Skip to main content
SearchLoginLogin or Signup

Advancing research on the Human Factor in Cybercrime

Published onAug 10, 2022
Advancing research on the Human Factor in Cybercrime

DOI: 10.1016/j.chb.2022.107410


Criminological inquiry into the problem of offending in online spaces has grown dramatically over the last two decades. The field has expanded from theoretical discussions on the nature of cybercrime relative to terrestrial crime (Grabosky, 2001; Wall, 2001) and occasional qualitative studies of hacking (Meyer, 1989; Jordan & Taylor, 1998). Now, qualitative and quantitative approaches address all manner of offenses, whether economic or personal in nature (see Holt & Bossler, 2015; Maimon & 2019), and consider the diversified perspectives of offenders (Lusthaus, 2018; Holt & Dupont, 2019; Dupont & Lusthaus, 2021), victims (Cross et al., 2016; Whitty, 2019; Leukfeldt et al., 2020), and law enforcement (Bossler & Holt, 2012; Harkin et al., 2018).

The scope of research has also expanded, transitioning from limited college samples of the mid-2000s (Holt & Bossler, 2015) to large-scale population samples (Holt et al., 2020; Leukfeldt & Yar, 2016) and youth populations (e.g. Back et al., 2018; Fox & Holt, 2021). Similarly, novel sampling methods of offenders and non-offenders have been used as a means to understand the nature of cybercrime (Kranenbarg et al., 2021), as have unique data sources such as honeypots (e.g. Maimon et al., 2015; Moneva et al., 2022), website defacement reports (Holt et al., 2020; Howell et al., 2020) and custom-made web crawling tools (Décary-Hétu & Aldridge, 2015). Even massive data dumps of forums have become a tool to analyze the behaviors of active cybercrime groups (see Dupont et al., 2017; Hutchings & Holt, 2015; Scrivens et al., 2021).

As the field grows, so too do the unique platforms to present research and engage in collaborative scholarship. This special issue is borne out of one such event, the Human Factor in Cybercrime conference. This yearly event is organized by criminologists across the globe in order to create a shared space for cutting-edge empirical research by both junior and senior scholars from a broad range of disciplines. The volume and quality of submissions from researchers across the globe enabled the organizing committee to produce a call for papers for this special issue. The papers contained within reflect studies presented in their infancy during the conference, as well as novel submissions in response to the call.

Special issue contents

The special issue starts with a paper by Kevin Steinmetz, Alexandra Pimentel and W. Richard Goe (all from Kansas State University) that examines how people who perform social engineering as a profession (such as information security auditors) or a hobby (white hat hackers) manage to deceive their targets successfully. Social engineering refers to the use of deception to access sensitive information or secure systems. Using a social interactionist framework and relying on qualitative semi-structured interviews, the authors identify twelve themes congruent with successful social engineering attacks that usually unfold in four stages: planning, establishing social proximity, activating the mark, and maintaining the deception by concealing the ultimate ends of the attacker. Although social engineering practices are complicated to implement and require a deep understanding of the mark and its social environment, the authors note that they are rather banal and do not fit with the technological narratives usually associated with cybercrime. This is probably what makes them so effective.

Restrictive deterrence and the scope of hackers’ reoffending: findings from two randomized field trials by David Maimon (Georgia State University), C. Jordan Howell (The University of Texas at El Paso), and George W. Burruss (University of South Florida), explores the influence of gossip regarding law enforcement operations on repeat cyber-offenders. The authors deploy an experimental design approach relying on a deterrence theory rationale to test whether unconfirmed information can be leveraged to reduce the frequency and severity of offending. They discovered that gossip messages sent to hackers’ private inboxes are effective at prompting positive changes in behavior, while postings on hackers’ public Facebook walls were ineffective. Their study reinforces the argument for the need to design more focused deterrence efforts to reduce illegal hacking.

Karen M. Holt (Michigan State University), Thomas J. Holt (Michigan State University), Jesse Cale (Griffith University), Russell Brewer (University of Adelaide), and Andrew Goldsmith (Flinders University) address the issue of juvenile sexting and try to determine to what extent it is correlated with low self-control, and how technological situational opportunities mediate this relationship. Using a sample of 1,328 youths aged between 13 and 14, they found that sexting behaviors remained low compared to young adults (3.53% of youths sent sexts of themselves to others) and confirmed that low self-control was associated with sexting. However, they refine this relationship by showing that it is not constant and that some specific online activities such as participating in online forums and viewing pornography increased the likelihood of engaging in various sexting behaviors. This paper has significant policy implications, helping us pinpoint the online behaviors and technological skillsets that awareness and prevention programs should target among adolescents.

In cybercrime on the menu? Examining cafeteria-style offending among financially motivated cybercriminals, Eric Rutger Leukfeldt (Netherlands Institute for the Study of Crime and Law Enforcement) and Thomas J. Holt (Michigan State University) investigate the degree of specialization found in cybercrime networks. Using data collected from 37 criminal investigations conducted in four countries (the Netherlands, the UK, the US and Germany), they find that half of the offender networks in their sample can be described as specialized, while the other half displays more versatility, both online and offline. These findings suggest that cyber-offenders are not so different from their offline peers after all and that criminal opportunities shape to a fair extent their predatory behavior. Additionally, offline and online offending pathways appear to intersect more often than anticipated.

Asier Moneva, Eric Rutger Leukfeldt, Steve G. A. Van De Weijer (all three from the Netherlands Institute for the Study of Crime and Law Enforcement), and Fernando Miró-Llinares (Miguel Hernandez University) examine in Repeat victimization by website defacement: an empirical test of premises from an environmental criminology perspective the applicability of repeat victimization’s traditional premises to cybercrime events such as website defacements. They analyzed a dataset of nine million incidents to find that repeat victimization represents only 7.1% of total defacements, that the mean time interval between repeat victimization was a longer-than-expected 670.4 days, that 1% of offenders were responsible for 57.8% of repeat defacements, and that offenders defaced the same domains only 0.3% of the time. These results suggest that some traditional premises of repeat victimization apply to online crime but follow different patterns and therefore call for crime prevention approaches that reflect these patterns.

High tech crime, high intellectual crime? Comparing the intellectual capabilities of cybercriminals, traditional criminals and non-criminals, by Jim A. M. Schiks, Steve G. A. Van De Weijer, and Eric Rutger Leukfeldt (all from the Netherlands Institute for the Study of Crime and Law Enforcement) seeks to elucidate the relationship between cybercrime and the intelligence of online offenders. The complexity of digital infrastructures intuitively suggests that above-average cognitive skills are required to exploit them for criminal gains. However, their findings contradict this expectation: using standardized test scores administered to primary school students in the Netherlands, and comparing three groups of apprehended cybercriminals, apprehended ‘traditional criminals’ and non-criminals matched on age, sex and country of birth, they observe that cybercriminals have significantly higher test scores than conventional offenders, but significantly lower test scores than non-criminals. These differences should be considered when designing crime prevention initiatives aimed at potential cyber-offenders and rehabilitation programs for those arrested.

Marleen Weulen Kranenbarg (Vrije Universiteit Amsterdam) also compares people who have committed traditional crimes and cybercrimes with a focus on co-offending patterns in When do they offend together? Comparing co-offending between different types of cyber-offenses and traditional offenses. She uses self-report survey data from 164 individuals involved in 466 crimes to study the extent of co-offending instances, the variety of co-offenders and the relationship between IT skills and cyber co-offending. Despite the facilitating nature of online platforms and forums to find co-offenders, she finds that most cybercrimes (83.33%) are committed alone, similar to traditional crimes. In each group, crime clusters such as vandalism or internet-related cybercrimes exhibit higher levels of co-offending, suggesting that situational factors play an essential role. For both types of crime, the most common co-offenders are friends. Offenders with low IT skills and very strong IT skills tend to co-offend more often, maybe reflecting different supply and demand rationales: while less qualified offenders seek complementary co-offenders, highly skilled individuals are sought after for the unique expertise they can bring to a cybercrime project. This study reminds us that most cybercrimes are committed alone, and that research efforts should not overlook these cyber-offenders who appear less organized.


Bossler, A., & Holt, T. (2012). Patrol officers’ perceived role in responding to cybercrime. Policing: An International Journal of Police Strategies & Management, 35(1), 165-181.

Cross, C., Richards, K., & Smith, R. G. (2016). The reporting experiences and support needs of victims of online fraud. Trends & Issues in Crime and Criminal Justice, 518, 1-14.

Décary-Hétu, D., & Aldridge, J. (2015). Sifting through the net: Monitoring of online offenders by researchers. The European Review of Organised Crime, 2(2), 122-141.

Dupont, B., & Lusthaus, J. (2021). Countering distrust in illicit online networks: The dispute resolution strategies of cybercriminals. Social Science Computer Review, 40(4), 1-22.

Harkin, D., Whelan, C., & Chang, L. (2018). The challenges facing specialist police cybercrime units: an empirical analysis. Police Practice and Research, 19(6), 519-536.

Holt, T., & Dupont, B. (2019). Exploring the factors associated with rejection from a closed cybercrime community. International Journal of Offender Therapy and Comparative Criminology, 63(8), 1127-1147.

Leukfeldt, E. R., Notté, R. J., & Malsch, M. (2020). Exploring the needs of victims of cyber-dependent and cyber-enabled crimes. Victims & Offenders, 15(1), 60-77.

Lusthaus, J. (2018). Industry of Anonymity. Cambridge, MA: Harvard University Press.

Whitty, M. T. (2019). Predicting susceptibility to cyber-fraud victimhood. Journal of Financial Crime, 26(1), 277-292.

No comments here
Why not start the discussion?