Content uploaded by Eric Rutger Leukfeldt
Author content
All content in this area was uploaded by Eric Rutger Leukfeldt on Jun 13, 2016
Content may be subject to copyright.
A preview of the PDF is not available
Phishing for Suitable Targets in The Netherlands: Routine Activity Theory and Phishing Victimization
Abstract
Abstract This article investigates phishing victims, especially the increased or decreased risk of victimization, using data from a cybercrime victim survey in the Netherlands (n=10,316). Routine activity theory provides the theoretical perspective. According to routine activity theory, several factors influence the risk of victimization. A multivariate analysis was conducted to assess which factors actually lead to increased risk of victimization. The model included background and financial data of victims, their Internet activities, and the degree to which they were "digitally accessible" to an offender. The analysis showed that personal background and financial characteristics play no role in phishing victimization. Among eight Internet activities, only "targeted browsing" led to increased risk. As for accessibility, using popular operating systems and web browsers does not lead to greater risk, while having up-to-date antivirus software as a technically capable guardian has no effect. The analysis showed no one, clearly defined group has an increased chance of becoming a victim. Target hardening may help, but opportunities for prevention campaigns aimed at a specific target group or dangerous online activities are limited. Therefore, situational crime prevention will have to come from a different angle. Banks could play the role of capable guardian.
... A fast-growing body of empirical research has examined the potential of the application of theories such as routine activity theory (RAT) (Cohen and Felson 1979) to explain different forms of cybercrime victimisation (e.g. victimisation from malware infection, phishing, consumer fraud, identity theft, cyber abuse, cyberstalking, and cyber harassment and other types of cybercrime (see, for example, Akdemir and Lawless 2020;Bossler and Holt 2009;Holt and Bossler 2008;Hutchings and Hayes 2009;Leukfeldt 2014;Leukfeldt and Yar 2016;Pratt et al. 2010;Reyns 2013;Reyns et al. 2011;Vakhitova and Reynald 2014;Vakhitova et al. 2019;van Wilsem 2011). ...
... The studies reviewed byLeukfeldt and Yar (2016) included: Holt (2009), Choi (2008),Holt and Bossler (2008),Hutchings and Hayes (2009),Leukfeldt (2014),Marcum et al. (2010),Ngo and Paternoster (2011),Pratt et al. (2010),Reyns et al. (2011), and van Wilsem (2011, 2013.2 The studies reviewed byVakhitova and Reynald (2014) included:Bossler et al. (2012),Holt and Bossler (2008),Marcum et al. (2010),Ngo andPaternoster (2011), andReyns et al. (2011). ...
Over the last few decades, the rise in internet usage has led to a transition from traditional crimes to cybercrimes. Using data from a sample of 749 Turkish women, the current study applies the routine activity theory (RAT) framework, focusing on target suitability conceptualised as VIVA (value, inertia, visibility, and accessibility), to cybercrime victimisation, including cyberstalking, computer hacking, and credit card identity theft. This study is the first to adopt this framework to understand the patterns of victimisation of Turkish women—university students. The findings indicate that RAT may be useful regardless of the geographic location of the victim; routine activities that are risky for one type of cybercrime may be harmless in relation to another; RAT could be helpful when examining cybercrime victimisation with a gendered lens.
... Concerning the relationship between phishing victimization risk and Internet routine activities, mixed results have been found. While some studies have pointed out a relation between the greater use of certain Internet routine activities and phishing victimization risk (e.g., Reyns et al., 2011;Reyns, 2015), others did not find such a relationship (e.g., Ngo and Paternoster, 2011;Leukfeldt, 2014). In fact, some evidence suggests that the more time individuals spend on the Internet, the higher their exposure to phishing attacks (Reyns et al., 2011). ...
... Another relevant study (Leukfeldt, 2014) with a total sample of 10.316 individuals, aimed to understand which factors lead to an increased risk of victimization and concluded that only surfing the Internet increased phishing victimization risk. No other activities showed a relationship with phishing susceptibility. ...
Phishing is a cybercrime in active growth that victimizes a large number of individuals and organizations.
To explore which individual and contextual factors predict phishing susceptibility, an online survey was developed, and participants were invited to participate through institutional email from the University of Porto and social networks. The total sample was constituted of 449 individuals.
Results showed that subjects that perceive to have phishing detection self-efficacy and those that have greater use of services in Internet routine activities were more susceptible to phishing. Technology competencies and other individual variables do not predict phishing susceptibility in our sample.
Furthermore, the majority of factors (individual and contextual) tested do not predict phishing susceptibility. So, more studies are needed to understand which factors influence this susceptibility, and regarding that how individuals can protect themselves.
Finally, potential applications of this research include replication in other countries/contexts, and/or the application of the survey together with other innovative tools.
... RAT has been mainly applied to explain crime victimization in general, and cybercrime victimization in particular (Yar, 2005;Reyns, 2013;Leukfeldt, 2014;Pyrooz et al., 2015), usually in combination with lifestyle exposure theory (Hindelang et al., 1978). ...
... One of the early works extending the concept of routine activities to study computer crime was carried out by Choi (2008), who found that some online activities, such as visiting unknown websites and downloading illegal videos and games, create a higher risk of victimization than other online activities, such as checking email or visiting online news channels. Other researchers have applied RAT to cybercrime, including online activities such as instant messaging and participation in chat rooms (Ngo et al., 2011) and social networking sites (Leukfeldt, 2014). Following these lines of work, we selected a set of classic online activities (see Appendix I) and classified them into more and less risky. ...
Use of computers and the Internet is an integral part of our lives, with business becoming more digital. As a result, individuals are using their home computers to perform diverse tasks and to store sensitive data. This paper investigates the relative efficacy of two strategies to protect home computers from security threats: security tools and security activities. For the analysis, we collected data from over 1900 individuals in Spain, following an approach combining self-reported data, via an online survey, with actual data collected directly from home users' computers. The main contribution of the paper is to provide a model, based on routine activity theory, explaining the role of security tools and security activities in protecting personal computers from malware infection, thus offering an in-depth understanding of users' security behavior. Using multivariate, logit and probit regressions, our study reveals that having security tools is positively related with higher risk activities and more infections, while pursuing security activities reduces malware infections. These results have important implications for policy makers and organizations, reinforcing the view that security tools are not sufficient to protect users from malware infection, and the need to develop security education and awareness programs for computer users.
... A growing body of research has investigated the role of routine activities to explain who is victimized online (e.g., Leukfeldt, 2014;Pratt et al., 2010;Reyns, 2013). In one of the earliest examinations, Reyns (2013) studied the correlates of identity theft victimization using a subsample of approximately 6,000 respondents from the 2008 to 2009 British Crime Survey. ...
... Users join SNSs for many purposes, ranging from building and maintaining relationships, socializing, and time-killing (Brandtzaeg & Heim, 2009) to entertaining, searching for information in various formats such as text, audio, or visual messages (Cappella & Li, 2023;Roslan et al., 2022) (Roslan et al., 2022), creating an ideal image (Dunne et al., 2010), or obtaining selfenhancement (Lin & Lu, 2011). Despite obvious and enormous advantages, SNSs have exposed undeniable negative influences and drawbacks (Baccarella et al., 2018;Fox & Moreland, 2015), such as physical and mental health problems (Das & Sahoo, 2011;Rajkarnikar & Shrestha, 2017), users' deviant behavior of users (Moreno et al., 2013;Vannucci et al., 2020), the spread of cyberhate messages (Lee-Won et al., 2021;Lee, 2021) and especially risks of cybercrime victimization (Kirwan et al., 2018;Lee et al., 2019;Leukfeldt, 2014). SNSs are assumed to provide a wide range of suitable conditions for perpetrators to commit cybercrimes (Benson et al., 2015;Reyns et al., 2011). ...
Many online criminals are now targeting those who use social networking sites (SNSs). However, there is a lack of studies that provide a broad overview of the relationship between SNS use and cybercrime victimization. We undertake a comprehensive literature assessment of an articles series found in various databases to address this information gap. This work aims to assess the current state of scholarship reflecting how SNS use affects cybercrime victimization regarding the theories used, the forms of cybercrime studied, the variables investigated, and the key findings. The results indicated that the Routine Activities Theory was the most frequently employed theory; nevertheless, its effectiveness in explaining cybercrime victimization was controversial. In addition, most research has focused on cyberbullying, but numerous types of cybercrime have received less attention. The main predictors of cybercrime victimization were examined based on the dimension of basic use of SNS, and the psychological, social, and demographic attributes of users. Several recommendations are also provided for future research.
... Pravděpodobně však nejde o samotné pohlaví a vzdělání jako takové, ale další okolnosti, taktéž ovlivněné věkem, pohlavím a vzděláním. Úvahy směřují k teorii rutinních aktivit, která jako vysvětlující faktory viktimizace phishingovými útoky identifikuje určité proměnné v oblasti aktivity a času stráveného na internetu, a nikoliv demografické charakteristiky obětí (Leukfeldt, 2014;Jansen & Leukfeldt, 2016). ...
Publikace shrnuje poznatky vyplývající z reprezentativního dotazníkového šetření a analýzy trestních spisů realizovaných v IKSP v letech 2020-2023. Zamýšlí se nad právní regulací počítačových trestných činů v České republice a nastiňuje vybrané aspekty souvisejících trestních řízení pachatelů, kteří za ně byli pravomocně odsouzeni v roce 2019, včetně uvedení konkrétních kauz. Stěžejní část publikace prezentuje výsledky rozsáhlého dotazníkového šetření české internetové populace z roku 2020. Představuje poznatky z oblasti bezpečnostních návyků uživatelů internetu, používání různých zařízení k přístupu na internet, zkušeností s darkwebem nebo reakcí na online viktimizaci či míru latence sledovaných jevů. Dále se věnuje jednání na hraně či za hranou protiprávnosti v různých oblastech, a to pohledem respondentů-obětí i respondentů-útočníků. Zahrnuje v tomto směru obchodování online, neoprávněné přístupy na různé online účty (internetové bankovnictví, e-maily, sociální sítě, herní účty), zneužívání přístupu zaměstnance, porušování autorských práv, phishing a ransomware. Obě části (analýza trestních spisů i dotazníkové šetření) přitom zvlášť rozlišují jednání v podobě virtuálního násilí oproti majetkovému zájmu.
... Mobile game platforms use artificial intelligence to implement message filtering systems that prevent the dissemination of risky content. Utilising the social feature of mobile gaming, privacy predators can widely spread phishing information, such as offers for free game equipment or friends-making (Leukfeldt 2014). Teen players, driven by the desire to level-up in the game or make social connections, may let their guard down against these tempting messages (Bryce and Klang 2009). ...
Phishing can lead to data leaks or infiltration of computer networks. Protection against the risks of phishing is particularly important for public organizations such as municipalities, that process a large amount of sensitive personal information and whose operational processes can have major societal impact. This makes phishing a direct threat to operational continuity and the reputation of the organization and raises the question of how public organizations can combat this effectively and which resources they can deploy to mitigate the risks of phishing. In this experiment, two test phishing emails were sent to the total population of one of the 15 largest Dutch municipalities. We performed an embedded experiment, with employees experiencing the risks of phishing first hand with extensive attention for the ethics of this approach. Senior and middle-aged employees clearly run the biggest risk of becoming victims of phishing at this specific organization, but they are not automatically prepared to do an online, educational microlearning on phishing. This is also the case for young staff. Less voluntary education should be aimed at these groups of employees in this organization to make them and the organization, more resilient to the risks of phishing. Also, the microlearning did not have an effect on the results of our participants. We advocate a tailor-made approach of offline training to raise awareness and resilience against phishing among employees of public organizations, municipalities, and organizations in general. Our experimental design can be reused in this direction. We conclude to also look at how never-clickers think and act, with further theoretical substantiation and research into the application of the human-as-solution approach..
Dit onderzoek gaat over cybercrime. De Nederlandse overheid geeft aan de opsporing en bestrijding van cybercrime prioriteit en neemt verschillende juridische en organisatorische maatregelen. Het nemen van maatregelen vereist kennis over aard en omvang van de criminaliteit. Bij herhaling wordt echter geconstateerd, ook door politie en justitie zelf, dat politie en justitie de ontwikkelingen aangaande cybercrime maar moeizaam kunnen bijbenen. Er is sprake van een (aanzienlijk) kennistekort. De Dienst Nationale Recherche (DNR) van het Korps Landelijke Politiediensten (KLPD) nam daarom het initiatief tot dit onderzoek. Deze Verkenning Cybercrime in Nederland 2009 moet bijdragen aan het kennisniveau van politie en justitie.
In dit onderzoek hanteren wij cybercrime als overkoepelend begrip voor alle vormen van criminaliteit, waarbij ICT een wezenlijke rol speelt in de
realisatie van het delict. Niet iedere vorm van cybercrime kan in dit onderzoek worden opgenomen, daarvoor is de lijst met cybercrimes te lang. De volgende vormen van cybercrime komen aan bod: hacken, e-fraude, cyberafpersen, kinderpornografie en haatzaaien. We selecteerden deze vijf, omdat ze van alle cybercrimes de ernstigste maatschappelijke problemen zijn en (dus) de meeste aandacht krijgen van politie en justitie.
Het onderzoek moet uiteindelijk bijdragen aan de bestrijding van cybercrime. Het dichterbij gelegen doel is het bieden van inzicht in de ernst van de voor de politie meest relevante verschijningsvormen van cybercrime. Om de ernst van een cybercrime te bepalen, stelden we vier hoofdvragen op:
1. Wat is de aard van de cybercrimes?
2. Wat is er bekend over de daders?
3. Wat is de omvang van de cybercrimes?
4. Wat is de maatschappelijke impact van de cybercrimes?
Computer crime hackers have been identified as a primary threat to computer systems, users, and organizations. Much extant research on hackers is conducted from a technical perspective and at an individual level of analysis. This research empirically examines the social organization of a hacker community by analyzing one network called Shadowcrew. The social network structure of this infamous hacker group is established using social networking methods for text mining and network analysis. Analysis of relationships among hackers shows a decentralized network structure. Leaders are identified using four actor centrality measures (degree, betweenness, closeness, and eigenvector) and found to be more involved in thirteen smaller sub-groups. Based on our social network analysis, Shadowcrew exhibits the characteristics of deviant team organization structure.
Felson coined the term ‘offender convergence settings’ to describe certain physical locations, e.g. local tough bars, in which (potential) offenders meet each other. Here they relax with friends and acquaintances, meet new people, exchange information, sell stolen material or plan new criminal acts. The perpetrators of cybercrime also make use of such locations, albeit digitally in so-called virtual forums. From a law enforcement point of view, both types of settings should be suppressed. However, a physical location is easier closed down than a virtual one. This is because the virtual forum is often situated in countries that will not cooperate with requests to take down servers. This could be considered as an advantage for the offender. But virtual forums also have specific disadvantages. Every contact and discussion is digitally preserved for those who know where to look. A law enforcement agency was able to take such a look in one particular forum. This revealed over 150,000 postings by 1,846 members. More importantly, these postings disclosed crime scripts as criminals themselves see it. It turns out that hacking accounts and stealing money is not their biggest problem. What is a risk, however, is not leaving traces when wiring the money into other accounts. This article tries to translate such insights in policy recommendations.
Victimization on the Internet through what has been termed cyberbullying has attracted increased attention from scholars and practitioners. Defined as “willful and repeated harm inflicted through the medium of electronic text” (Patchin and Hinduja 200653.
Patchin , J. W. and
S. Hinduja . 2006 . “Bullies Move Beyond the Schoolyard: A Preliminary Look at Cyberbullying.” Youth Violence and Juvenile Justice 4 ( 2 ): 148 – 169 . [CrossRef]View all references:152), this negative experience not only undermines a youth's freedom to use and explore valuable on-line resources, but also can result in severe functional and physical ramifications. Research involving the specific phenomenon—as well as Internet harassment in general—is still in its infancy, and the current work seeks to serve as a foundational piece in understanding its substance and salience. On-line survey data from 1,378 adolescent Internet-users are analyzed for the purposes of identifying characteristics of typical cyberbullying victims and offenders. Although gender and race did not significantly differentiate respondent victimization or offending, computer proficiency and time spent on-line were positively related to both cyberbullying victimization and offending. Additionally, cyberbullying experiences were also linked to respondents who reported school problems (including traditional bullying), assaultive behavior, and substance use. Implications for addressing this novel form of youthful deviance are discussed.
Abstract The aim of this study was to determine the prevalence of cyberstalking victimization, characteristics of victims and offenders, and the impact of cyberstalking on the victims' well-being and mental health. An online survey of 6,379 participants was carried out, involving users of the German social network StudiVZ. Subjective mental health status was assessed with the WHO-5 well-being index. The prevalence of cyberstalking was estimated at 6.3%. In various aspects, cyberstalking was comparable to offline stalking: cyberstalking occurred most often in the context of ex-partner relationships; most of the victims were female and the majority of the perpetrators were male. Compared to non-victims, victims of cyberstalking scored significantly poorer on the WHO-5 well-being index. The prevalence of cyberstalking is considerable. However, if stringent definition criteria comparable to those of offline stalking are applied, it is not a mass phenomenon. The negative impact of cyberstalking on the victims' well-being appears similar to that of offline stalking. Hence, cyberstalking should be taken as seriously as offline variants of stalking by legal authorities and victim assistance professionals.
The threat of hackers and data thieves has increased, though few have considered the ways they dispose of the information obtained through computer attacks. This exploratory study examines the nature of the market for stolen data using a qualitative analysis of 300 threads from six web forums run by and for data thieves. The results suggest that all manner of personal and financial data can be obtained through these markets at a fraction of their true value. In addition, there are distinct relationships between buyers and sellers that shape the relationships and structure of these markets. Policy implications for law enforcement intervention are also discussed.
Using the Federal Trade Commission's 2003 identity theft survey data, this article examines the relationship between a person's demographic characteristics and the likelihood of experiencing identity theft. Among other factors, the risk of identity theft appears to be higher for people with higher incomes, for younger consumers, and for women. A person's risk of being a victim of identity theft may depend, at least in part, on how many noncash accounts the consumer has and the intensity of their use. It may also depend on where the consumer conducts business and the precautions the consumer exercises. Because data to measure these factors directly are not available, differences in the risk faced by demographic groups may reflect differences in these considerations. This article should be of interest to those who are concerned with educating consumers about limiting identity theft risk and to law enforcement authorities.