Unraveling the Human Factor in Cybercrime: From fraudsters to victims,and emerging offender profiles to protective strategies

Introduction

This special issue showcases cutting-edge research about the human factor in cybercrime. The included articles demonstrate the breadth of current developments in cybercrime research, spanning two main themes: offender-focused studies, examining emerging profiles and tactics; and victim-centered studies, exploring risk factors, impacts, and protective strategies. Both themes are combined in a contribution on tackling cyber-enabled crimes through a public health approach. As technology advances, so do cybercriminal activities, underscoring the need for continuous development into this evolving field.

This special issue is a result of the fifth annual conference on the Human Factor in Cybercrime ¹ (HFC conference) hosted by the Cyberagentur ² in Halle (Saale), Germany. Based on our experiences in organizing this conference and editing this and previous special issues (see Bossler and Berenblum, 2019; Dupont et al., 2024; Dupont and Holt, 2022, 2023; Weulen Kranenbarg and Leukfeldt, 2021), we observe that research on the human factor in cybercrime is no longer at its infancy. ³ The research community is growing. There is a wide variety of research around the human factor in cybercrime, and the quality of this research is improving. In this special issue we include the EU-focused conference papers, and we hope to spark the interest of European researchers, especially those in countries currently underrepresented in this field. We hope that the contributions provide this inspiration by providing insights into the ever-evolving methods, topics, and theoretical frameworks that are currently developed in the field. Broadening this research field to other European (and non-European) countries will eventually also provide more opportunities for comparative research across countries, shedding light on differences and similarities that could inform national and international policies.

More specifically, the offender-focused papers included in this special issue show how diverse both the topics and methods in research on cyber offenders are. While studying some topics might require innovative methods or new types of data, other topics can be studied in a more traditional manner using both quantitative and qualitative methods. In both cases, the relatively new type of crime under study requires researchers to critically reflect on the best method and theoretical framework to study their topic.

The contributions on victims show that both individuals and businesses are affected by cybercrime. All studies also highlight important implications for prevention that strongly depend on the type of crime, the context, and the type of victim. This shows the importance of moving away from studying broad categories of cybercrime, to studying specific types of cybercrime and its correlates, to get a deeper understanding of its victims and how victimization can be prevented.

All contributions in this special issue show recent developments in forms of cybercrime that currently impact our society. However, new technological developments might change these crimes and their correlates in the (near) future. With this special issue, we would like to invite both established cybercrime researchers and researchers who are new in this field to try and anticipate new developments in their research and thereby hopefully address these faster in the future. ⁴

Special issue papers on offenders

Bekkers et al. (2025) investigate the issue of money muling among young people by examining individual factors that relate to prior exposure to money mule recruiters. Using a survey of young Dutch individuals, the authors analyzed key demographics and social-psychological variables to identify correlates of being approached. Their results show that the factors related to prior recruitment attempts depend on whether participants were approached in the physical world or online, as recruiters on social media cast a wider net compared to those operating in person.

Moneva and Leukfeldt (2025) examine the rise of cybercrime-as-a-service, specifically ‘booter’ services that provide distributed denial of service (DDoS) attacks for hire, and how law enforcement agencies could counter them through online ad campaigns. Using Google search data from two campaigns run in the Netherlands in 2021, the authors assess whether these campaigns effectively reached would-be cybercriminals. The findings not only suggest that potential offenders were indeed—to some extent—reached but also show how online searches can help identify active booter platforms, aiding law enforcement in shutting them down.

Using neutralization theory, Connolly et al. (2025) investigate how alleged ransomware offenders rationalize their criminal activities, focusing on organized groups. Through the analysis of interviews, the authors uncover patterns of distorting the facts, negating societal norms, and rejecting responsibility by blaming the circumstances or their own shortcomings. Their findings shed light on the nuanced justifications employed by offenders and suggest new directions for developing effective counter-narratives.

Lusthaus et al. (2025) address an underexplored aspect of cybercrime by focusing on cyber-enabled crimes involving two Nigerian cybercriminal networks operating in Europe. Using qualitative case study analyses, the authors investigate how these networks have evolved over time and how they function in a European context. Their findings highlight increasingly sophisticated and mobile operations, emphasizing the role of transnational migration and local hubs in creating cybercrime networks that do not only rely on virtual means.

Special issue papers on victims

Guedes et al. (2025) investigate the distinct determinants of fear related to interpersonal and property cybercrimes through an online survey of Portuguese respondents. The findings indicate that while offline fears predict fear of both types of cybercrime, other predictors largely differ between both types of cybercrime. Moreover, traditional Routine Activity Theory factors have minimal explanatory power, highlighting the need for prevention strategies tailored to each type of cybercrime fear.

Borwell et al. (2025) explore the psychological repercussions of cybercrime victimization among Dutch victims, using concepts of democratization of victimization, coping, and cyborg theory. The findings indicate that older victims experience a stronger negative impact on their sense of security, while emotional well-being is more adversely affected among those who live alone, are female, are religious, or have lower socioeconomic status. Additionally, some factors exacerbate the effect on both sense of security and emotional well-being. These insights not only deepen academic understanding but also guide the development of targeted prevention and support measures for victims.

Matthijsse et al. (2025) examine ransomware threats targeting small- and medium-sized enterprises (SMEs), focusing on what factors lead these organizations to pay the ransom. Using a survey-based vignette experiment with a sample of Dutch SME owners and managers, the authors find that overall likelihood of paying is low, yet reliance on a cybersecurity company's advice to pay and a lack of data backups significantly increase payment odds. These insights highlight the importance of preventative strategies, including the role of professional advice and backup systems in mitigating ransomware's impact.

Combining offender and victim perspectives

Finally, Levi (2025) explores both offender and victim prevention strategies by examining how human, institutional, political, and technological factors shape public health approaches to cyber-enabled frauds against individuals. Drawing on UK data and comparative evidence from Europe, the study reviews policing practices, public–private prevention measures, and victim-support services. Such interventions could focus on shrinking offender pools, reducing first-time and repeat victimization, reducing or restoring losses, and reducing fears. The paper concludes that, despite growing governmental and financial sector attention, there is a need for stronger evidence underlying such a public health approach.

Conclusion

This special issue is showcasing the cutting-edge research presented at the fifth annual conference on the HFC. ⁵ As the fifth edition of the conference was organized in Germany and connected to the ESC conference, we are proud to publish the European-focused papers of this edition in this special issue of the European Journal of Criminology. With this special issue, we hope to spark the interest of European researchers, especially those in countries currently underrepresented in this field. We hope that the contributions provide insights into the ever-evolving methods, topics, and theoretical frameworks that are currently developed in the field. The goal of the HFC conference is to stimulate discussions around these developments and improve the theoretical and empirical quality of this type of research. With this special issue, we hope to make these insights accessible to a wider academic audience of European criminologists. Finally, as technology evolves, cybercrime and its research evolve with it. It is quite difficult but valuable to address the future, and we look forward to seeing which topics will be presented in the coming editions of the conference, starting with the seventh edition that will take place in September 2025 in Copenhagen, Denmark. ⁶