology and human aspects perspective, through a series of notable case studies. We examine motivations, psychological and other interdisciplinary concepts as they may impact/influence cybercriminal activities. We expect this paper to be of value and particularly insightful for those studying technology, psychology, and criminology, with a focus on cybersecurity and cybercrime.

Kai Lin,Yuning Wu,Ivan Y Sun,Jia Qu

DOI: https://doi.org/10.1177/17488958221146144

2023-01-06

Abstract:Criminology &Criminal Justice, Ahead of Print. Analyzing survey data from 1037 college students in China, a country with the world's largest number of Internet users and the world's largest e-commerce market, the current study demonstrates that consistent with previous research, some routine telecom/cyber activities of Chinese college students predict higher odds of being targeted for telecom/cyber fraud, but online routines do not seem to predict the odds of completed victimization resulting in a financial loss. In contrast, the perceived presence of effective formal guardianship and target suitability exert a greater influence. These findings suggest that those previously and commonly used measures of routine activity theory are better suited for explaining attempted telecom/cyber fraud victimization, whereas completed victimization is chiefly predicted by target suitability such as risky/deviant online behaviors and low self-control.

criminology & penology

Marshall S. Rich

DOI: https://doi.org/10.3390/analytics2030035

2023-08-11

Analytics

Abstract:The rapid proliferation of cyberthreats necessitates a robust understanding of their evolution and associated tactics, as found in this study. A longitudinal analysis of these threats was conducted, utilizing a six-year data set obtained from a deception network, which emphasized its significance in the study’s primary aim: the exhaustive exploration of the tactics and strategies utilized by cybercriminals and how these tactics and techniques evolved in sophistication and target specificity over time. Different cyberattack instances were dissected and interpreted, with the patterns behind target selection shown. The focus was on unveiling patterns behind target selection and highlighting recurring techniques and emerging trends. The study’s methodological design incorporated data preprocessing, exploratory data analysis, clustering and anomaly detection, temporal analysis, and cross-referencing. The validation process underscored the reliability and robustness of the findings, providing evidence of increasingly sophisticated, targeted cyberattacks. The work identified three distinct network traffic behavior clusters and temporal attack patterns. A validated scoring mechanism provided a benchmark for network anomalies, applicable for predictive analysis and facilitating comparative study of network behaviors. This benchmarking aids organizations in proactively identifying and responding to potential threats. The study significantly contributed to the cybersecurity discourse, offering insights that could guide the development of more effective defense strategies. The need for further investigation into the nature of detected anomalies was acknowledged, advocating for continuous research and proactive defense strategies in the face of the constantly evolving landscape of cyberthreats.

Kenneth David Strang

DOI: https://doi.org/10.3390/bdcc8040037

2024-03-29

Big Data and Cognitive Computing

Abstract:A critical worldwide problem is that ransomware cyberattacks can be costly to organizations. Moreover, accidental employee cybercrime risk can be challenging to prevent, even by leveraging advanced computer science techniques. This exploratory project used a novel cognitive computing design with detailed explanations of the action-research case-study methodology and customized machine learning (ML) techniques, supplemented by a workflow diagram. The ML techniques included language preprocessing, normalization, tokenization, keyword association analytics, learning tree analysis, credibility/reliability/validity checks, heatmaps, and scatter plots. The author analyzed over 8 GB of employee behavior big data from a multinational Fintech company global intranet. The five-factor personality theory (FFPT) from the psychology discipline was integrated into semi-supervised ML to classify retrospective employee behavior and then identify cybercrime risk. Higher levels of employee neuroticism were associated with a greater organizational cybercrime risk, corroborating the findings in empirical publications. In stark contrast to the literature, an openness to new experiences was inversely related to cybercrime risk. The other FFPT factors, conscientiousness, agreeableness, and extroversion, had no informative association with cybercrime risk. This study introduced an interdisciplinary paradigm shift for big data cognitive computing by illustrating how to integrate a proven scientific construct into ML—personality theory from the psychology discipline—to analyze human behavior using a retrospective big data collection approach that was asserted to be more efficient, reliable, and valid as compared to traditional methods like surveys or interviews.

English Else

Ronan Mouchoux,François Moerman

2024-08-01

Abstract:This study unveils the elusive presence of criminal signatures in cyberspace, validating for the first time their existence through statistical evidence. By applying the A priori algorithm to the modus operandi of Advanced Persistent Threats, extracted from an extensive corpus of over 17,000 articles spanning 2007 to 2020, we highlight the enduring patterns leveraged by sophisticated cyber criminals. Our findings verify the existence of unique signatures associated with advanced cybercriminals, bridging a crucial gap in current understanding of human behavior in cyber-attacks. This pivotal research sets the foundation for an entirely new academic intersection in cybersecurity and computational criminology.

Cryptography and Security

Jonathan W. Z. Lim,Vrizlynn L. L. Thing

DOI: https://doi.org/10.48550/arXiv.2211.09524

2022-11-17

Abstract:Cybercrimes are on the rise, in part due to technological advancements, as well as increased avenues of exploitation. Sophisticated threat actors are leveraging on such advancements to execute their malicious intentions. The increase in cybercrimes is prevalent, and it seems unlikely that they can be easily eradicated. A more serious concern is that the community may come to accept the notion that this will become the trend. As such, the key question revolves around how we can reduce cybercrime in this evolving landscape. In our paper, we propose to build a systematic framework through the lens of a cyber threat actor. We explore the motivation factors behind the crimes and the crime stages of the threat actors. We then formulate intervention plans so as to discourage the act of committing malicious cyber activities and also aim to integrate ex-cyber offenders back into society.

Cryptography and Security,Computers and Society

Zarina I. Vakhitova,Clair L. Alston-Knox,Ellen Reeves,Rob I. Mawby

DOI: https://doi.org/10.1080/01639625.2021.1921558

2021-06-09

Deviant Behavior

Abstract:Crime and deviance can have a significant and long-lasting effect on victims. While the literature on victim impact from traditional types of crime like robbery or assault is well established, much smaller scholarship examines the impact of online forms of deviance with only a handful of studies focusing on the experiences of adult victims. The current paper analyses the data from a sample of the U.S. adults (N= 746) using mixed methods to examine the perceived impact from different types of cyber abuse. A thematic analysis of open-ended responses identified five main types of victim impact: psychological, emotional, social, financial and positive. We also found that females, victims, who were abused by someone they knew, and who experienced multiple methods of abuse tended to experience higher impact. Besides, some methods of abuse appeared to affect victims more than others. Findings from this study contribute to our understanding of cyber abuse as a type of deviant behavior and help inform policy responses to the needs of cyber abuse victims.

sociology,criminology & penology,psychology, social

Steve G.A. van de Weijer,Rutger Leukfeldt,Wim Bernasco

DOI: https://doi.org/10.1177/1477370818773610

2018-05-19

European Journal of Criminology

Abstract:Although the prevalence of cybercrime has increased rapidly, most victims do not report these offenses to the police. This is the first study that compares associations between victim characteristics and crime reporting behavior for traditional crimes versus cybercrimes. Data from four waves of a Dutch cross-sectional population survey are used ( N = 97,186 victims). Results show that cybercrimes are among the least reported types of crime. Moreover, the determinants of crime reporting differ between traditional crimes and cybercrimes, between different types of cybercrime (that is, identity theft, consumer fraud, hacking), and between reporting cybercrimes to the police and to other organizations. Implications for future research and practice are discussed.

criminology & penology

Jack Hughes,Sergio Pastrana,Alice Hutchings,Sadia Afroz,Sagar Samtani,Weifeng Li,Ericsson Santana Marin

DOI: https://doi.org/10.1145/3639362

IF: 16.6

2024-02-24

ACM Computing Surveys

Abstract:In the last decade, cybercrime has risen considerably. One key factor is the proliferation of online cybercrime communities, where actors trade products and services, and also learn from each other. Accordingly, understanding the operation and behavior of these communities is of great interest, and they have been explored across multiple disciplines with different, often quite novel, approaches. This survey explores the challenges inherent to the field and the methodological approaches researchers used to understand this space. We note that, in many cases, cybercrime research is more of an art than a science. We highlight the good practices and propose a list of recommendations for future cybercrime community scholars, including taking steps to verify and validate results, establishing privacy and ethical research practices, and mitigating the challenge of ground truth data.

computer science, theory & methods

Aikins Amoako Asiama,Hua Zhong

DOI: https://doi.org/10.1080/23311886.2022.2029249

2022-02-05

Cogent Social Sciences

Abstract:A victim’s decision to report the incidence of crime to the police is a significant determinant in the fight against dark figures in official crime data. When victims decline to disclose crimes to the police, the criminal justice system’s capabilities are severely undermined, and one of its most vital functions (to deter crime) is undermined. However, not reporting an incidence of crime to the police is subjective decision victims mostly make based on personal analysis of “cost” and “benefits” associated with such report. Therefore, to understand victims’ rational decisions in crime reporting, binary logistic regression is used to predict the likelihood of reporting the incident of crime to the police using the assumptions of rational choice theory, and data from National Crime Panel Victimization Data (2018). The findings of the study showed that victims would be willing to report the incidence of a crime if they can recognize the identity of the offender and if such crimes are considered serious/dangerous. Victims may feel danger in situations like this and be “compelled” to report the crime to the police because of the high cost associated with not reporting. However, not when the same crime is committed repeatedly.

Konstantinos Mersinas,Aimee Liu,Niki Panteli

2024-11-05

Abstract:Cybercriminal profiling and cyber-attack attribution have been elusive goals world-wide, due to their effects on societal and geopolitical balance and stability. Attributing actions to a group or state is a complex endeavour, with traditional established approaches including cyber threat intelligence and analysis of technical means such as malware analysis, network forensics and geopolitical intelligence. However, we propose an additional component for profiling threat actor groups through analysing cultural aspects of human behaviours and interactions. We utilise a set of variables which determine characteristics of national and organisational culture to create a cultural "footprint" of cybercriminal groups. As a case study, we conduct thematic analysis across the six dimensions of the Hofstede national culture classification and the eight dimensions of the Meyer classification on leaked internal communications of the ransomware group Conti. We propose that a systematic analysis of similar communications can serve as a practical tool for a) understanding the modus operandi of cybercrime and cyberwarfare-related groups, and b) profiling cybercriminal groups and/or nation-state actors. Insights from such applications can, first, assist in combating cybercrime and, second, if combined with additional cyber threat intelligence, can provide a level of confidence in nuanced cyber-attack attribution processes.

Cryptography and Security

Kaylea Champion

DOI: https://doi.org/10.1145/3400806.3400813

2020-07-05

Abstract:What factors influence the decision to vandalize? Although the harm is clear, the benefit to the vandal is less clear. In many cases, the thing being damaged may itself be something the vandal uses or enjoys. Vandalism holds communicative value: perhaps to the vandal themselves, to some audience at whom the vandalism is aimed, and to the general public. Viewing vandals as rational community participants despite their antinormative behavior offers the possibility of engaging with or countering their choices in novel ways. Rational choice theory (RCT) as applied in value expectancy theory (VET) offers a strategy for characterizing behaviors in a framework of rational choices, and begins with the supposition that subject to some weighting of personal preferences and constraints, individuals maximize their own utility by committing acts of vandalism. This study applies the framework of RCT and VET to gain insight into vandals' preferences and constraints. Using a mixed-methods analysis of Wikipedia, I combine social computing and criminological perspectives on vandalism to propose an ontology of vandalism for online content communities. I use this ontology to categorize 141 instances of vandalism and find that the character of vandalistic acts varies by vandals' relative identifiability, policy history with Wikipedia, and the effort required to vandalize.

Social and Information Networks,Computers and Society,Human-Computer Interaction

Marten de Bruin,Konstantinos Mersinas

2024-05-29

Abstract:Cyber security incidents are increasing and humans play an important role in reducing their likelihood and impact. We identify a skewed focus towards technical aspects of cyber security in the literature, whereas factors influencing the secure behaviour of individuals require additional research. These factors span across both the individual level and the contextual level in which the people are situated. We analyse two datasets of a total of 37,075 records from a) self-reported security behaviours across the EU, and b) observed phishing-related behaviours from the industry security awareness training programmes. We identify that national culture, industry type, and organisational security culture play are influential Variables (antecedents) of individuals' security behaviour at contextual level. Whereas, demographics (age, gender, and level or urbanisation) and security-specific factors (security awareness, security knowledge, and prior experience with security incidents) are found to be influential variables of security behaviour at individual level. Our findings have implications for both research and practice as they fill a gap in the literature and provide concrete statistical evidence on the variables which influence security behaviour. Moreover, findings provides practical insights for organisations regarding the susceptibility of groups of people to insecure behaviour. Consequently, organisations can tailor their security training and awareness efforts (e.g., through behaviour change interventions and/or appropriate employee group profiles), adapt their communications (e.g., of information security policies), and customise their interventions according to national culture characteristics to improve security behaviour.

Cryptography and Security

Lies De Kimpe,Koen Ponnet,Michel Walrave,Thom Snaphaan,Lieven Pauwels,Wim Hardyns

DOI: https://doi.org/10.1016/j.chb.2020.106310

IF: 9.9

2020-07-01

Computers in Human Behavior

Abstract:An important portion of internet users have faced cybercrime in recent years. One successful strategy for dealing with cybercrime victimization is to seek social support. However, previous studies showed that only a limited number of victims reaches out to family or friends to ask for help after a cybercrime incident. The current study sought to gain a better understanding of victims' social support seeking by exploring its antecedents. Specifically, the study took into account the role of (1) perception (i.e., perceived severity and perceived control), (2) primary responses (i.e., self-blame and denial), and (3) social capital (i.e., available [trusted] connections). Moreover, we explored the link between fear of cybercrime and these antecedents. Data collected from 334 cybercrime victims were analyzed using structural equation modeling. The findings indicated that victims with high perceived control and who ignore the incident, are less inclined to ask for help. Surprisingly, victims with high levels of self-blame are more likely to seek support. Moreover, we found that fear of crime is significantly related with perception and self-blame. Future awareness campaigns should stress that support seeking is part of the solution and should avoid placing the responsibility of victimization completely on the victim.

psychology, multidisciplinary, experimental