Cybercrime: Who Falls Victim and Why?

Cybercrime is the invisible threat of the digital age. It doesn’t just target companies and government agencies; increasingly, private individuals are also in the crosshairs. In 2023, police in Germany recorded 134,407 cases—a record high and an alarming figure, yet it represents only the visible tip of a much larger issue. The true scale of cybercrime is obscured by unreported cases—incidents that go unnoticed or unreported. With the relentless pace of digitalization, new avenues for attacks are constantly emerging, raising the central question: how and why do people fall victim to cybercrime?

The Dark Side of Digitalization

Cybercrime is a broad term encompassing a wide range of crimes that are either enabled or significantly facilitated by digital technologies. From a scientific perspective, these crimes fall into two main categories.

The first category includes cyber-dependent crimes such as hacking or deploying malware like computer viruses or ransomware. These crimes would be impossible without IT systems. The second category covers cyber-enabled crimes, where traditional offenses—such as fraud, harassment, or stalking—take on new dimensions through digital technologies. A classic example is online fraud, where victims are tricked into visiting fake websites, or the “romance scam,” where perpetrators fabricate relationships to extort money. The digital realm has revolutionized the criminal landscape, offering almost limitless opportunities for exploitation.¹ ²

Hidden Crimes: The Invisible Reality of Cyberspace

Many victims of cybercrime never appear in official statistics. Some are unaware they’ve been attacked; others choose not to report incidents, often out of shame, uncertainty, or the belief that reporting won’t make a difference.

To understand the true scope of the problem, my team and I conducted a dark field study in Austria. The findings were startling: of the 1,007 people surveyed, a staggering 84% reported falling victim to cybercrime at least once. Yet only 6.2% of these incidents were reported to the police. Even more concerning, just 22.7% of reported cases were solved.³

One particularly interesting insight was the varied ways victims perceive their experiences. Many people fail to recognize attacks as crimes or don’t feel personally affected. For example, someone receiving dozens of harassing messages daily is clearly a victim of cyberstalking. Yet whether they perceive themselves as a victim depends heavily on personal and psychological factors. Cybercrime, therefore, isn’t just a technical issue—it’s also deeply rooted in perception.

Which Forms of Cybercrime Are Most Common?

Our study revealed that some forms of cybercrime are far more prevalent than others. Phishing tops the list, with around 59% of respondents having encountered fake emails or websites designed to steal personal information like passwords or credit card details. Computer viruses and malware are also widespread, affecting nearly 54% of participants. Identity theft—where criminals send messages or post content in the victim’s name—is another common issue.

In the realm of cyber-enabled crimes, fraud dominates. About 25% of respondents had experienced product scams, such as paying for goods that were never delivered. Nearly as common are romance scams, with 23.4% of participants reporting experiences of emotional manipulation aimed at financial exploitation. Less frequent but equally damaging are crimes like blackmail or the unauthorized publication of private images, which often have severe psychological repercussions.

Why Security Measures Don’t Always Work

One surprising finding from our study was that extensive security measures don’t necessarily guarantee better protection. In fact, the risk of becoming a victim of cybercrime slightly increases with each additional security measure in place.

This paradox can be explained in part by increased exposure: individuals who frequently use digital technologies are naturally at greater risk. Additionally, relying heavily on security software can create a false sense of safety, leading to careless behavior. For instance, people who assume their antivirus software will block all threats are less likely to scrutinize suspicious emails or websites. Moreover, tech-savvy individuals are more likely to detect cyberattacks and, consequently, identify themselves as victims. These findings underscore the importance of combining technical safeguards with critical awareness and responsible digital behavior.

Who Are the Perpetrators?

Cybercriminals today operate with increasing professionalism, often as part of well-organized networks. These groups specialize in various methods, from mass phishing campaigns to targeted corporate attacks. The use of artificial intelligence has made these operations even more dangerous, enabling criminals to craft highly convincing messages or websites. Personalized attacks are also on the rise: by analyzing social media data, perpetrators can manipulate victims more effectively, greatly improving their chances of success.

How Can We Protect Ourselves?

The most important takeaway from our study is that effective prevention requires more than just technical solutions. Three key elements are crucial:

1.Updated Software: Keeping software and systems up to date is essential for addressing known vulnerabilities.

2.Education: Users must learn to identify threats—such as suspicious emails, unsafe links, or fake websites—and respond appropriately.

3.Understanding Criminal Strategies: Awareness of how cybercriminals operate can significantly enhance protection.

Still, prevention has its limits. As technologies like artificial intelligence evolve, cybercrime becomes increasingly complex. Staying protected requires ongoing vigilance and adaptation to new threats.

Conclusion: Vigilance is the Best Defense

Cybercrime has infiltrated every aspect of modern life. No one is completely immune, and even the most robust security measures provide no guarantees. However, by combining technical precautions, education, and a mindful approach to digital technologies, we can greatly reduce our vulnerability. In an ever-more interconnected world, vigilance remains our strongest defense—because the best protection against cybercrime always starts with the user.

Quellen:
¹ McGuire, M., Dowling, S. (2013). Cyber crime: A review of the evidence.
² Leukfeldt, E. R. (2016). The human factor in cybercrime and cybercrime investigations.
³ Huber, E., Pospisil, B., Seböck, W. (2019). Without a trace: Cybercrime, who are the defendants?