Exploring the human factor in cyber-enabled and cyber-dependent crime victimisation: a lifestyle routine activities approach

Purpose: The purpose of this study was to explore human factors as the possible facilitator of cyber-dependent (hacking and malware infection) and cyber-enabled (phishing) crimes victimisation and to test the applicability of lifestyle routine activities theory (LRAT) to cybercrime victimisation. Design/methodology/approach: A mixed methods research paradigm was applied to address the research questions and aims. The data set of Crime Survey of England and Wales (CSEW) 2014/2015 and 42 semi-structured interviews conducted with victims of cybercrime and non-victim control group participants were analysed via binary logistic regression and content analyses methods. Findings: This research illustrated that Internet users facilitated their victimisation through their online activities. Additionally, using insecure Internet connections and public access computers emerged as risk factors for both cyber-enabled and cyber-dependent crime victimisation. Voluntary and involuntary personal information disclosure through social networking sites and online advertisement websites increased the likelihood of being a target of phishing. Deviant online activities such as free streaming or peer-to-peer sharing emerged to increase the risk of cyber-dependent crime victimisation. Research limitations/implications: The binary logistic regression analysis results suggested LRAT as a more suitable theoretical framework for cyber-dependent crime victimisation. Future research may test this result with models including more macro variables. Practical implications: Policymakers may consider implementing regulations regarding limiting the type of information required to login to free Wi-Fi connections. Checking trust signs and green padlocks may be effective safeguarding measures to lessen the adverse impacts of impulsive buying. Originality/value: This study empirically illustrated that, besides individual-level factors, macro-level factors such as electronic devices being utilised to access the Internet and data breaches of large companies also increased the likelihood of becoming the victim of cyber-enabled and cyber-dependent crime.

[1]  HeYing,et al.  Human behaviour as an aspect of cybersecurity assurance , 2016 .

[2]  James R. Kluegel,et al.  Social Inequality and Predatory Criminal Victimization: An Exposition and Test of a Formal Theory , 1981 .

[3]  Bo Dai,et al.  THE IMPACT OF ONLINE SHOPPING EXPERIENCE ON RISK PERCEPTIONS AND ONLINE PURCHASE INTENTIONS : DOES PRODUCT CATEGORY MATTER ? , 2014 .

[4]  Wouter Joosen,et al.  It's Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services , 2016, NDSS.

[5]  M. David Sharing: post-scarcity beyond capitalism? , 2017 .

[6]  A. Onwuegbuzie,et al.  Toward a Definition of Mixed Methods Research , 2007 .

[7]  Andy Dale Handbook of Crime Prevention and Community Safety , 2008 .

[8]  J. V. Wilsem,et al.  Hacking and Harassment—Do They Have Something in Common? Comparing Risk Factors for Online Victimization , 2013 .

[9]  Kyung-shick Choi,et al.  Demographic variables and risk factors in computer-crime: an empirical assessment , 2015, Cluster Computing.

[10]  Bradford W Reyns,et al.  Online Routines and Identity Theft Victimization , 2013 .

[11]  D. Wong The EPL drama – paving the way for more illegal streaming? Digital piracy of live sports broadcasts in Singapore , 2016 .

[12]  Michael D. Reisig,et al.  Routine Online Activity and Internet Fraud Targeting: Extending the Generality of Routine Activity Theory , 2010 .

[13]  Terance D. Miethe,et al.  Understanding Theories of Criminal Victimization , 1993, Crime and Justice.

[14]  Richard Ford,et al.  On the definition and classification of cybercrime , 2006, Journal in Computer Virology.

[15]  D. Wall Cybercrimes and the Internet , 2001 .

[16]  David S. Wall Criminalising cyberspace: the rise of the Internet as a ‘crime problem’ , 2013 .

[17]  M. Williams,et al.  The implications of economic cybercrime for policing , 2016 .

[18]  David S. Wall,et al.  The Internet as a Conduit for Criminal Activity , 2015 .

[19]  S. Furnell,et al.  The challenge of measuring cyber-dependent crimes , 2015 .

[20]  Lawrence Ryz,et al.  A new era in data protection , 2016 .

[21]  Michael R. Gottfredson,et al.  Victims of Personal Crime: An Empirical Foundation for a Theory of Personal Victimization , 1977 .

[22]  Hsiu-Fang Hsieh,et al.  Three Approaches to Qualitative Content Analysis , 2005, Qualitative health research.

[23]  Terance D. Miethe,et al.  Contextual Effects in Models of Criminal Victimization , 1993 .

[24]  Andrew Karmen,et al.  Crime Victims: An Introduction to Victimology , 1984 .

[25]  Benoît Dupont,et al.  The Human Factor of Cybercrime , 2019, Social Science Computer Review.

[26]  Leandros A. Maglaras,et al.  Human behaviour as an aspect of cybersecurity assurance , 2016, Secur. Commun. Networks.

[27]  Catherine D. Marcum,et al.  Potential Factors of Online Victimization of Youth: An Examination of Adolescent Online Behaviors Utilizing Routine Activity Theory , 2010 .

[28]  Mike Halsey,et al.  Windows Virus and Malware Troubleshooting , 2017 .

[29]  John E. Eck,et al.  EXAMINING ROUTINE ACTIVITY THEORY: A REVIEW OF TWO BOOKS , 1995 .

[30]  J. V. Wilsem,et al.  Worlds tied together? Online and non-domestic routine activities and their impact on digital and traditional threat victimization , 2011 .

[31]  M. David,et al.  The Challenge of Unauthorized Online Streaming to the English Premier League and Television Broadcasters , 2013 .

[32]  Michael D. Reisig,et al.  Perceived Risk of Internet Theft Victimization , 2009 .

[33]  Christiane,et al.  World Medical Association Declaration of Helsinki: ethical principles for medical research involving human subjects. , 2004, Journal international de bioethique = International journal of bioethics.

[34]  Johnny Saldaña,et al.  The Coding Manual for Qualitative Researchers , 2009 .

[35]  J. M. Miller,et al.  21st century criminology : a reference handbook , 2009 .

[36]  Jo Bryce,et al.  The role of disclosure of personal information in the evaluation of risk and trust in young peoples' online interactions , 2014, Comput. Hum. Behav..

[37]  Andrea Back,et al.  The dark side of social networking sites: Understanding phishing risks , 2016, Comput. Hum. Behav..

[38]  Rebecca M. Walsh,et al.  Self-disclosure on social media: The role of perceived network responsiveness , 2020, Comput. Hum. Behav..

[39]  Adam N. Joinson,et al.  Individual differences in susceptibility to online influence: A theoretical review , 2017, Comput. Hum. Behav..

[40]  T. Holt,et al.  Transferring Subcultural Knowledge On-Line: Practices and Beliefs of Persistent Digital Pirates , 2010 .

[41]  Thomas J. Holt,et al.  Examining the Relationship Between Routine Activities and Malware Infection Indicators , 2013 .

[42]  Terance D. Miethe,et al.  Opportunity, Choice, and Criminal Victimization: A Test of a Theoretical Model , 1990 .

[43]  Christopher E. Beaudoin,et al.  Securing online privacy: An empirical test on Internet scam victimization, online privacy concerns, and privacy protection behaviors , 2017, Comput. Hum. Behav..

[44]  Ryan T. Wright,et al.  Research Note - Influence Techniques in Phishing Attacks: An Examination of Vulnerability and Resistance , 2014, Inf. Syst. Res..

[45]  T. Pratt,et al.  Lifestyle and Routine Activity Theories Revisited: The Importance of “Risk” to the Study of Victimization , 2016 .

[46]  Matthew B. Miles,et al.  Qualitative Data Analysis: An Expanded Sourcebook , 1994 .

[47]  David Finkelhor,et al.  Risk Factors for Youth Victimization: Beyond a Lifestyles/Routine Activities Theory Approach , 1996, Violence and Victims.

[48]  Nasir D. Memon,et al.  Phishing, Personality Traits and Facebook , 2013, ArXiv.

[49]  Michael Workman,et al.  Wisecrackers: A theory-grounded investigation of phishing and pretext social engineering threats to information security , 2008, J. Assoc. Inf. Sci. Technol..

[50]  Alan Wright,et al.  Information Technology and the Criminal Justice System , 2007 .

[51]  B. B. Gupta,et al.  A Survey of Phishing Email Filtering Techniques , 2013, IEEE Communications Surveys & Tutorials.

[52]  Alice Hutchings,et al.  Crime from the keyboard: organised cybercrime, co-offending, initiation and knowledge transmission , 2014, Crime, Law and Social Change.

[53]  Alice Hutchings,et al.  Hacking and Fraud: Qualitative Analysis of Online Offending and Victimization , 2013 .

[54]  Hudson Ayers,et al.  The Price of Free Illegal Live Streaming Services , 2019, ArXiv.

[55]  E. R. Leukfeldt,et al.  Comparing Victims of Phishing and Malware Attacks: Unraveling Risk Factors and Possibilities for Situational Crime Prevention , 2015, ArXiv.

[56]  Matt R. Nobles,et al.  A Gendered Lifestyle-Routine Activity Approach to Explaining Stalking Victimization in Canada , 2016, Journal of interpersonal violence.

[57]  Pamela Wilcox,et al.  The Effects of School Crime Prevention on Students’ Violent Victimization, Risk Perception, and Fear of Crime: A Multilevel Opportunity Perspective , 2011 .

[58]  B. Koops The Internet and its Opportunities for Cybercrime , 2010 .

[59]  Lawrence E. Cohen,et al.  Social Change and Crime Rate Trends: A Routine Activity Approach , 1979 .

[60]  Fawn T. Ngo,et al.  Cybercrime Victimization: An Examination of Individual and Situational Level Factors , 2011 .

[61]  Max Landman Managing smart phone security risks , 2010, InfoSecCD.

[62]  Zach W. Y. Lee,et al.  Self-disclosure in social networking sites: The role of perceived cost, perceived benefits and social influence , 2015, Internet Res..

[63]  Danielle M. Reynald,et al.  Toward the Adaptation of Routine Activity and Lifestyle Exposure Theories to Account for Cyber Abuse Victimization , 2016 .

[64]  T. Holt,et al.  Cybercrime in Progress: Theory and prevention of technology-enabled offenses , 2015 .

[65]  Gina Rosa Wollinger,et al.  Cyber-Dependent Crime Victimization: The Same Risk for Everyone? , 2017, Cyberpsychology Behav. Soc. Netw..

[66]  Michael Levi,et al.  Assessing the trends, scale and nature of economic cybercrimes: overview and Issues , 2016, Crime, Law and Social Change.

[67]  Bradford W Reyns,et al.  A routine activity perspective on online victimisation: Results from the Canadian General Social Survey , 2015 .

[68]  B. Payne,et al.  Can You Hear Me Now? Telemarketing Fraud Victimization and Lifestyles , 2015 .

[69]  R. Leukfeldt,et al.  Phishing and Malware Attacks on Online Banking Customers in the Netherlands: A Qualitative Analysis of Factors Leading to Victimization , 2016 .

[70]  M. N. Al-Ameen,et al.  Understanding Users ’ Decision of Clicking on Posts in Facebook with Implications for Phishing , 2018 .

[71]  Amalia R. Miller,et al.  Frontiers of Health Policy: Digital Data and Personalized Medicine , 2017, Innovation Policy and the Economy.

[72]  E. R. Leukfeldt,et al.  How people help fraudsters steal their money: an analysis of 600 online banking fraud cases , 2015, 2015 Workshop on Socio-Technical Aspects in Security and Trust.

[73]  Guofei Gu,et al.  Shadow attacks: automatically evading system-call-behavior based malware detection , 2011, Journal in Computer Virology.

[74]  Wesley G. Jennings,et al.  Low self-control and cybercrime: Exploring the utility of the general theory of crime beyond digital piracy , 2014, Comput. Hum. Behav..

[75]  Bradford W Reyns,et al.  The Thief With a Thousand Faces and the Victim With None , 2016, International journal of offender therapy and comparative criminology.

[76]  Kathleen A. Fox,et al.  Fear of Property Crime: Examining the Effects of Victimization, Vicarious Victimization, and Perceived Risk , 2011, Violence and Victims.

[77]  Steve Watts Secure authentication is the only solution for vulnerable public wifi , 2016 .

[78]  E. Rutger Leukfeldt,et al.  Phishing for Suitable Targets in The Netherlands: Routine Activity Theory and Phishing Victimization , 2014, Cyberpsychology Behav. Soc. Netw..

[79]  Johan van Wilsem,et al.  ‘Bought it, but Never Got it’ Assessing Risk Factors for Online Consumer Fraud Victimization , 2013 .

[80]  E. R. Leukfeldt,et al.  Applying Routine Activity Theory to Cybercrime: A Theoretical and Empirical Analysis , 2016 .

[81]  Christopher Schlembach,et al.  Frames of Fraud: A Qualitative Analysis of the Structure and Process of Victimization on the Internet , 2013 .

[82]  M. Williams,et al.  GUARDIANS UPON HIGH: AN APPLICATION OF ROUTINE ACTIVITIES THEORY TO ONLINE IDENTITY THEFT IN EUROPE AT THE COUNTRY AND INDIVIDUAL LEVEL , 2016 .

[83]  M. Benson,et al.  Fraud victimization: Risky business or just bad luck? , 1997 .

[84]  Audrey Guinchard,et al.  Cybercrime: The Transformation of Crime in the Information Age, 2nd edition, Cambridge: Polity (Outline of update) , 2007, SSRN Electronic Journal.

[85]  Oded Nov,et al.  Spear-Phishing in the Wild: A Real-World Study of Personality, Phishing Self-Efficacy and Vulnerability to Spear-Phishing Attacks , 2015 .

[86]  Martin Zimerman Protect your library's computers , 2010 .

[87]  Maurizio Tonellotto Crime and Victimization in Cyberspace , 2020 .

[88]  Richard Tewksbury,et al.  Comparing the Lifestyles of Victims, Offenders, and Victim-Offenders: A Routine Activity Theory Assessment of Similarities and Differences for Criminal Incident Participants , 2000 .

[89]  Norman W. H. Blaikie,et al.  Analyzing Quantitative Data: From Description to Explanation , 2000 .

[90]  Mahesh K. Nalla,et al.  The relationship between receiving phishing attempt and identity theft victimization in South Korea , 2015 .

[91]  Raymond Y. K. Lau,et al.  The outcome of online social interactions on Facebook pages: A study of user engagement behavior , 2019, Internet Res..

[92]  P. Grabosky Virtual Criminality: Old Wine in New Bottles? , 2001 .

[93]  Julio C. Hernandez-Castro,et al.  The first 10 years of the Trojan Horse defence , 2015 .

[94]  Thomas J. Holt,et al.  Testing an Integrated Self-Control and Routine Activities Framework to Examine Malware Infection Victimization , 2018, Social Science Computer Review.