Whenever I speak publicly about being scammed there is often either an innuendo or a direct attribution that because I have been lonely I am likely to be vulnerable to a scam. For ‘lonely’ translate to ‘faulty individual’. Thus the formula follows, in their minds: I am not lonely, therefore I am not ‘scam-able’. I reject the formula, but more on that later. Now there is research which has looked specifically at susceptibility to cybercrime. Low and behold “In total, 60% of the population surveyed presented as being in the higher risk categories for susceptibility to cybercrime.”[i] So, for a great many people, it could happen to them.
Undertaken by Lee Hadlinton and Sally Chivers, and published in Policing: A Journal of Policy and Practice[i], this research looks at susceptibility to cybercrime levels through the lenses of information security awareness, trait impulsivity, and cross references these with age and employment factors.
“In total, 60% of the population surveyed presented as being in the higher risk categories for susceptibility to cybercrime. Furthermore, individuals in the higher risk categories for susceptibility to cybercrime also presented poorer information security awareness, as well as having higher levels of trait impulsivity. It was also noted that certain demographic factors also linked to susceptibility to cybercrime, including age and current employment status, with the unemployed and student populations being less well represented in lower risk categories. ” [From article abstract]
I have always considered low familiarity with online dating a risk factor for victimisation, given that scammers target people who have set up new profiles. This happened to me, and I have seen it repeated across other people that I have spoken to. The research conclusion about poor information security awareness is in my mind consistent with this, though given that I was working in IT, the level of security awareness might be quite specific to those areas being used by scammers to make contact with victims, ie., online dating; social media security.
The research findings in Segmentation Analysis of susceptibility to Cybercrime also show:
- Overall: Those ‘already protected‘, plus those ‘relatively savvy‘ make up only total 33% of the population studied and are regarded as low risk. The remaining 66% could be considered at risk of susceptibility to cybercrime.
- Age Differences: Of the 18 – 40 year old group, 66% of those fell into the Unsuspecting and Unprotected segment, meaning highly at risk. “In contrast, 70% of those in the 41 and above age bracket were classified as A: Already protected. Such findings present a clear contrast to the often-presented view that it is the older generation that is potentially more vulnerable to cybercrime.”
- Impulsivity factor: Though “Research has also demonstrated that higher levels of impulsivity are associated with an increased frequency of individuals engaging in risky online behaviours”, meaning this could place them at risk of being a victim of cybercrime, this is not based on a validated psychological scale. Instead, it is based on attitudinal and behavioural profiles[ii].
- Employment Status: Unemployed and Students are under-represented in the ‘already protected’ and ‘relatively savvy’ groups, meaning they are more susceptible to being scammed.
As always, this research is just the tip of the iceberg of understanding why people get caught in scams, and much more research is necessary. Any research may help in determining appropriate preventative messaging. But how to get appropriate messages to people who are unaware of the need for it is an ongoing conundrum. It is however great to see such research being done.
I would like to see much more emphasis placed on the perpetrators, the skilled psychological manipulators, and their role in scams, instead of such focus on victims. The ongoing focus on victims perpetuates the victim blaming that goes on around this topic. The formula mentioned at the beginning is faulty and is an attempt to justify an attitude of “It would never happen to me!” that sits alongside the victim blaming that takes place.
[i] Lee Hadlington, Sally Chivers; Segmentation Analysis of Susceptibility to Cybercrime: Exploring Individual Differences in Information Security Awareness and Personality Factors, Policing: A Journal of Policy and Practice, ,pay027, https://doi.org/10.1093/police/pay027
[ii] Based on the S-HAIS-Q scoring profile. See Table 3 in the article.