Article

Cyber Place Management and Crime Prevention: The Effectiveness of Cybersecurity Awareness Training Against Phishing Attacks

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Criminologists and crime prevention practitioners recognize the importance of geographical places to crime activities and the role that place managers might play in effectively preventing crime. Indeed, over the past several decades, a large body of work has highlighted the tendency for crime to concentrate across an assortment of geographic areas, where place management tends to be absent or weak. Nevertheless, there has been a paucity of research evaluating place management strategies and cybercrime within the virtual domain. The purpose of this study was to investigate the effectiveness of place management techniques on reducing cybercrime incidents in an online setting. Using data derived from the information technology division of a large urban research university in the United States, this study evaluated the impact of an anti-phishing training program delivered to employees that sought to increase awareness and understanding of methods to better protect their “virtual places” from cybercrimes. Findings are discussed within the context of the broader crime and place literature.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... This paper explores the nature of phishing attacks, highlighting their common tactics and evolving techniques [1]. It further examines effective prevention strategies, such as user education, technological defenses, and organizational policies, aimed at minimizing the risk of phishing. ...
... In some cases, phishing attacks may also involve the distribution of malicious software that demands a ransom or disrupts the victim's computer system. Given their frequency, it is crucial that individuals receive proper training to recognize and prevent phishing attacks [1]. Phishing can be executed in various ways, with attackers often conducting mass phishing campaigns that target large groups to identify and exploit vulnerable individuals [2]. ...
... As a result, there has been a rise in the development of AI-powered cybersecurity systems. For instance, Google has created a system that protects most of its users from email phishing attacks [1]. In addition to AI, other preventive measures such as increased online vigilance and cautious email handling are also vital. ...
Article
Full-text available
Phishing attacks remain one of the most prevalent and destructive forms of cybercrime, posing significant threats to individuals, organizations, and governments. These attacks, which typically involve fraudulent attempts to steal sensitive information, have evolved in sophistication, exploiting both technological vulnerabilities and human error. This paper reviews various prevention and response strategies for phishing attacks, examining both proactive measures to prevent phishing attempts and reactive responses to mitigate damage post-attack. It discusses common phishing techniques such as email phishing, spear phishing, and smishing, alongside the tools and frameworks designed to combat these threats. Additionally, the paper explores the role of awareness training, multi-factor authentication, and advanced email filtering in preventing phishing attacks. In response strategies, it covers incident reporting, containment actions, and the importance of post-attack analysis for improving organizational resilience. Ultimately, the paper provides a comprehensive overview of best practices for minimizing the risk and impact of phishing, aiming to equip both individuals and organizations with effective countermeasures.
... A phishing attack is among the most common types of cyber security attacks. This type of attack involves some type of social engineering where the attacker sends fraudulent messages tricking the victim into providing his credentials [1]. This attack may also be included in sending malicious software requiring ransom or impacting a person's computer. ...
... This attack may also be included in sending malicious software requiring ransom or impacting a person's computer. Phishing attacks are very common, requiring that people have been provided with essential training about this attack [1]. There are different ways through which phishing can be achieved. ...
... It is usually done through email" [21]. The main goal of phishing attacks includes acquiring sensitive information such as login and credit card information [1]. The attacks could also include installing malware on users' machines and asking for ransom for removing the malware. ...
Article
Full-text available
Machine learning has been described as an effective measure in avoiding most cyber attacks. The development of AI has therefore promoted increased security for most computer attacks. Phishing attacks are risky and can be prevented through AI-based solutions. This factor suggests the need for increased awareness of cyber security through AI. Developing awareness for most people will prevent these types of attacks. The research paper describes how the awareness of AI-based cyber security could ensure a reduction of phishing attacks. The paper, therefore, showcases the effectiveness of AI-based cyber security awareness training and how it may influence cyber-attacks.
... The least crucial variable is the age of end-users who could be potentially exposed to the impact of phishing threats. One of the literature's ideas was that phishing and its alternatives were the most effective with younger Internet users [16,17,18,19,20,21]. On the other hand, it was also identified by [22] that people aged from 28 to 40 were the least responsive to Phishing attacks due to the reduced amount of trust toward any specific individuals looking forward to building a close relationship. ...
... Another issue (variable) from the spectrum is the impact of end-user gender on how they interact with attackers and how these could be prevented. Gender is essential to accept and demographic variables related to phishing attacks [19,20,21]. There is a significantly tight relationship between the gender of individuals being targeted and the overall success of social engineering attacks, meaning that females could be, in some cases, more prone to exposing themselves to phishing than males. ...
... Another important variable that cannot be underestimated is the presence of a certain level of education that ultimately defines the impact of a social engineering attack on an individual or an organization. There is a direct correlation between these notions where individuals with higher levels of study were not as affected by phishing attacks as their counterparts with lower studies [2,16,18,19,20,21,23,24,25]. Nevertheless, there is also a hypothesis shared by [22] that the level of education does not associate with proneness to Phishing attacks in any way. ...
Article
Phishing is a dynamic threat, making it much more dangerous because a lack of awareness among employees makes it much more difficult for the business to detect and respond to Phishing situations. Social engineering is a process that essentially involves human interactions that can be exploited to the point where typical security methods become defective. The most dangerous risk of social engineering is that the criminals understand human nature and may exploit vulnerabilities without the victims realizing it. This study examines relevant research to determine the factors that may influence employee awareness of social engineering threats. Three demographic factors and seven other factors, according to the literature, may influence employee awareness of social engineering threats.
... As noted in Figure 2, the topic of cybersecurity in confluence with organisational awareness and training is a necessity. It is also evident that the frequency of such articles becoming published is gradually increasing year over year, even in the short span of six months in 2021 [3,7,17,[22][23][24]26,34,[38][39][40][41]. The total number of articles in this domain is already almost half the number of published articles from last year, and more than 75% of the articles from 2019. ...
... In RQ1, we identified the nature of cybersecurity attacks being experienced by healthcare organisations, and the articles selected in the review received higher rankings than the papers with a lower ranking. This is due to the fact that several articles reported studies on the impact of ransomware (e.g., WannaCry) [20,32,42,43] and phishing attacks [9,10,[13][14][15]41,[44][45][46][47], to name a few being launched against healthcare organisations. The percentage of articles addressing the organisational cyber resilience policies and governance is found to be less reported (as outlined in RQ2, [6,17,30,31]), along with the number of articles that address methodologies for healthcare organisations to conduct cybersecurity risk assessments (as presented in RQ3, [7,17,25,40,41,43,48,49]). The articles reporting on the training and awareness of cybersecurity among healthcare stakeholders are presented in the literature with equal distribution of relevance as highlighted in Figure 3 for RQ4 [8][9][10][11][12][13][14][15][16][17]. ...
... This is due to the fact that several articles reported studies on the impact of ransomware (e.g., WannaCry) [20,32,42,43] and phishing attacks [9,10,[13][14][15]41,[44][45][46][47], to name a few being launched against healthcare organisations. The percentage of articles addressing the organisational cyber resilience policies and governance is found to be less reported (as outlined in RQ2, [6,17,30,31]), along with the number of articles that address methodologies for healthcare organisations to conduct cybersecurity risk assessments (as presented in RQ3, [7,17,25,40,41,43,48,49]). The articles reporting on the training and awareness of cybersecurity among healthcare stakeholders are presented in the literature with equal distribution of relevance as highlighted in Figure 3 for RQ4 [8][9][10][11][12][13][14][15][16][17]. ...
Article
Full-text available
Citation: Nifakos, S.; Chandramouli, K.; Nikolaou, C.K.; Papachristou, P.; Koch, S.; Panaousis, E.; Bonacina, S. Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review.
... Phishing and scam awareness is an essential skill in avoiding cyberbullying situations in which individuals may be lured into sharing personal information or engaging in harmful behavior unknowingly. Adolescents who are aware of common phishing and scam tactics are better equipped to protect themselves from cyberbullies who may use these deceptive methods [43]. Research has shown that individuals with high scam awareness tend to engage in less risky online behavior and are less likely to experience cyberbullying incidents [44]. ...
... For instance, Broadhurst et al. [42] found that students with higher levels of phishing and scam awareness were less likely to engage in risky online behaviors, which could potentially expose them to cyberbullying. Similarly, research by Back and Guerette [43] demonstrated that cybersecurity awareness training, which includes phishing and scam awareness, can effectively reduce the risk of falling victim to online attacks, including cyberbullying. Study by Garba et al. [44] also highlighted the importance of phishing and scam awareness in promoting safer online behaviors among university students. ...
Article
Full-text available
span>Cyberbullying is a growing concern among teenagers, leading to adverse psychological and emotional consequences. To address this issue, this study aimed to identify the role of digital hygiene skills in reducing cyberbullying experiences among teenagers in Kazakhstan. A quantitative research approach was employed, and the data were collected using a questionnaire with items related to digital hygiene skills and cyberbullying experiences, which were measured on a 5-point Likert scale. A stratified random sample of 238 students from town and district middle schools in the Turkistan region participated in the study. The data were analyzed using partial least squares structural equation modeling with SmartPLS 4.0. The findings revealed that privacy protection, critical thinking, phishing and scam awareness, and digital footprint awareness were significant factors associated with reduced cyberbullying experiences. However, safe reporting, positive online behavior, and online etiquette did not significantly impact cyberbullying reduction. This study underscores the importance of promoting specific digital hygiene skills to create a safer and more supportive digital environment for teenagers. Policy recommendations are provided to enhance cyberbullying prevention efforts and foster a positive online culture.</span
... A study carried by Back and Guerette [9], on the effectiveness of awareness training, showed that the target group which took part in the training were more likely to entertain the phishing email. Furthermore, they found that online training platforms were not interactive and limited in content varieties which is essential for effective learning. ...
... However, this method still gives high false positive rate and complexity which limit its usability in the near future [28]. Additionally, this technology should not be the sole mean to address cybercrime as human plays a major role as well [9]. This is because social engineering targets the human itself, the weakest link in security chain [3]. ...
Article
Full-text available
Nowadays, the world has transformed into a digitalize era where more and more people are getting access to the internet. Simultaneously, the number of cybercrimes is increasing as well. One of the top number of cases is phishing attack. To tackle this problem, phishing awareness trainings were developed, but they were not effective. This research aims to propose a solution using gamification, AI, and roleplay story element to conduct the training. To carry out the research questions, quota sampling would be used to discover the appropriate game components and context scenarios, and snowball sampling would be used to get suitable data which could be used for learning analytics to craft new scenarios. To sum up, phishing attack is one of the most concerning issues in this digital era and effective solution is yet to be found. Thus, this paper aims to propose a solution to tackle this problem.
... Among the various types of cyberattacks, phishing campaigns pose a significant threat. Phishing is defined as the act of deceptively persuading a targeted online user to reveal personal information or to allow access to data (Back & Guerette, 2021). Socially engineered phishing attempts expose organizations and employees to greater risks of susceptibility because of the targeted, personable, time-sensitive nature of these attacks. ...
... 4. Updating the training regularly to ensure relevance (Fisher et al., 2021) and also gamifying the training and making it interactive (Back & Guerette, 2021). ...
... Training end users to identify social engineering attacks is an important part of cybersecurity [3]. Users without experience in security are vulnerable, making them the 'weakest link' of cyber defense [39]. ...
Preprint
Full-text available
In real-world decision making, outcomes are often delayed, meaning individuals must make multiple decisions before receiving any feedback. Moreover, feedback can be presented in different ways: it may summarize the overall results of multiple decisions (aggregated feedback) or report the outcome of individual decisions after some delay (clustered feedback). Despite its importance, the timing and presentation of delayed feedback has received little attention in cognitive modeling of decision-making, which typically focuses on immediate feedback. To address this, we conducted an experiment to compare the effect of delayed vs. immediate feedback and aggregated vs. clustered feedback. We also propose a Hierarchical Instance-Based Learning (HIBL) model that captures how people make decisions in delayed feedback settings. HIBL uses a super-model that chooses between sub-models to perform the decision-making task until an outcome is observed. Simulations show that HIBL best predicts human behavior and specific patterns, demonstrating the flexibility of IBL models.
... Research shows that heightened awareness of cybersecurity significantly influences individuals' and organizations' willingness to adopt digital technologies. For instance, [13] assert that cybersecurity awareness training, particularly against phishing attacks, enhances users' confidence in digital technology adoption. Similarly, [7] demonstrate that awareness of cybersecurity policies positively impacts employee beliefs and behaviors, promoting technology usage. ...
Conference Paper
Full-text available
The real aim behind this study is to identify the role of cybersecurity knowledge and awareness in using digital technologies and eventually shaping sustainable development based on combining these factors to Technology acceptance model (TAM) and Diffusion of Innovation Theory (DOI) within Jordanian engineering companies. Employing a quantitative design, the outcomes discover that cybersecurity knowledge positively affects cybersecurity awareness. Additionally, cybersecurity knowledge and awareness positively influence intention to use digital technologies. Lastly, the outcomes show that intention to use digital technologies positively influences sustainable development. Consequently, top managements of Jordanian engineering companies are encouraged to develop their policies and procedures regarding cybersecurity.
... Research that satisfies the predetermined criteria is then excluded after collecting papers using the provided search strategy. The selected publications must satisfy all selection criteria but none of the exclusion criteria specified in Table I. [3], [4], [5], [1], [6], [7], [8], [9] , [2], [10], [11],[12], [13], [14], [15 ], [16] Companies 10 [3], [4], [17], [8], [2], [18], [19 ], [20], [21], [22] Mobile Device 7 [3], [4], [23], [8], [2], [24], [25 ] Email 2 [26], [27] Web Wallet 2 [28], [29] Facebook 1 [30] The website is the medium that is frequently utilized in phishing attempts, as can be seen from the table above. This is evident from the 30 studies, 16 of which exploit websites to conduct phishing assaults. ...
Article
In this digital era, phishing has attacked many platforms such as email, website, message, link form. Phishing is an act of creating a website that is exactly like the original website that is used to take someone's personal data. Phishing causes loss of customer confidence to use any application or website. Most of the victims of phishing are people who do not understand phishing or an organization. This kind of cyber-attacks consist of various types and countermeasures that need to be considered for the public user to prevent phishing based on phishing techniques, educate individuals about these attacks, and encourage the use of phishing prevention techniques. This paper consists of types of phishing and awareness to wary of phishing to overcome them. Therefore, the goal of this study is to identify the most typical environments for phishing attacks in order to ascertain the most popular media and technique. The authors of this study plan to conduct a Systematic Literature Review (SLR) of studies that have been done on the subject that was just described. The authors come to the overall conclusion that a website is the ideal option for phishing attacks using social engineering techniques. Additionally, the authors offer numerous suggestions for preventing phishing with various techniques. However, the most effective defense against phishing attacks is identification of phishing attempts through education and training.
... This holistic approach is essential in cybersecurity, which must consider technological solutions, human factors, and broader societal issues in strategy development. Back and Guerette (2021) contend policies that consider all these dimensions-improving education, reforming legal frameworks, and deploying advanced technological defenses-can be more effective in reducing cybercrime. ...
Thesis
Full-text available
This dissertation explores the application of the Taxonomy for Risk Assessment of Cyberattacks on Critical Infrastructure (TRACI) framework, a tool designed to systematically evaluate cybersecurity threats against critical infrastructure. TRACI integrates principles from Routine Activity and Rational Choice Theories to provide a detailed and comprehensive understanding of cybersecurity risks. This integration facilitates an in-depth analysis not only of how cyberattacks occur but also of the underlying reasons they are initiated, by categorizing and assessing risks based on factors such as attacker motivations and systemic vulnerabilities. By employing ANOVA to assess variations in risk assessment scores across TRACI's designated categories—Assets, Risk Management, and Attacker Motivation— the study investigates how these categories are effectively operationalized within the framework to enhance understanding of cyber threats. This analysis creates an understanding for developing predictive models and response strategies in critical infrastructure protection, offering insights not only into how attacks occur but also why they are initiated. The research operationalizes TRACI's risk categories using specific, measurable criteria derived from publicly available information and academic case studies, thus ensuring a comprehensive evaluation of the framework's application to real-world scenarios. This approach addresses the need for a theoretical foundation in risk assessment practices and potentially enhancing cybersecurity measures within critical infrastructures.
... This research paper explores the societal contribution of addressing user concerns regarding AI-powered phishing attacks on Facebook. The study finds that these attacks pose a significant threat to user security, resulting in data breaches, financial losses, scams, and negative experiences [22], [23]. The research highlights the importance of privacy and user education in addressing these concerns and proposes strategies for enhancing cybersecurity measures and protecting users. ...
Article
Full-text available
This study focuses on examining the user perceptions of a cybersecurity certificate transparency (CT) monitoring tool in the context of artificial intelligence (AI) powered phishing attacks on the Facebook platform. Implementing CT monitoring tools is one strategy for preventing these attacks. It reveals a significant level of concern among respondents regarding the potential risks associated with phishing attacks, indicating a growing awareness of the severity of such threats for future resilient infrastructure development. Users' knowledge and understanding of AI-driven phishing threats were found to vary, emphasizing the need for awareness campaigns towards sustainable development education. The study also highlights varying levels of confidence among users in effectively identifying and thwarting phishing efforts, suggesting the importance of user empowerment through improved training, tools, and technologies as responsive institutions. These findings underscore the significance of addressing user concerns, enhancing security awareness, and providing users with the necessary resources to protect themselves against sophisticated phishing attacks. The research contributes to the understanding of user perceptions and lays the groundwork for further improvements in security measures and user education in the fight against phishing threats on Facebook's inclusive growth.
... Training end-users to identify social engineering attacks is an important part of cybersecurity (Back and Guerette, 2021). Users without experience in security are vulnerable, making them the 'weakest link' of cyber defense. ...
Preprint
Full-text available
Social engineering attacks are commonly used by cybercriminals to gain valuable and sensitive data. Although the concern of attackers using AI-generated content is serious, training against social engineering attacks is typically based on simple human-designed emails. Our research introduces an experimental paradigm to determine whether there is a difference in the detection of human-generated and AI-generated emails. The behavioral results show that emails written by humans and stylized by Generative-AI models are more challenging for end-users. Alongside this novel experiment, we propose a cognitive model that can be used to predict end-user behavior during training, with the potential to improve the quality of examples used during training and the training feedback. Overall, the contributions of this work are, first, the outline of some limitations to current social engineering training methods and, second, pinpointing a potential solution to these limitations through the use of a cognitive model to improve learning outcomes.
... The studies of foreign researchers were also analysed. J. Belur & S. Johnson (2018) examined how criminal analysis has been integrated into UK police practice and concluded that criminal analysis is recognised as 1 Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions No. COM/2021/170 final "On the EU Strategy to Tackle Organised Crime 2021-2025". (2021, April). ...
Article
Full-text available
A study of the latest trends in the use of the intelligence cycle in the fight against crime and the model of its application in the field of combating drug crime.
... Participating in Phishing Awareness Training -Phishing awareness training programs teach personnel about phishing attack strategies and assist in adequately recognising and responding to such threats. For example, completing training modules that imitate phishing scenarios can help people become more skilled at detecting phishing attempts and responding correctly (Back & Guerette, 2021). ...
... 12 While didactic education modules for clinical staff have been developed, no training modality to-date has been established as the standard for educating staff or been proven to reduce likelihood of cybersecurity incidents. [13][14][15] As the increasing patient care impacts of cybersecurity incidents are emphasized, training, not just for the prevention of but the response to and mitigation of impact from cybersecurity incidents, may be important for the practicing clinician to minimize patient harm. ...
Preprint
Full-text available
Background: Cybersecurity incidents affecting hospitals have grown in prevalence and consequence over the last two decades, increasing the importance of cybersecurity preparedness and response training to minimize clinical disruptions. This work describes the development, execution, and post-exercise assessment of a novel simulation scenario consisting of four interlocking intensive care unit (ICU) patient scenarios. This simulation was designed to demonstrate the management of acute pathologies without access to conventional treatment methods during a cybersecurity incident in order to raise clinician awareness of the increasing incidence and patient safety implications of such events. Methods: The simulation was developed by a multidisciplinary team of physicians, simulation experts, and medical education experts at UCSD School of Medicine. The simulation involves the treatment of four patients, respectively experiencing postoperative hemorrhage, end stage renal disease, diabetic ketoacidosis, and hypoxic respiratory failure, all without access to networked medical resources. The simulation was first executed as part of the proceedings of CyberMed Summit, a healthcare cybersecurity conference in La Jolla, California, on November 19th, 2022. Following the simulation, a debrief session was held with the learner in front of conference attendees, with additional questioning and discussion prompted by attendee input. Results: Though limited to a single subject by the pilot-study nature of this research, the physician learner successfully identified the acute etiologies and managed the patients’ acute decompensations while lacking access to the hospital’s electronic medical records (EMRs), laboratory results, imaging, and communication systems. Review of footage of the event and post-experience interviews yielded numerous insights on the specific physician-focused challenges and possible solutions to a hospital-infrastructure-crippling cyber attack. Conclusion: Healthcare cybersecurity incidents are known to result in significant disruption of clinical activities and can be viewed through a patient-safety oriented perspective. Simulation training may be a particularly effective method for raising clinician awareness of and preparedness for these events, though further research is required.
... Findings about the effectiveness of training centering around rule-based strategies also are inconsistent, with training increasing phishing victimization (Back & Guerette, 2021), decreasing phishing vulnerability within one week (Mayhorn & Nyeste, 2012) or for 28 days (Kumaraguru et al., 2009) or having no effect on victimization (Caputo et al., 2014). A review of 28 studies generally found that training improved detection of phishing, but that the findings for the effectiveness of training across time were inconsistent (Baki & Verma, 2022). ...
... Furthermore, the training materials were observed to have a narrow focus on phishing rather than encompassing broader security practices(Lain et al., 2022). Materials did not align closely with employees' scenarios, and reinforcement mechanisms were missing(Back & Guerette, 2021). In contrast, our proposed Protection Motivation Theory (PMT) vaccination approach advocates for proactive exposure to ransomware to stimulate engagement with cybersecurity education and measures. ...
Preprint
Full-text available
In today's business environment, the reliance of business processes on information technology (IT) has never been stronger, making the maintenance and security of IT systems crucial for organizations. Ransomware attacks present a significant cybersecurity risk, yet many existing solutions primarily focus on technology, overlooking the critical role of human behavior in system security. To address this gap, we experimented to assess the impact of controlled exposure to ransomware attacks on users' protection motivation and behavior. Unlike traditional security training, our approach actively engaged users in real-life scenarios and hands-on security events. The results demonstrated that controlled exposure to ransomware significantly heightened users' vigilance and improved their ability to recognize and respond to phishing campaigns. These findings indicate that hands-on exposure experiences enhance learning and boost protection motivation, sustaining positive effects on cybersecurity behavior. Our study underscores the importance of addressing the human factor in cybersecurity and introduces a promising approach to fortifying resilience against cyber threats. The vaccination model exemplifies a practical and effective strategy for improving cybersecurity readiness within authentic organizational environments by shaping users' mindsets and actions through real threat demonstrations.
... Training programs and awareness campaigns have been found effective in enhancing the security awareness level of smartphone users (Koyuncu & Pusatli, 2019). Additionally, cybersecurity awareness training has been shown to be effective against phishing attacks, a prevalent threat in the fintech sector (Back & Guerette, 2021). As the fintech industry faces cybersecurity challenges, including those related to mobile app ecosystems, strategies such as advanced encryption, biometric authentication, and AI-driven anomaly detection are being explored to address these threats (Mustapha, 2023). ...
Article
Full-text available
The dynamic landscape of financial technology (Fintech) introduces a myriad of challenges and opportunities, with human factors playing a pivotal role in shaping the cybersecurity ecosystem within this domain. This review explores the intricate relationship between human factors and cybersecurity in the context of Fintech, aiming to navigate the evolving landscape. In the realm of Fintech, where the fusion of finance and technology is reshaping traditional banking and investment practices, understanding human behavior becomes paramount. Human factors encompass a spectrum of elements, including cognitive abilities, decision-making processes, and user behaviors, all of which significantly impact the effectiveness of cybersecurity measures. This paper delves into the nuances of these factors and their implications for securing financial transactions and sensitive data in Fintech platforms. One key aspect of human factors in Fintech cybersecurity is the user interface design. Intuitive and user-friendly interfaces enhance security by minimizing human errors and fostering a secure user experience. Conversely, poorly designed interfaces can inadvertently contribute to vulnerabilities. This paper explores the intersection of user experience design and cybersecurity protocols, aiming to strike a balance that promotes both usability and security. Moreover, the study investigates the psychological aspects of cybersecurity awareness and education in the Fintech sector. As financial transactions increasingly migrate to digital platforms, users' awareness of potential cyber threats becomes a critical line of defense. Analyzing the effectiveness of training programs and awareness campaigns, the paper explores strategies to enhance cybersecurity consciousness among Fintech users. The research illuminates the symbiotic relationship between human factors and cybersecurity within the dynamic Fintech landscape. By comprehensively understanding and addressing human elements in interface design, user awareness, and decision-making processes, the paper aims to provide insights that contribute to the development of robust cybersecurity frameworks tailored to the evolving needs of Fintech platforms.
... Malware-infected machines were typically owned by cusers who felt less risk when utilizing IT. These results demonstrated an unmistakable link between attitudes, risk perception, and computer compromise (Back & Guerette, 2021;McEvoy & Kowalski, 2019). Thus, it was hypothesized that: ...
Article
Full-text available
The purpose of the study is to examine how cybersecurity knowledge, password security, and self-perception of skill affect cybersecurity awareness issues via the mediating lens of cybersecurity attitude among university students in Bangladesh. A sample of 430 university students from two public and three private universities provided the data in Dhaka, Bangladesh. An approach known as stratified random sampling was used in this cross-sectional study. The positivist approach was used, and a hypothetical statistical induction technique was used. The research constructs, which were adopted from earlier studies, were measured using scales that had undergone validation. Smart PLS-SEM 3.3.9 was used to quantitatively analyze the data. The results indicated a positive and significant association between cybersecurity knowledge and password security with cybersecurity awareness. No conventional association was found between self-perception of skills and cybersecurity awareness. Moreover, the data analysis confirmed that cybersecurity attitudemediates the relationship between cybersecurity knowledge, password security and self-perception of skills with cybersecurity awareness. This study implies that more effort needs to be put into informing the general people likely students about cybersecurity and ethical internet use. Furthermore, the main contribution of this study is to emphasize the need of raising cybersecurity awareness among students.
... Digital awareness is very important in preventing cybercrime, in this digital era, internet users must strengthen digital literacy to avoid cybercrime, that this shows the importance of digital awareness in dealing with threats in cyberspace, increased internet usage has led to a significant increase in cybercrime, so knowledge and learning about cybersecurity awareness is very important. Understandingome both from outsiders, such as Web Phishing due to clicking on links carelessly, as well as from within (insiders) [21], we can explore where very worrying condition occurs if the perpetrator of cybercrime is also an expert in anti-cybercrime actions as well, so that the new mode of cybercrime is difficult to detect and solve with cybersecurity [22]. The escalating frequency of cybercrime attacks poses a pressing issue, demanding swift resolution and immediate implementation of robust cybersecurity measures. ...
Article
Full-text available
The Cyber Defense Center, abbreviated as Pushansiber, is an institution responsible for carrying out the duties and functions of the Defense Strategic Installation Agency. Pushansiber has an important role in implementing governance, cooperation, operations, and ensuring cyber defense security. However, this year there has been an increase in problems related to cyber attacks, such as phishing, malware, ransomware, spam. These cyber attacks are included in the concept of hybrid warfare which is believed to be a form of conflict that involves the utilization of various elements, one of which is cyber attacks, military, political, economic, and information aspects. This causes conflict situations to be complicated and demands a comprehensive approach in terms of defense and handling, with digital literacy and cybersecurity awareness which has an important role in defense management, the need for awareness and training, simulation, and certification to strengthen cybercrime awareness in every organization. The success of other countries that have established specialized cybersecurity teams and invested in advanced technology can serve as an example for Indonesia. For Indonesia, the cooperation between National Cyber and Crypto Agency (BSSN) and the Ministry of Defense in strengthening cybersecurity capabilities is an important step to safeguard infrastructure, protect sensitive data, and reduce potential disruptions from malicious cyber activities with the aim of strengthening cybersecurity capabilities.
... As a result, large amounts of personal information and financial transactions become vulnerable to cybercriminals [13]. In this case, cybercrime currently has become a growing issue as reported by several scholars [14]- [18]. One of the sources of cybercrime attacks is social media is an attack vector for criminal acts because it has a rich data information system, thereby increasing cybercrime. ...
Article
Full-text available
Cybercrime in Indonesia has recently become a significant problem in line with the increase in internet users, which is a serious issue among online community networks. Therefore, this makes government authorities strive to take preventive measures to prevent the spread of cybercrime. In this case, this article aims to explore the Indonesian government's efforts under the National Cyber and Crypto Agency to run a cybercrime prevention campaign through the@ BSSN_RI Twitter account with the tagline Guard Cyberspace. Exploration studies have been initiated and visualized with the code of the NVivo tool. This research has produced several findings, including: Firstly, the Indonesian government has taken current preventive measures, and there has been a call to action to prevent cybercrime during the last two years. Secondly, the Indonesian government has maximized its efforts to prevent cybercrime through various tweets, posters, and the hashtag. Furthermore, Twitter users (outside of public sector accounts) are also contributing to spreading cybercrime prevention campaigns. In addition, there are several words and hashtag frequencies that echo the point of view of the campaign. Moreover, this research also contributes significantly to increasing the richness of literature on how government authorities’ use social media as a cybercrime prevention campaign tool, which past studies have limited.
... Findings about the effectiveness of training centering around rule-based strategies also are inconsistent, with training increasing phishing victimization (Back & Guerette, 2021), decreasing phishing vulnerability within one week (Mayhorn & Nyeste, 2012) or for 28 days (Kumaraguru et al., 2009) or having no effect on victimization (Caputo et al., 2014). A review of 28 studies generally found that training improved detection of phishing, but that the findings for the effectiveness of training across time were inconsistent (Baki & Verma, 2022). ...
... [22] go deeper in his study and found the insider motivation with malicious intent represents 54% for financial gain, 24% for business revenge and 14% because of management injustice or carelessness. In line with [23], mentioned in their study, about the importance of the regular cybersecurity awareness programs beside the other managerial measurement such as punishments and rewards, should improve employee behavior to comply with the organization standards. Also, referring to [24] study, he found the monitoring process is essential to be implemented ethically to detect and respond to any suspicious behavior even during the employment process. ...
... However, there are few studies that look at people's attitudes in the context of cybersecurity research [69]. The attitude of internet users toward cybersecurity issues and cyber deception may influence their vulnerability to cybercrime [70]. Furthermore, people with a high desire to gamble (risk attitude) are more likely to click on phishing messages sent by scammers and fall victim to phishing attacks [71]. ...
Article
Full-text available
Context: The cause of cybercrime phishing threats in Malaysia is a lack of knowledge and awareness of phishing. Objective: The effects of self-efficacy (the ability to gain anti-phishing knowledge) and protection motivation (attitude toward sharing personal information online) on the risk of instant messaging phishing attacks (phishing susceptibility) are investigated in this study. The protection motivation theory (PMT) was tested in the context of attitudes toward sharing personal information online with a view to improving interventions to reduce the risk of phishing victimisation. Methods: Data were collected using non-probability purposive sampling. An online survey of 328 Malaysian active instant messaging users was collected and analysed in SmartPLS version 4.0.8.6 using partial least squares structural equation modelling. Results: The results showed that a person's cognitive factor (either high or low self-efficacy) affected their chance of being a victim of instant message phishing. A higher level of self-efficacy and a negative attitude towards sharing personal information online were significant predictors of phishing susceptibility. A negative attitude towards sharing personal information online mediated the relationship between high levels of self-efficacy and phishing susceptibility. A higher level of self-efficacy led to the formation of negative attitudes among internet users. Attitudes toward the sharing of personal information online are critical because they allow phishing attempts to exist and succeed. Conclusions: The findings give government agencies more information on how to organise anti-phishing campaigns and awareness programmes; awareness and education can improve one's ability to acquire anti-phishing knowledge (self-efficacy).
... They identified that the organization workers demonstrated inadequate performance towards fishing attacks due to their deficient awareness of cybersecurity. Moreover, Back et al. [30] examined the efficiency of home management methods on decreasing cyber-attacks and threat incidents during online conditions. They focused on the impact of phishing attacks conducted through emails and suspicious links. ...
Article
Full-text available
Currently, cybersecurity plays an essential role in computing and information technology due to its direct effect on organizations’ critical assets and information. Cybersecurity is applied using integrity, availability, and confidentiality to protect organizational assets and information from various malicious attacks and vulnerabilities. The COVID-19 pandemic has generated different cybersecurity issues and challenges for businesses as employees have become accustomed to working from home. Firms are speeding up their digital transformation, making cybersecurity the current main concern. For software and hardware systems protection, organizations tend to spend an excessive amount of money procuring intrusion detection systems, antivirus software, antispyware software, and encryption mechanisms. However, these solutions are not enough, and organizations continue to suffer security risks due to the escalating list of security vulnerabilities during the COVID-19 pandemic. There is a thriving need to provide a cybersecurity awareness and training framework for remote working employees. The main objective of this research is to propose a CAT framework for cybersecurity awareness and training that will help organizations to evaluate and measure their employees’ capability in the cybersecurity domain. The proposed CAT framework will assist different organizations in effectively and efficiently managing security-related issues and challenges to protect their assets and critical information. The developed CAT framework consists of three key levels and twenty-five core practices. Case studies are conducted to evaluate the usefulness of the CAT framework in cybersecurity-based organizational settings in a real-world environment. The case studies’ results showed that the proposed CAT framework can identify employees’ capability levels and help train them to effectively overcome the cybersecurity issues and challenges faced by the organizations.
... Anti-Phishing is a browser extension (programs) that seeks to protect inexperienced users from phishing attacks based on faked websites. Furthermore, it keeps track of a user's sensitive information and issues warnings if sensitive information is entered into a form on an untrustworthy website [1]. Websites' phishing attacks keep motiving many losses and damages to individual customers and corporations [2]. ...
Article
A phishing attack is obtaining a customer's private data by using phishing emails or fake websites. With every new development on the Internet, the attackers' means of phishing attacks develop, requiring more powerful phishing tools to counter these attacks. The Internet has become an essential part of the personal and social life of the public, governments, institutions, and companies worldwide. Internet users need tools to protect against phishing attacks and web risks, which may cause personal, institutional, financial, and informational damage. Hence, this study reviews anti-phishing attack tools and shows their accuracy in addressing the current challenges of phishing attacks.
... Therefore, independent audit, testing, and scanning should be conducted to avoid thinking that a technological tool is safe when it has actually several vulnerabilities that attackers could exploit. Back and Guerette (2021) aimed to investigate the effectiveness of crime management techniques and assess whether they reduce cybercrime incidents in an online setting. More specifically, this study evaluated the impact of an anti-phishing training program delivered to employees to increase their awareness and understanding of methods to protect the organization from cybercrimes (Back & Guerette, 2021). ...
Book
The prevalence of cyber-dependent crimes and illegal activities that can only be performed using a computer, computer networks, or other forms of information communication technology has significantly increased during the last two decades in the USA and worldwide. As a result, cybersecurity scholars and practitioners have developed various tools and policies to reduce individuals' and organizations' risk of experiencing cyber-dependent crimes. However, although cybersecurity research and tools production efforts have increased substantially, very little attention has been devoted to identifying potential comprehensive interventions that consider both human and technical aspects of the local ecology within which these crimes emerge and persist. Moreover, it appears that rigorous scientific assessments of these technologies and policies "in the wild" have been dismissed during the process of encouraging innovation and marketing. Consequently, governmental organizations, public and private companies allocate a considerable portion of their operations budgets to protecting their computer and internet infrastructures without understanding the effectiveness of various tools and policies in reducing the myriad of risks they face. Unfortunately, this practice may complicate organizational workflows and increase costs for government entities, businesses, and consumers. The success of the evidence-based approach in improving the performances of a wide range of professions (for example, medicine, policing, and education) leads us to believe that an evidence-based cybersecurity approach is critical for improving cybersecurity efforts. This book seeks to explain the foundation of the evidence-based cybersecurity approach, reviews its relevance in the context of existing security tools and policies, and the authors provide concrete examples of how adopting this approach could improve cybersecurity operations and guide policymakers' decision-making process. The evidence-based cybersecurity approach explained aims to support security professionals', policymakers', and individual computer users' decision-making processes regarding the deployment of security policies and tools by calling for rigorous scientific investigations of the effectiveness of these policies and mechanisms in achieving their goals in protecting critical assets. This book illustrates how this approach provides an ideal framework for conceptualizing an interdisciplinary problem like cybersecurity because it stresses moving beyond decision-makers political, financial, social backgrounds, and personal experiences when adopting cybersecurity tools and policies. This approach is also a model in which policy decisions are made based on scientific research findings. https://www.routledge.com/Evidence-Based-Cybersecurity-Foundations-Research-and-Practice/Pomerleau-Maimon/p/book/9781032062761
Article
Cybersecurity is the foundation for preserving confidentiality and integrity in the modern digital age. It is crucial for the security of individuals, organizations, and society. This paper is based on these premises, exploring the impact of demographic factors on user perceptions and behaviors regarding cybersecurity in digital ban king. The study draws on the socio-technical systems theory, which examines the relationships between social and technical elements within technology usage. The research was conducted through an online survey distributed via posts on social networks such as Facebook, LinkedIn, and Twitter and by emailing the survey to target groups currently engaged in secondary or higher education or already em ployed. The study involved 212 respondents divided into six age groups. The sample (n=212) was achieved with 100% response quality and a standard deviation of 0%. The research aimed to understand how demographic characteristics, particularly age, influence interactions with digital banking technology and cybersecurity pra ctices. Using multiple regression analysis, two hypotheses were tested hypothesis 1: Older users (aged 45 and above) demonstrate a higher level of caution in online payments compared to younger users (aged up to 44) was rejected, and hypothesis 2: A higher level of education positively influences users’ understanding of security when making online payments with bank cards confirmed. The results indicate that education is a significant predictor of a sense of security, with users having higher levels of education reporting a greater sense of security during online payments. Age and employment status did not prove to be statistically significant factors in explaining users’ sense of security within this sample. However, age showed a ne gative effect, suggesting that older users feel less secure.
Article
Research on fake news and related acts of deception in the domain of human resource management is growing but still in its infancy. This escalating crisis necessitates immediate attention, as fake news evolves into an all-pervasive phenomenon that surpasses domain boundaries and affects organizations at scale. This study analyzes the growing corpus of research on fake news and concomitant acts of deceit in the domain of human resource management through an integrative review of 64 scholarly papers published in peer-reviewed journals over the last 30 years. We identify key themes and draw attention to gaps that merit scrutiny. We then propose an open systems theory-led conceptual framework that elucidates the relationships between fake news, related acts of deceit and its effects on various facets of human resource management practice and serves as a guide to advance contributions in the field. Directions for future research and implications for practice are discussed.
Article
Full-text available
The rapid evolution of cybersecurity threats poses a significant challenge to organizations and individuals, necessitating strengthening defense mechanisms against malicious operations. Amidst this ever-changing environment, the importance of implementing efficacious cybersecurity awareness training has escalated dramatically. This paper presents the Integrated Cybersecurity Awareness Training (iCAT) model, which leverages knowledge graphs, serious games, and gamification to enhance cybersecurity training. The iCAT model’s micro-learning module increases flexibility and accessibility, while real-time progress monitoring and adaptive feedback ensure effective learning outcomes. Evaluations show improved participant engagement and knowledge retention, making iCAT a practical and efficient solution for cybersecurity challenges. With an emphasis on adaptability and applicability, iCAT provides organizations in search of accessible and efficient cybersecurity awareness training with a streamlined approach.
Article
Full-text available
The relevance of this topic is due to the increase in the level of crime in Kazakhstan, as well as in foreign countries amid the global crisis, inflation, and other aspects that affect the criminal behavior of citizens. The purpose of the work within this topic is to study the main aspects underlying the legal activities of entities authorized to apply measures to prevent and combat offences. These are the main methods used in this article: comparative method, statistical method, and method of systematization. The identification of the main regulatory legal acts of the Republic of Kazakhstan (RK) are the results of the work, which regulates the activities of internal affairs authorities in the relevant area; it has clarified the issue of problems that arise when performing the functions for prevention of offences among minors, as well as violations of legislation in the transport sector, and others. The most effective types and methods of preventing and deterring offences have been investigated. In addition, in the course of conducting research, it was analyzed foreign experience in the prevention and deterrence of several types of criminals, administrative, and other offences and the main achievements in the relevant field.
Chapter
Full-text available
The concept of this chapter is to review the literature for a research gap on risk perception among online consumers and the intention for online purchases in Malaysia. Online platforms and digital payments make online shopping easier. During the year 2020 - 2021, online shopping had become increasingly active with the spike of the novel coronavirus pandemic. Online users who share their personal information online are most likely getting into the scammer's trap. Malaysia executed the national cyber security policy to defend the country's critical national information infrastructure. Financial awareness among online users plays a crucial role in fighting cybercrime. Digital guardianship should exist to prevent irresponsible parties from taking advantage. The routine activity theory has been proposed to explain the phenomenon whereby the offender makes the selection to commit a crime based on an online shopper as his target and the guardianship.
Article
Full-text available
Sharia digital payments have lately emerged as one of the most significant innovations and breakthroughs in the field of Islamic economics in Indonesia. However, behind the positive side of the use of sharia e-wallets, there is one thing that all parties involved need to pay attention to, which if ignored can become a double-edged sword for its users, namely compliance, security, and personal data protection. The paper aims to investigate how the Indonesian government regulates data privacy for Islamic e-wallet users. It also investigates the potential risks and challenges of Islamic digital payments particularly in regard to data protection. Besides, it also investigates whether or not the sharia e-wallet has complied with the Fatwa of National Sharia Council (DSN-MUI). The study used normative research methods employing statutory, case, and conceptual approaches. This study reveals that the use of sharia e-wallets in Indonesia is essentially in compliance with Islamic principles as stated in the Fatwa of the National Sharia Council. As for the protection of personal data, in fact, this has been regulated in a comprehensive manner by the government and related state institutions such as Bank Indonesia and the Financial Services Authority. However, the government still has work that must be considered in regard to the compliance of sharia digital payment operators with established laws and regulations, where in the event of the operators violated the use of data privacy, thus they will face a severe sanctions stipulated by the prevailed rule.
Article
The human factor remains one of the key challenges in cybersecurity despite effective technical countermeasures in place. This study aims to determine what motivates individuals to seek information about social engineering by investigating the determinants of behavioral intention to follow the materials of a social engineering awareness campaign in Slovenia. A quantitative survey of individuals in Slovenia (N=542) aged 15 or older was administered with participants recruited through University of Maribor students. Data were collected on constructs related to the protection motivation theory (PMT) and the theory of planned behavior (TPB) as well as privacy concerns and perceived performance of authorities. The survey instrument was validated with a confirmatory factor analysis. Covariance-based structural equation modeling (CB-SEM) was used to determine relationships between constructs and analysis of differences between students and employed individuals. Results indicate perceived threat, subjective norm, attitude toward behavior and authorities performance are all significant predictors of behavioral intention. The associations between perceived threat and behavioral intention, and privacy concern and attitude towards behavior was not significant among employed individuals. Among students, trust in authorities was not a significant predictor of authorities performance. This study has several implications. The results of this study suggest that fear appeals may be effective in motivating individuals to seek information about social engineering attacks thus improving the effectiveness of awareness campaigns. They also offer some insights into how to improve messaging towards the target populations. Messaging emphasizing perceived threat may directly increase information seeking intention while messaging emphasizing coping with social engineering may do so indirectly through attitude towards behavior. This study also indicates that messaging should be tailored to the target population (e.g., messaging emphasizing perceived threat may be much less effective for employed individuals than students).
Conference Paper
Full-text available
The rapid increase of phishing attacks has led individuals and organizations losing billions of dollars as well as worried about the confidentiality and privacy of their data. This tremendous annual increase of phishing attacks shows that the current detection methods available are not sufficient, therefore more effective phishing detection methods should be developed. This paper proposed a novel phishing detection model using machine learning, to improve efficacy and accuracy in phishing detection. This paper explores the current state-of-the-art in phishing detection along with their drawbacks and proposes a new novel method based on image visualisation of website code and features extraction from malicious URLs which is under development.
Article
Data and sensitive information in the public sector are major targets for cyberattacks. Officials in the public sector have developed a wide range of frameworks, models, and technology to help employees understand the risk of phishing attacks. However, these models haven't been able to meet the total needs of institutions in terms of security. This study reviews the awareness frameworks and models used to increase users' awareness of phishing scams and highlights the problems and drawbacks. Moreover, this study compares the various cybersecurity awareness frameworks and models. The findings show a need to enhance current phishing awareness frameworks and models that can handle phishing attacks in the workplace while also converting them into cybersecurity training input, mainly via a digital learning platform.
Chapter
Full-text available
Article
Full-text available
We live in a surveillance society. Often justified under the guise of government anti-terrorism activities, domestic crime reduction, or both, surveillance takes many forms, including closed-circuit television cameras, networked cameras, and facial recognition applications. There is also a range of alternative forms of surveillance, measures considered less of an imposition to privacy, civil liberties, and other personal freedoms. One example is place managers: employees who perform a surveillance function secondary to their employment duties (e.g., bus drivers, parking lot attendants, train conductors). This article reports on an updated systematic review of the effects of place managers on crime in public and private space. Following identification and screening of several hundred references , a total of six studies met the inclusion criteria. Findings indicate that place managers represent a promising situational technique for preventing crime. Future place manager interventions need to be guided by the rich body of theory on place management.
Article
Full-text available
In an exploratory quasi-experimental observational study, 138 participants recruited during a university orientation week were exposed to social engineering directives in the form of fake email or phishing attacks over several months in 2017. These email attacks attempted to elicit personal information from participants, or entice them into clicking links which may have been compromised in a real-world setting. The study aimed to determine the risks of cybercrime for students by observing their responses to social engineering and exploring attitudes to cybercrime risks before and after the phishing phase. Three types of scam emails were distributed that varied the degree of individualization: generic, tailored and targeted or ‘spear’. To differentiate participants on the basis of cybercrime awareness, participants in a ‘Hunter’ condition were primed throughout the study to remain vigilant to all scams, while participants in a ‘Passive’ condition received no such instruction. The study explored the influence of scam type, cybercrime awareness, gender, IT competence, and perceived Internet safety on susceptibility to email scams. Contrary to the hypotheses, none of these factors were associated with scam susceptibility although tailored and individually crafted email scams were more likely to induce engagement than generic scams. Analysis of all the variables showed that international students and first year students were deceived by significantly more scams than domestic students and later year students. A Generalized Linear Model (GLM) analysis was undertaken to further explore the role of all the variables of interest and the results were consistent with the descriptive findings showing that student status (domestic compared to international) and year of study (first year student compared to students in second, third and later years of study) had a higher association to the risk of scam deception. Implications and future research directions are discussed.
Article
Full-text available
Technologically advanced hackers are able to commit a crime and leave undiscovered by the authorities. Recent increases in cyber-attacks utilizing technology known as ransomware are leaving police departments and other institutions in the serious situation of having to pay ransom to cybercriminals. The present study employs a Cyber-Routine Theoretical approach in explaining why ransomware victimization has become a viral phenomenon. Data were derived from the recent reported cases of ransomware attacks towards police departments in the US. and analyzed in order to build a victim profile. This study shows that online lifestyle and cybersecurity are the salient factors that contribute to the ransomware victimization. Future potential preventive measures and policies will be discussed. Keywords: Ransomware; Cyber-Routine Activities Theory; Computer Crime Victimization; Online Lifestyle; Cybersecurity
Article
Full-text available
This study investigated how population parameters representing heterogeneity of variance, skewness, kurtosis, bimodality, and outlier-proneness, drawn from normal and eleven non-normal distributions, also characterized the ranks corresponding to independent samples of scores. When the parameters of population distributions from which samples were drawn were different, the ranks corresponding to the same pairs of samples of scores inherited similar differences. This finding explains some known results concerning Type I error probabilities and the relative power of parametric and nonparametric tests for various non-normal densities.
Article
Full-text available
This article discusses place-based crime prevention. It clarifies the term "place," and lists four reasons why places are important to crime. It then examines 149 evaluations of place-based crime prevention as well as some of the methods used to select studies for analysis. It also studies the evidence for place-based prevention effectiveness at five types of common places, namely in public, residences, transportation, recreation, and retail.
Article
Full-text available
Quasi-experimental research designs are the most widely used research approach employed to evaluate the outcomes of social work programs and policies. This new volume describes the logic, design, and conduct of the range of such designs, encompassing pre-experiments, quasi-experiments making use of a control or comparison group, and time-series designs. An introductory chapter describes the valuable role these types of studies have played in social work, going back to the 1930s, and continuing to the present. Subsequent chapters describe the major features of individual quasi-experimental designs, the types of questions they are capable of answering, and their strengths and limitations. Each discussion of these designs presented in the abstract is subsequently illustrated with descriptions of real examples of their use as published in the social work literature and related fields. By linking the discussion of quasi-experimental designs in the abstract to actual applications to evaluate the outcomes of social services, the usefulness and vitality of these research methods comes alive to the reader. While this volume could be used as a research textbook, it will also have great value to practitioners seeking a greater conceptual understanding of the quasi-experimental studies they frequently read about in the social work literature. Human service professionals planning to undertake a program evaluation of their own agency's services will find this book of immense help in understanding the steps and actions needed to adopt a quasi-experimental strategy. It is usually the case that ethical and pragmatic considerations preclude the use of randomly assigning social work clients to experimental and comparative treatment conditions, and in such instances, the practicality of employing a quasi-experimental method becomes an excellent alternative.
Article
Full-text available
The present study examines whether the presence of school resource officers (SROs) and their level of involvement in place management activities are associated with higher or lower rates of school-based serious violence. This study uses data from the 2010 School Survey on Crime and Safety (SSOCS) conducted by National Center for Educational Statistics. Propensity score matching is used to create a quasi-experimental design and isolate the influence of SROs and their level of involvement in place management activities on school-based serious violence. The analysis reveals that schools with a school resource officer are associated with higher rates of reported serious violence and those schools with SROs that participate in more place manager duties are also associated with higher rates of reported serious violence. These findings do not support the notion that SROs are acting as effective place managers and through this place management, reducing reported serious violence. Rather, it appears that the presences of a SRO and their execution of place manager duties is associated with an increase in the reporting of serious violence. Policy implications and limitations of the current research are also discussed.
Article
Full-text available
Purpose – The purpose of this study is to test a comprehensive routine activity framework on three types of online victimization. Prior research has utilized routine activity theory to explain varied online forms of victimization, but most have focused on its person-based forms. The present study, therefore, expands upon this research to examine the effects of online exposure, online target suitability and online guardianship upon phishing, hacking and malware infection victimization. Design/methodology/approach – Secondary data from the 23rd Cycle of the Canadian GSS were used to address the study’s research questions using binary logistic regression analyses. Findings – Particular online behaviors were consistently and positively related to all three types of online victimization, including booking/making reservations, social networking and having one’s information posted online. Other online routines exhibited unique effects on online victimization risk. Originality/value – In support of the theory, the results suggest that online exposure and target suitability increase risks for phishing, hacking and malware victimization. Online guardianship was also positively related to victimization, a finding that runs counter to theoretical expectations.
Article
Full-text available
Phishing is an increasingly more prevalent form of online, social engineered scams that escalate costs and risks to society year to year. This study demonstrates an association between anti-phishing training techniques used in previous research and individual differences which could affect phishing susceptibility. Results indicated that anti-phishing training in both a simple comic and more complex video game form is helpful in decreasing phishing susceptibility as measured by Miss rates for all individuals including college aged and computer savvy participants. Based on the results of the present study, implications for future efforts to combat phishing are discussed.
Article
Full-text available
Available evidence suggests that identity theft is a growing problem that has significant consequences for victims, not the least of which is billions of dollars in financial losses. However, very little is known about the correlates or causes of identity theft victimization. Utilizing a nationally representative sample of individuals from the Canadian General Social Survey, the current study attempts to address this deficiency by examining the link between victims' online routine activities and their online identity theft victimization. It was found that certain routine activities directly influence the likelihood of experiencing identity theft. Potential research and policy implications also are discussed. © The Author(s) 2015.
Article
Full-text available
Using a sample of college students, we apply the general theory of crime and the lifestyle/routine activities framework to assess the effects of individual and situational factors on seven types of cybercrime victimization. The results indicate that neither individual nor situational characteristics consistently impacted the likelihood of being victimized in cyberspace. Self-control was significantly related to only two of the seven types of cybercrime victimizations and although five of the coefficients in the routine activity models were significant, all but one of these significant effects were in the opposite direction to that expected from the theory. At the very least, it would appear that other theoretical frameworks should be appealed to in order to explain victimization in cyberspace.
Article
Full-text available
To better understand their perceptions of optimal tools and strategies for success, this research analyzed the experiences of learners and instructors in an online distance education environment. A qualitative constant comparative analysis methodology supported by an appropriate conceptual framework guided the study. Data were collected over multiple years and from multiple stakeholders. The study identified the following significant conclusions: the availability of multiple tools added flexibility to the learning environment; technology tools should appeal to multiple learning styles; collaboration, reflection, and building a learning community were important strategies supported by multiple tools; and participant satisfaction, appropriate prerequisite skills, and faculty and administrative involvement ensured programmatic success. According to this study, optimal distance education environments should address factors identified in the conceptual framework.
Article
Full-text available
Objectives: The purpose of the current study was to extend recent work aimed at applying routine activity theory to crimes in which the victim and offender never come into physical proximity. To that end, relationships between individuals' online routines and identity theft victimization were examined. Method: Data from a subsample of 5,985 respondents from the 2008 to 2009 British Crime Survey were analyzed. Utilizing binary logistic regression, the relationships between individuals' online routine activities (e.g., banking, shopping, downloading), individual characteristics (e.g., gender, age, employment), and perceived risk of victimization on identity theft victimization were assessed. Results: The results suggest that individuals who use the Internet for banking and/or e-mailing/instant messaging are about 50 percent more likely to be victims of identity theft than others. Similarly, online shopping and downloading behaviors increased victimization risk by about 30 percent. Males, older persons, and those with higher incomes were also more likely to experience victimization, as were those who perceived themselves to be at greater risk of victimization. Conclusions: Although the routine activity approach was originally written to account for direct-contact offenses, it appears that the perspective also has utility in explaining crimes at a distance. Further research should continue to explore the online and offline routines that increase individuals' risks of identity theft victimization.
Article
Full-text available
This chapter examines the relationships among place, space and the specific situations of Chicago taverns and liquor stores and crimes in those places, and suggests applications of these findings for crime preven- tion. With a GeoArchive data set of police, census and liquor license informa- tion from January to June 1993, we identify the densest concentrations (Hot Spot Areas) of places, events occurring at those places, and incidents occurring in the surrounding,areas; compare,place and space attributes of the 49 high-incident places,to a sample,of 49 low-incident places; and examine,the relationship between places and incidents in two police districts. Three types of places emerged, each of which had a different relationship to crime attraction, generation, and control and each of which would require different strategies for intervention. The high-crime levels at these places reflect the general crime pattern of the area. A program of intensive police and citizen patrols to reduce street crime in such an area is currently being evaluated. It is increasingly common,for investigators of crime patterns to take a
Article
Full-text available
Victimization on the Internet through what has been termed cyberbullying has attracted increased attention from scholars and practitioners. Defined as “willful and repeated harm inflicted through the medium of electronic text” (Patchin and Hinduja 200653. Patchin , J. W. and S. Hinduja . 2006 . “Bullies Move Beyond the Schoolyard: A Preliminary Look at Cyberbullying.” Youth Violence and Juvenile Justice 4 ( 2 ): 148 – 169 . [CrossRef]View all references:152), this negative experience not only undermines a youth's freedom to use and explore valuable on-line resources, but also can result in severe functional and physical ramifications. Research involving the specific phenomenon—as well as Internet harassment in general—is still in its infancy, and the current work seeks to serve as a foundational piece in understanding its substance and salience. On-line survey data from 1,378 adolescent Internet-users are analyzed for the purposes of identifying characteristics of typical cyberbullying victims and offenders. Although gender and race did not significantly differentiate respondent victimization or offending, computer proficiency and time spent on-line were positively related to both cyberbullying victimization and offending. Additionally, cyberbullying experiences were also linked to respondents who reported school problems (including traditional bullying), assaultive behavior, and substance use. Implications for addressing this novel form of youthful deviance are discussed.
Article
Full-text available
Even by their simple presence, people can discourage crime from happening at specijic times and places. Such direct-contact discouragement can occur when "guardians" keep an eye on potential crime targets (Cohen and Felson, 1979), or when "handlers" do the same for potential offenders (Felson, 1986). Eck (1994) adds a third type of discouragement role: "man- agers" who monitor places. Eck presents the routine activity approach as two triplets, with potential offenders, targets, and places monitored by guard- ians, handlers, and managers, respectively. Clarke (1992) notes the varying degrees of responsibility for discouraging crime. His ideas are adapted to current purposes, listing four steps of crime discouragement. Personal dis- couragement is exerted by family andfriends; assigned discouragement, by those so employed; diffuse discouragement, by those employed but not assigned to that specific task; and general discouragement, by unpaid persons lacking a personal tie or occupational responsibility. The multiplica- tion of these four steps by Eck's triplets gives us 12 types of discouragement against crime. These types help us also to think about other aspects of crime prevention. A case can be made that the offender is not the most important actor for explaining crime. From the perspective of the routine activity approach (Cohen and Felson, 1979; Felson, 1994; see also work on lifestyles by Hindelang et al., 1978), those who interfere with offenders, however inadvertently, play an even more central role in crime and its prevention. The "capable guardian" against crime serves by simple presence to prevent crime, and by absence to make crime more likely. For example, a retired person at home might well discourage daytime burglary of his or her own home or even the home next door. Conversely, someone working away from home during the day contributes by that absence to a greater risk of burglary. Two persons walking down the street might serve as effective
Article
Full-text available
Criminologists and crime prevention practitioners are increasingly aware of the importance of places of crime. A place is a very small area, usually a street corner, address, building, or street segment. A focus on crime places contrasts with a focus on neighborhoods. Neighborhood theories usually highlight the development of offenders. while place level explana- tions emphasize crime events. Three perspectives suggest the importanceof places for understanding crime: rational choice; routine activity theory; and crime pattern theory. Though these perspectives are mutually supportive, routine activity theory and crime pattern theory provide different explana- tions for crime occurring at different places. Five areas of research help us understand the importance of places: crime concentration about particular facilities (e.g., bars); the high concentration of crime at some addresses and the absence of crime at others; the preventive effects of various place features; the mobility of offenders; and studies of how offenders select targets. Concern has been expressed that efforts to prevent crime at specific locations will only move it to other, unprotected locations. Recent research suggests that these fears may be exaggerated, and that under some circum- stances the opposite effect occurs: instead of crime displacing, the benefits of the prevention efforts diffuse to unprotected locations. This paper con- cludes with a review of the 14 original articles in this volume.
Article
Full-text available
The explanation of crime has been preoccupied with individuals and communities as units of analysis. Recent work on offender decision making (Cornish and Clarke, 1986), situations (Clarke, 1983, 1992), envi- ronments (Brantingham and Brantingham 1981, 1993), routine activities (Cohen and Felson, 1979; Felson, 1994), and the spatial organization of drug dealing in the U.S. suggest a new unit of analysis: places. Crime is concen- trated heavily in a Jew "hot spots" of crime (Sherman et aL 1989). The concentration of crime among repeat places is more intensive than it is among repeat offenders (Spelman and Eck, 1989). The components of this concen- tration are analogous to the components of the criminal careers of persons: onset, desistance, continuance, specialization, and desistance. The theoret- ical explanationfor variance in these components is also stronger at the level of places than it is for individuals. These facts suggest a need for rethinking theories of crime, as well as a new approach to theorizing about crime for public policy.
Article
Full-text available
This study empirically assessed a computer-crime victimization model by applying Routine Activities Theory. Routine Activities Theory is arguably, as presented in detail in the main body of this study, merely an expansion of Hindelang, Gottfredson, and Garofalo's lifestyle-exposure theory. A self-report survey, which contained multiple measures of computer security, online lifestyles, and computer-crime victimization, was administered to 204 college students to gather data to test the model. Utilizing structural equation modeling facilitated the assessment of the new theoretical model by conveying an overall picture of the relationship among the causal factors in the proposed model. The findings from this study provided empirical supports for the components of Routine Activities Theory by delineating patterns of computer-crime victimization.
Article
Full-text available
In this paper we present a "routine activity approach" for analyzing crime rate trends and cycles. Rather than emphasizing the characteristics of offenders, with this approach we concentrate upon the circumstances in which they carry out predatory criminal acts. Most criminal acts require convergence in space and time of likely offenders, suitable targets and the absence of capable guardians against crime. Human ecological theory facilitates an investigation into the way in which social structure produces this convergence, hence allowing illegal activities to feed upon the legal activities of everyday life. In particular, we hypothesize that the dispersion of activities away from households and families increases the opportunity for crime and thus generates higher crime rates. A variety of data is presented in support of the hypothesis, which helps explain crime rate trends in the United States 1947-1974 as a byproduct of changes in such variables as labor force participation and single-adult households.
Chapter
This book deals with criminological theory, criminology, and criminal justice. It addresses a wide range of topics relevant to criminology, including socioeconomic factors that contribute to crime such as biology, community and inequality, emotions, immigration, social institutions, social learning, social support, parenting, peer networks, street culture, and market economy. It also examines the developmental criminology perspective and the developmental risk factors for crime and delinquency across five key risk domains (individuals, family, peers, schools, and community). Moreover, it reviews criminological research that ascribes criminal behavior to the interaction between individuals and street culture; Cesare Lombroso's views about the causes and correlates of crime as delineated in his book, Criminal Man ; the state of contemporary gang ethnography; Travis Hirschi's major contributions to the methods of analysis in criminology; the role of gender in delinquency; the link between coercion and crime; the psychology of criminal conduct; violence in drug markets in suburbs and the code of the suburb; the impact of imprisonment on reoffending; green criminology; and why crime levels are extraordinarily high in some places but low or totally absent in most places, and how place management accounts for this disparity. The book also looks at a variety of theories on criminology, including the rational choice theory, the theory of target search, Robert Agnew's general strain theory, the “Integrated Cognitive Antisocial Potential” theory developed by David Farrington, routine activity theory, and crime-as-choice theory.
Article
New technology is rapidly emerging to fight increasing cybercrime threats, however, there is one important component of a cybercrime that technology cannot always impact and that is human behavior. Unfortunately, humans can be vulnerable and easily deceived making technological advances alone inadequate in the cybercrime fight. Instead, we must take a more holistic approach by using technology and better understanding the human factors that make cybercrime possible. In this issue of the International Journal of Cybersecurity Intelligence and Cybercrime, three studies contribute to our knowledge of human factors and emerging cybercrime technology so that more effective comprehensive cybercrime prevention strategies can be developed.
Book
Third party policing represents a major shift in contemporary crime control practices. As the lines blur between criminal and civil law, responsibility for crime control no longer rests with state agencies but is shared between a wide range of organisations, institutions or individuals. The first comprehensive book of its kind, Third Party Policing examines this growing phenomenon, arguing that it is the legal basis of third party policing that defines it as a unique strategy. Opening up the debate surrounding this controversial topic, the authors examine civil and regulatory controls necessary to this strategy and explore the historical, legal, political and organizational environment that shape its adoption. This innovative book combines original research with a theoretical framework that reaches far beyond criminology into politics and economics. It offers an important addition to the world-wide debate about the nature and future of policing and will prove invaluable to scholars and policy makers.
Book
The Manager's Handbook for Corporate Security: Establishing and Managing a Successful Assets Protection Program, Second Edition, guides readers through today's dynamic security industry, covering the multifaceted functions of corporate security and providing managers with advice on how to grow not only their own careers, but also the careers of those they manage on a daily basis. This accessible, updated edition provides an implementation plan for establishing a corporate security program, especially for those who have little or no knowledge on the topic. It also includes information for intermediate and advanced professionals who are interested in learning more about general security, information systems security, and information warfare. Addresses today's complex security industry, the role of the security manager, the diverse set of corporate security functions, and skills for succeeding in this dynamic profession Outlines accessible, comprehensive implementation plans for establishing asset protection programs Provides tactics for intermediate and advanced professionals on the topics of general security, information systems security, and information warfare Offers new perspectives on the future of security and evolving expectations of security professionals. © 2017, 2003 Elsevier Inc. All rights reserved. All rights reserved.
Article
The current study provides an empirical testing of the victim-offender overlap in online platforms due to the scarcity of studies examining this overlapping victim-offending dynamic. Two types of cyber-interpersonal violence are examined: Cyber-harassment (including cyber-sexual harassment) and cyber-impersonation. Using Choi’s (2008) integrated theory of Cyber-Routine Activities Theory, a sample of 272 college students at a Massachusetts university are examined. Three major findings are revealed: (1) Respondents who engage in risky online leisure activities are more likely to experience interpersonal violence in cyberspace, (2) poor online security management can contribute to the likelihood of being victimized by interpersonal violence on social networking sites (SNS), and (3) respondents who engage in risky social networking site activities are likely to commit cyber-interpersonal violence. For the two types of cyber-interpersonal violence examined in this study, it could also be predicted that females are more likely to have higher levels of victimization. Cybersecurity management and sex had no significant effects on cyber-interpersonal violence offending. The hope is that education on the potential hazards of the Internet and of cyber-interpersonal violence will induce more responsible online activity and engagement.
Article
Situational prevention seeks to reduce opportunities for specific categories of crime by increasing the associated risks and difficulties and reducing the rewards. It is composed of three main elements: an articulated theoretical framework, a standard methodology for tackling specific crime problems, and a set of opportunity-reducing techniques. The theoretical framework is informed by a variety of "opportunity" theories, including the routine activity and rational choice perspectives. The standard methodology is a version of the action research paradigm in which researchers work with practitioners to analyze and define the problem, to identify and try out possible solutions, and to evaluate and disseminate the results. The opportunity-reducing techniques range from simple target hardening to more sophisticated methods of deflecting offenders and reducing inducements. Displacement of crime has not proved to be the serious problem once thought, and there is now increasing recognition that situational measu...
Article
Recent theories posit that social differentiation in the risks of criminal victimization is due to variation in routine activities/lifestyles which place some persons or their property in proximity to motivated offenders. For a sample of 107,678 residents in thirteen U.S. cities, measures of the nature and quantity of routine activities outside the home (major daytime activity, frequency of nighttime activity) are introduced to assess the mediational effects of these variables on the demographic correlates of victimization. Routine activities/lifestyle variables have relatively strong direct and mediational effects on individuals' risks of property victimization but not for violent victimization. These findings are discussed in terms of their implications for further research on the relationship between demographic variables, routine activities/lifestyles, and criminal victimization.
Article
The threat of attacks enabled by malicious software, or programs used to compromise computer systems and steal information, has increased dramatically over the last two decades. There has, however, been little research considering the correlates of malware infection victimization. Thus, this study attempts to refine the existing literature on malware victimization using multiple measures for the presence of an infection and a Routine Activities framework to identify the correlates of infection in a sample of students, faculty, and staff at a southeastern university. The implications of this study for criminological theory and cybercrime research are discussed in detail.
Article
During the last half century hundreds of papers published in statistical journals have documented general conditions where reliance on least squares regression and Pearson's correlation can result in missing even strong associations between variables. Moreover, highly misleading conclusions can be made, even when the sample size is large. There are, in fact, several fundamental concerns related to non-normality, outliers, heteroscedasticity, and curvature that can result in missing a strong association. Simultaneously, a vast array of new methods have been derived for effectively dealing with these concerns. The paper (1) reviews why least squares regression and classic inferential methods can fail, (2) provides an overview of the many modern strategies for dealing with known problems, including some recent advances, and (3) illustrates that modern robust methods can make a practical difference in our understanding of data. Included are some general recommendations regarding how modern methods might be used.
Article
Guardianship or the absence of capable guardianship is a central element in routine activities theory, and has been the subject of research for more than 30 years. The original conceptualization of guardianship has been interpreted and expanded upon in many ways during this period of time. This article charts the evolution of research on the guardianship component of routine activities theory and provides a theoretical and conceptual reappraisal of guardianship. Aiding future empirical research is a central aim of this endeavor. A refined definition of guardianship is presented that is consistent with its original conceptualization and new theoretical advancements. Implications for theory and research are discussed.
Article
To explore the effectiveness of embedded training, researchers conducted a large-scale experiment that tracked workers' reactions to a series of carefully crafted spear phishing emails and a variety of immediate training and awareness activities. Based on behavioral science findings, the experiment included four different training conditions, each of which used a different type of message framing. The results from three trials showed that framing had no significant effect on the likelihood that a participant would click a subsequent spear phishing email and that many participants either clicked all links or none regardless of whether they received training. The study was unable to determine whether the embedded training materials created framing changes on susceptibility to spear phishing attacks because employees failed to read the training materials.
Article
The risk of property crime victimization is examined from a routine activities approach using data from six neighborhoods in Atlanta, Georgia. Indicators of the concepts of motivated offenders, suitable targets, and capable guardians are identified, and their individual and combined explanatory power are examined. The findings reveal that measures of neighborhood crime and housing type are the only variables that consistently relate to victimization in the hypothesized direction; employment status is the only guardianship measure that has the predicted effect on victimization. The analyses provide limited support for the routine activities approach, but are also consistent with hypotheses derived from other theoretical perspectives on criminal victimizations.
Article
This paper presents several macrodynamic social indicator models of post-World War II trends in robbery, burglary, and automobile theft rates for the United States. A theory of the ways in wich changes in criminal opportunity affect these Index Crime property crime rates is deveoped. Definitions and postulates are presented from which we derive a main theorem which states that, other things being equal, a decrease in the density of the population in physical locations that are normally sites of primary groups should lead to an increase in criminal opportunities and hence in property crime rates. Corollaries to the main theorem are presented and tested after operationalization of relevant independent and control variables such as the residential population density ratio, the unemployment rate, age structure, total consumer expenditures, and automobiles per capita. Stochastic difference equations, used to evaluate the theory,indicate that the models implied by the theory exhibit good statistical fit to the recorded property crime rates in question over the 26-year estimation period, 1947-72. In addition, these models provide reasonably accurate expost forecasts of observed annual property crime rates over the five-year forecast period, 1973 through 1977. The paper concludes with a discussion of ex ante forecasted equilibrium levels of the three property crime rates for the mid-1980s implied by the estimated models. The forecasts indicate that the robbery and automobile theft rates should drop00 substantially in the 1980s from their recent levels, whereas the burglary rate may continue to grow or at least drop less.
Article
Building upon Eck and Clarke’s (2003) ideas for explaining crimes in which there is no face-to-face contact between victims and offenders, the authors developed an adapted lifestyle–routine activities theory. Traditional conceptions of place-based environments depend on the convergence of victims and offenders in time and physical space to explain opportunities for victimization. With their proposed cyberlifestyle–routine activities theory, the authors moved beyond this conceptualization to explain opportunities for victimization in cyberspace environments where traditional conceptions of time and space are less relevant. Cyberlifestyle–routine activities theory was tested using a sample of 974 college students on a particular type of cybervictimization—cyberstalking. The study’s findings provide support for the adapted theoretical perspective. Specifically, variables measuring online exposure to risk, online proximity to motivated offenders, online guardianship, online target attractiveness, and online deviance were significant predictors of cyberstalking victimization. Implications for advancing cyberlifestyle–routine activities theory are discussed.
Article
This case analysis of an urban historic district tracks the demographic, economic, and public policy trends that influenced its violent crime volumes. Constructs from routine activities theory and environmental criminology are used to explain these crime trends. Findings are (a) macrostructural forces influenced crime volumes; (b) populations drawn to the area's nightlife had an impact on crime; (c) considering the number of people who visited the area, the victimization risks there were greater than was average for all of Tampa; (d) the demographics of the areas surrounding the district had less impact on crime there than has been assumed; and (e) the high density of bars facilitated the occurrence of violent crime beyond what would have been generated with other land uses. Recommendations are presented for guiding the formation of public policy that will affect the future crime trends in the district and may also be generalized to similar areas undergoing economic revitalization.