Human Factors in Cybercrime
Human factors play a central role in the success of cybercrimes. Criminals exploit typical human behaviors, cognitive biases, and emotional reactions. For example, phishing attacks rely on the victim’s trust or urgency, exploiting their failure to scrutinize the authenticity of the request due to a perceived time constraint or authority figure’s request.
Rationality and Decision-making
Rationality in decision-making is often limited or “bounded” by the information available, the cognitive limitations of the mind, and the time available to make the decision. Cybercriminals take advantage of these limitations by crafting scenarios that lead to quick, emotion-driven decisions, thereby bypassing rational, reflective thought.
Social Engineering
This includes a variety of manipulative techniques such as phishing, romance scams, and catfishing. These tactics specifically target the natural human propensity to trust others, especially when the request appears to come from a trustworthy or authoritative source, or appeals to one’s emotions.
Online Harassment
Cyberbullying, trolling, revenge porn, and hate crimes exploit the anonymity and reach of the internet, enabling perpetrators to harm others without many of the repercussions they might face in physical interactions. These crimes often rely on the ability to manipulate and intimidate others, exploiting social and psychological vulnerabilities.
Identity-related Crimes
Crimes like identity theft and doxing leverage the abundance of personal data available online. Criminals exploit weak security practices and the oversharing of personal information, capitalizing on the lack of awareness about data privacy.
Hacking and Denial-of-Service
These technical attacks exploit gaps in software and network security, but also rely on human error or negligence, such as the failure to install updates or use strong passwords. Hackers often use social engineering to gain access to systems for deploying malware or conducting cryptojacking.
Taxonomy of Cybercrimes Against Individuals
The proposed taxonomy categorizes these crimes based on the tactics, targets, and psychological manipulations involved, offering a structured way to understand and address various cyber threats.
Interdisciplinary Approaches
The chapter argues for an interdisciplinary approach to combatting these crimes, integrating insights from psychology, sociology, computer science, and law enforcement. This is crucial because technical defenses alone are insufficient to protect against threats that exploit human behaviors and decision-making processes.
Book References:
- “Cybercrime and You: How Criminals Attack and the Human Factors That They Seek to Exploit” by Nurse J.R.C., in “The Oxford Handbook of Cyberpsychology”, edited by P. Cornish. This book provides an academic foundation on the psychological aspects of cybercrime, emphasizing how human factors are exploited by criminals.
- “The Security Culture Playbook: An Executive Guide to Reducing Risk and Developing Your Human Defense Layer” by P. Carpenter and K. Roer. This guide focuses on developing a security culture within organizations that strengthens the human elements of cyber defense, addressing critical social science concepts that can enhance security strategies.
These resources offer comprehensive insights into how human vulnerabilities can be identified, understood, and mitigated to reduce the risk of cybercrime.
We love to share our knowledge on current technologies. Our motto is ‘Do our best so that we can’t blame ourselves for anything“.