Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Introduction Read chapter Read first chapter

2021 | OriginalPaper | Chapter

The Online Behaviour and Victimization Study: The Development of an Experimental Research Instrument for Measuring and Explaining Online Behaviour and Cybercrime Victimization

Authors : M. Susanne van ’t Hoff-de Goede, E. Rutger Leukfeldt, Rick van der Kleij, Steve G. A. van de Weijer

Published in: Cybercrime in Context

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

The rise in cybercrime victimization underlines the need to understand how people behave online and how unsafe online behaviour may be related to victimization. Previous studies have often relied on self-reported behaviour or attitudes towards precautionary online behaviour. Studies that measured both actual online behaviour and explanatory factors in a large population are scarce. In this chapter, the research instrument of the online behaviour and victimization study is introduced. The chapter will outline the development of this instrument, which uses a population-based survey experiment. With this instrument, the actual behaviour of internet users can be measured. While filling out the survey respondents encounter (fictional) cyber-risk situations, allowing researchers to analyse how respondents deal with these situations. Moreover, based on theories and an extensive literature study that is shortly outlined in this chapter, measurements were incorporated in the study for numerous explanatory factors, including knowledge (awareness), opportunity and motivation. Finally, previous cybercrime victimization is measured, making it possible to research the association between actual online behaviour and online victimization.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter The Annual Conference on the Human Factor in Cybercrime: An Analysis of Participation in the 2018 and 2019 Meetings
next chapter No Gambles with Information Security: The Victim Psychology of a Ransomware Attack
Appendix
Available only for authorised users
Footnotes
1
Phishing is a form of an online scam, in which criminals copy the emails or websites of legitimate organisations to mislead victims in order to obtain login details and gain access to online accounts.
 
2
Ransomware is a malicious software that blocks a computer or encrypts files. Only when you pay a ransom you are able to use the computer or files again.
 
3
Spear phishing is a targeted phishing attack against a person or a specific group of people.
 
4
Malware is malicious software that is installed on your computer unsolicited and usually unnoticed. Examples of malware are viruses, Trojan horses, worms, and spyware.
 
5
An English translation of the original Dutch questionnaire is available upon request from the authors.
 
6
The objective measurement of password management is displayed in the picture, a print screen of the survey. In English, this states: In accordance with Dutch privacy legislation, we now ask you to create a temporary user account. For the purpose of this study, your personal data will be stored in this account. You will need to use this account one more time, at the end of the questionnaire. Please enter a username and password below.
Username:
Password:
Re-enter password:
 
7
The objective measurement of clicking behaviour is displayed in the picture, a print screen of the survey. In English, this states: Before you answer the next question, we ask you to watch a short video on online shopping (30 s). Click on the play button in the screen below. //This video is being processed. Try again later. //We are sorry. //User account management. //Do you allow the following program from an unknown publisher to make changes to this computer? //Program name: Vidzzplay. //Publisher: unknown // Origin: http://​vidzzplay.​play//yes//no.
 
8
However, during a pilot of the research tool, this only occurred in low frequencies.
 
9
General Data Protection Regulation, applicable in Europe; https://​gdpr-info.​eu/​
 
Literature
Arachchilage, N. A. G., & Love, S. (2014). Security awareness of computer users: A phishing threat avoidance perspective. Computers in Human Behavior, 38, 304–312.CrossRef
Boss, S., Galletta, D., Lowry, P. B., Moody, G. D., & Polak, P. (2015). What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Quarterly, 39(4), 837.CrossRef
Bossler, A. M., & Holt, T. J. (2009). On-line activities, guardianship, and malware infection: An examination of routine activities theory. International Journal of Cyber Criminology, 3(1), 400–420.
Bossler, A. M., & Holt, T. J. (2010). The effect of self-control on victimization in the cyberworld. Journal of Criminal Justice, 38(3), 227–236.CrossRef
Cain, A. A., Edwards, M. E., & Still, J. D. (2018). An exploratory study of cyber hygiene behaviors and knowledge. Journal of Information Security and Applications, 42, 36–45.CrossRef
Christofides, E., Muise, A., & Desmarais, S. (2012). Risky disclosures on Facebook: The effect of having a bad experience on online behavior. Journal of Adolescent Research, 27(6), 714–731.CrossRef
Cross, C., Richards, K., & Smith, R. G. (2016). The reporting experiences and support needs of victims of online fraud. Trends & Issues in Crime and Criminal Justice, 518, 2–14.
Crossler, R. E., & Bélanger, F. (2014). An extended perspective on individual security behaviors: Protection motivation theory and a unified security practices (USP) instrument. ACM SIGMIS Database, 45(4), 51–71.CrossRef
Crossler, R. E., Bélanger, F., & Ormond, D. (2017). The quest for complete security: An empirical analysis of users’ multi-layered protection from security threats. Information Systems Frontiers, 21(2), 343–357.CrossRef
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioral information security research. Computers and Security, 32, 90–101.CrossRef
Debatin, B., Lovejoy, J. P., Horn, A. K., & Hughes, B. N. (2009). Facebook and online privacy: Attitudes, behaviors, and unintended consequences. Journal of Computer-Mediated Communication, 15(1), 83–108.CrossRef
Downs, J. S., Holbrook, M., & Cranor, L. F. (2007). Behavioral response to phishing risk. In Proceedings of the anti-phishing working groups – 2nd annual eCrime researchers summit (pp. 37–44). New York, NY: ACM Press.
Floyd, D. L., Prentice-Dunn, S., & Rogers, R. W. (2000). A meta-analysis of research on protection motivation theory. Journal of Applied Social Psychology, 30(2), 407–429.CrossRef
Gottfredson, M. R., & Hirschi, T. (1990). A general theory of crime. Stanford, CA: Stanford University Press.CrossRef
Herath, T., & Rao, H. R. (2009). Protection motivation and deterrence: A framework for security policy compliance in organisations. European Journal of Information Systems, 18(2), 106–125.CrossRef
Holt, T. J., & Bossler, A. M. (2013). Examining the relationship between routine activities and malware infection indicators. Journal of Contemporary Criminal Justice, 29(4), 420–436.CrossRef
Jansen, J. (2018). Do you bend or break? Preventing online banking fraud victimization through online resilience. Doctoral thesis. Enschede: Gildeprint.
Jansen, J., & Leukfeldt, R. (2015). How people help fraudsters steal their money: An analysis of 600 online banking fraud cases. In Proceedings – 5th workshop on socio-technical aspects in security and trust, STAST 2015 (pp. 24–31). Piscataway, NJ: IEEE.
Jansen, J., & Leukfeldt, R. (2016). Phishing and malware attacks on online banking customers in the Netherlands: A qualitative analysis of factors leading to victimization. International Journal of Cyber Criminology, 10(1), 79–91.
Jansen, J., & Leukfeldt, R. (2018). Coping with cybercrime victimization: An exploratory study into impact and change. Journal of Qualitative Criminal Justice & Criminology, 6(2), 205–228.
Jansen, J., & van Schaik, P. (2017). Comparing three models to explain precautionary online behavioural intentions. Information and Computer Security, 25(2), 165–180.CrossRef
Jones, B. H., & Heinrichs, L. R. (2012). Do business students practice smartphone security? Journal of Computer Information Systems, 53(2), 22–30.
Jong, L., Leukfeldt, R., & van de Weijer, S. (2018). Determinanten en motivaties voor intentie tot aangifte na slachtofferschap van cybercrime. Tijdschrift Voor Veiligheid, 17(1–2), 66–78.CrossRef
Junger, M., Montoya Morales, A. L., & Overink, F. J. (2017). Priming and warnings are not effective to prevent social engineering attacks. Computers in Human Behavior, 66, 75.CrossRef
Kaptein, M., Markopoulos, P., De Ruyter, B., & Aarts, E. (2009). Can you be persuaded? Individual differences in suceptibility to persuasion. In IFIP Conference on Human-Computer Interaction (pp. 115–118). Berlin: Springer.
Kaye, J. (2011). Self-reported password sharing strategies. In Proceedings of the 2011 Annual Conference on Human Factors in Computing Systems – CHI ‘11 (p. 2619). New York, NY: ACM.
Leukfeldt, E. R. (2014). Phishing for suitable targets in the Netherlands: Routine activity theory and phishing victimization. Cyberpsychology, Behavior and Social Networking, 17(8), 551–555.CrossRef
Leukfeldt, E. R. (Ed.). (2017). Research agenda the human factor in cybercrime and cybersecurity. Den Haag: Eleven International Publishing.
Leukfeldt, E. R., Kleemans, E. R., & Stol, W. P. (2017). Cybercriminal networks, social ties and online forums: Social ties versus digital ties within phishing and malware networks. British Journal of Criminology, 57(3), 704–722.
Leukfeldt, E. R., & Yar, M. (2016). Applying routine activity theory to cybercrime: A theoretical and empirical analysis. Deviant Behavior, 37(3), 263–280.CrossRef
Leukfeldt, E. R., Notté, R. J., & Malsch, M. (2019). Exploring the needs of victims of cyber-dependent and cyber-enabled crimes. Victims and Offenders, 15(1), 60–77.CrossRef
Lewis, K., Kaufman, J., & Christakis, N. (2008). The taste for privacy: An analysis of college student privacy settings in an online social network. Journal of Computer-Mediated Communication, 14(1), 79–100.CrossRef
Lusthaus, J. (2018). Honour among (cyber)thieves? European Journal of Sociology, 59(2), 191–223.CrossRef
Maimon, D., & Louderback, E. R. (2019). Cyber-dependent crimes: An interdisciplinary review. Annual Review of Criminology, 2(1), 191.CrossRef
Michie, S., Van Stralen, M. M., & West, R. (2011). The behaviour change wheel: A new method for characterising and designing behaviour change interventions. Implementation Science: IS, 6, 42.CrossRef
Mullinix, K. J., Leeper, T. J., Druckman, J. N., & Freese, J. (2015). The generalizability of survey experiments. Journal of Experimental Political Science, 2(2), 109–138.CrossRef
Mutz, D. C. (2011). Population-based survey experiments. Princeton: Princeton University Press.CrossRef
Ngo, F. T., & Paternoster, R. (2011). Cybercrime victimization: An examination of individual and situational level factors. International Journal of Cyber Criminology, 5(1), 773.
Norman, P., Boer, H., & Seydel, E. R. (2005). Protection motivation theory. In M. Conner & P. Norman (Eds.), Predicting health behaviour (pp. 81–127). London: Open University Press.
Ovelgönne, M., Dumitras, T., Prakash, B. A., Subrahmanian, V. S., & Wang, B. (2017). Understanding the relationship between human behavior and susceptibility to cyber attacks. ACM Transactions on Intelligent Systems and Technology, 8(4), 1–25.CrossRef
Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., & Zwaans, T. (2017). The human aspects of information security questionnaire (HAIS-Q): Two further validation studies. Computers and Security, 66, 40–51.CrossRef
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2014). Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q). Computers and Security, 42, 165–176.CrossRef
Rhee, H. S., Kim, C., & Ryu, Y. U. (2009). Self-efficacy in information security: Its influence on end users’ information security practice behavior. Computers and Security, 28(8), 816–826.CrossRef
Rotter, J. B. (1966). Generalized expectancies for internal versus external control of reinforcement. Psychological Monographs: General and Applied, 80(1), 1.CrossRef
Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L., & Downs, J. (2010). Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 373–382). New York, NY: ACM.CrossRef
Shillair, R., Cotten, S. R., Tsai, H. Y. S., Alhabash, S., Larose, R., & Rifon, N. J. (2015). Online safety begins with you and me: Convincing internet users to protect themselves. Computers in Human Behavior, 48, 199.CrossRef
Smith, J. R., & Louis, W. R. (2008). Do as we say and as we do: The interplay of descriptive and injunctive group norms in the attitude-behaviour relationship. British Journal of Social Psychology, 47(4), 647–666.CrossRef
Spiekermann, S., Grossklags, J., & Berendt, B. (2001). E-privacy in 2nd generation E-commerce: Privacy preferences versus actual behavior. In ACM Conference on Electronic Commerce (pp. 1–10). New York, NY: ACM Press.
Talib, S., Clarke, N. L., & Furnell, S. M. (2010). An analysis of information security awareness within home and work environments. ARES 2010 – 5th International Conference on Availability, Reliability, and Security (pp. 196–203).
Tan, M., & Aguilar, K. S. (2012). An investigation of students’ perception of Bluetooth security. Information Management and Computer Security, 20(5), 364–381.CrossRef
Van de Weijer, S. G. A., & Leukfeldt, E. R. (2017). Big five personality traits of cybercrime victims. Cyberpsychology, Behavior, and Social Networking, 20(7), 407–412.CrossRef
Van Schaik, P., Jeske, D., Onibokun, J., Coventry, L., Jansen, J., & Kusev, P. (2017). Risk perceptions of cyber-security and precautionary behaviour. Computers in Human Behavior, 75, 547–559.CrossRef
Van Wilsem, J. (2013). “Bought it, but never got it” assessing risk factors for online consumer fraud victimization. European Sociological Review, 29(2), 168–178.CrossRef
Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating IS security compliance: Insights from habit and protection motivation theory. Information and Management, 49(3–4), 190.CrossRef
Workman, M., Bommer, W. H., & Straub, D. (2008). Security lapses and the omission of information security measures: A threat control model and empirical test. Computers in Human Behavior, 24(6), 2799–2816.CrossRef
Metadata
Title
The Online Behaviour and Victimization Study: The Development of an Experimental Research Instrument for Measuring and Explaining Online Behaviour and Cybercrime Victimization
Authors
M. Susanne van ’t Hoff-de Goede
E. Rutger Leukfeldt
Rick van der Kleij
Steve G. A. van de Weijer
Copyright Year
2021
Publisher
Springer International Publishing
Book
Cybercrime in Context

Print ISBN: 978-3-030-60526-1

Electronic ISBN: 978-3-030-60527-8

Copyright Year: 2021

DOI
https://doi.org/10.1007/978-3-030-60527-8_3

Premium Partner

    Image Credits