Victimization in Cyberspace: Is It How Long We Spend Online,What We Do Online,or What We Post Online?

Abstract

Prior research on cybercrime victimization has generally emphasized the linkage between the frequency or actual length of time individuals spend online engaging in certain activities and the risk of being victimized in cyberspace but has paid much less attention to what persons actually share or post online that increases the risk of online victimization. To address this gap, we appeal to the integrated lifestyle–routine activities theory in order to examine the relationships between the length of time one spends online (online frequency), specific activities or tasks one engages in while online (online activity), specific types of information one shares online (online posting), and seven specific forms of cybercrime victimization using a convenience sample of students. Results showed that one online frequency variable (internet hours), six online activity variables (banking, reading news, shopping, planning travel, socializing, and communicating with stranger), and three online posting variables (phone number, home address, and other info) were significantly related to five of the seven forms of cybercrime victimization (computer virus, harassment by nonstranger unwanted porn, sex solicitation, and phishing). Implications for our findings and directions for future research are discussed.

Keywords

cybercrime victimization integrated lifestyle/routine activities

It is indisputable that we are living in a technologically interconnected world. We rely on computers for many aspects of our lives, from banking to education to purchasing household goods and so on. The World Wide Web has enabled us to connect with other individuals around the globe, share and disseminate information, collaborate on projects, and stay in touch. Unfortunately, the very technologies and infrastructure that empower people to connect, build, and innovate are also the same tools and mechanisms that criminals employ to victimize ordinary citizens. According to the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3, 2019), from 2015 to 2019, almost 2 million individuals have filed a consumer internet crime complaint with the agency. Undoubtedly, many more were victimized but may not have reported it and/or may not yet have realized that they had been victimized. As criminals become more sophisticated and invent new ways to commit crime in cyberspace, the number of cybercrime victims is expected to increase in the coming years (National Academies of Sciences, Engineering, and Medicine, 2018).

To thwart the commission of cybercrime, knowledge about factors that may heighten the risks of victimization is crucial. Notably, there is a dearth of research examining the relationships between what computer users post or share online (e.g., personal information, pictures, videos) and their likelihood of becoming a victim in cyberspace. It is believed that information one posts or shares online could help cybercriminals plot their crimes such as verifying the victim’s identity, locating the victim’s home address, confirming that the victim is on vacation and hence, their house is unoccupied, and so on (Windle, 2017). There is also evidence that individuals who disclose personal information while online face greater risks of falling victim to cybercrime because scammers appear to select targets according to the information disclosed in the virtual world (Mersh & Dodel, 2018; Van Wilsem, 2013a). Hence, determining the linkage between the types of information individuals post or share online and their risks of becoming victims of cybercrime is pertinent and warranted.

To address this gap in the current literature, we explore the associations between online frequency (the length of time one spends online), online activity (the activities or tasks one engages in while online), online posting (the information that one posts or shares online), and seven specific forms of cybercrime: (1) getting a computer virus, (2) exposing to unwanted porn, (3) being solicited for sex, (4) receiving phishing emails, (5) being harassed by a stranger, (6) being harassed by a nonstranger, and (7) experiencing defamation. Our study further extends prior research on cybercrime victimization by employing a more expansive list of online frequency, online activity, and online posting variables, all of which have been drawn from integrated lifestyles–routine activities theory (LRAT). The remainder of our article is organized as follows. First, we present the integrated lifestyle–routine activities theoretical framework and then we review prior literature on the linkage between online frequency, online activity, online posting, and cybercrime victimization. Next, we describe our data and methods, and finally, we report and discuss our findings.

Theoretical Framework

In recent decades, a large proportion of the work on cybercrime victimization has drawn on the lifestyle–routine activities perspective (LRAT). Lifestyle theory, as originally posited by Hindelang et al. (1978), states that certain personal characteristics (such as age, sex, or marital status) are related to certain routine behavioral patterns or lifestyles. Some lifestyles will place people in higher risk situations more often (such as frequent bars at night), increasing their chance of victimization. Relatedly, routine activities theory (Cohen & Felson, 1979) contends that crime victimization happens when three things converge in time and space: a motivated offender, a suitable target, and absence of capable guardian; and some people increase their risk of victimization because their routine activities place them in these situations more often (such as walking home from work at night 5 days a week). Taken together, LRAT can provide a more comprehensive theoretical framework when examining criminal victimization. This integrated lifestyle–routine activities approach posits that victimization risk is determined by an individual’s lifestyle and routine activities that may or may not put them in situations where they are more likely to encounter motivated offenders in the absence of capable guardians, making them a more suitable target (Cohen et al., 1981). And those individuals who place themselves in more risky situations because of their lifestyles will have a higher risk of victimization (Miethe & Meier, 1990).

Integrating lifestyle theory with routine activities theory also creates a more complete victimization theory because lifestyle theory focuses on predicting a person’s odds of victimization, while routine activities theory does more to describe a crime event itself (Pratt & Turanovic, 2016). Therefore, using the integrated lifestyle–routine activities theoretical framework is applicable in this study since we are examining online frequency, online activities, and online postings in relation to the odds of cybervictimization. Accordingly, the key theoretical elements of LRAT include proximity to motivated offenders, exposure to risky situations, target attractiveness, and the absence of capable guardians (Miethe & Meier, 1994).

In the context of cyberspace, it has been noted that the requirement of offenders and victims converging in time and in space for a crime to occur presents a major problem when applying LRAT to cybercrimes (Yar, 2005; see also, Leukfeldt & Yar, 2016). Related to the debate regarding the appropriateness of applying LRAT, which was developed to account for crime and victimization in the physical world, the virtual world provides a somewhat different set of challenges in conceptualizing and operationalizing LRAT’s main theoretical concepts (Vakhitova et al., 2016). Specifically, given that the concepts of “exposure to risk” and “proximity to offenders” denote the physical distance and physical visibility and accessibility of potential victims to offenders (Cohen et al., 1981), it has been noted that potential victims cannot be physically seen or physically assessed in cyberspace. Similarly, since the concept of “target attractiveness” implies that potential victims possess a symbolic or economic value to offenders (Miethe & Meier, 1994) and given the concept of “capable guardian” is conceptualized as “someone whose mere presence serves as a gentle reminder that someone is looking” (Felson, 2002, p. 22), the transposing of these concepts from the terrestrial environment to the online environment where physical proximity and visibility are largely irrelevant has been questioned.

Notwithstanding the issues and challenges noted above, it has been suggested that in cyberspace, victims and offenders do converge at spaces via networks as well as the convergence of victims and offenders does not have to be instantaneous but instead, continuous overtime (Eck & Clarke, 2003). As an example, in the case of cyber abuse, Reyns and colleagues (2011) maintain that while a message could be posted on the victim’s Facebook when the victim is off-line, the moment the victim goes online and reads the message, temporal convergence has occurred. Additionally, it has been argued that since the internet is designed not to be limited by barriers of physical distance, virtually present objects are globally visible, and this global visibility operates to advertise the existence of the targets to the pool of motivated offenders (Mabunda, 2017). Hence, the visibility of the victim, via the types of activities that the victim participates in, contributes to the degree to which the victim is a suitable target from the perspective of a would-be offender (Leukfeldt & Yar, 2016).

The proposed reconceptualization of spatiotemporal convergence between victims and offenders in cyberspace ensued in a growing number of studies applying the LRAT framework to examine crime committed in the virtual world when physical presence is not required for victimization to occur (Reyns, 2013; Reyns & Henson, 2016). In particular, drawing from the “proximity to motivated offenders” and “exposure to risky situations” tenets of LRAT, individuals who spend more time online (e.g., hours) and engage in various activities while online (e.g., spending time in chatrooms) are expected to have an increased risk of becoming a victim of cybercrime because they are exposed to potential criminals for a more extended period of time. The linkage between this supposition (typically measured as the frequency or actual length of time respondents spend online engaging in certain activities) and various illegal and deviant activities in cyberspace including malware infection, online harassment, cyberstalking, cyberbullying, online sex solicitation, and so on has been examined. Overall, the findings are mixed with some studies indicating partial support for the effects of online frequency and online activities on cybercrime victimization (Holt et al., 2020; Leukfeldt, 2014; Pratt et al. 2010; Van Wilsem, 2013a, 2013b; Williams, 2016), while other studies report almost no support for the above association (Holt & Bossler, 2013; Mesch & Dodel, 2018; Ngo & Paternoster, 2011; Reyns, 2013; Reyns & Henson, 2016).

In this study, we examine cybervictimization from an integrated LRAT perspective by investigating whether more online exposure and risky online behavior increase the odds of victimization. Using LRAT as our theoretical framework, we operationalized “proximity to motivated offenders” and “exposure to risk situations” by our measure of online frequency, so we expect as online frequency increases, so will the odds of cybervictimization. We operationalized online risky lifestyle by identifying risky online activities (such as communicating with strangers) and online postings (such as photos, addresses, or phone numbers). More detail is given about our independent variables and their linkages to LRAT in the Data and Methods section. Next, we review the literature on cybercrime victimization.

Online Frequency and Cybercrime Victimization

Prior studies on cybercrime victimization have estimated the exposure to risky situations and proximity to offenders through either measuring the amount of time an individual spends doing various activities on the internet (e.g., hours spent online checking email, talking in chat rooms) or some frequency count (e.g., the average number of hours per week spent online, the number of social networking accounts). These measurements have produced mixed results. For instance, employing a sample of college students at a Southeastern University, Ngo and Paternoster (2011) assessed the relationship between internet usage (measured as the number of hours per week respondents spent surfing the internet, checking their emails, engaging in instant messaging, and visiting chatrooms) and seven forms of cybercrime victimization. They found the number of hours per week respondents engaged in instant messaging was positively related to the likelihood of them experiencing online harassment by a stranger. None of the other measures of internet usage was related to the seven forms of cybercrime victimization. In another study, Holt and Bossler (2013) employed a sample of students, faculty, and staff at a Southeastern University to investigate the association between internet usage (measured as the number of hours per week respondents spent surfing the internet and engaging in various forms of computer-mediated communication (CMC) and the risk of malware infection victimization. The authors found none of their measures of internet usage predicted the likelihood of experiencing malware infection (see also Bossler & Holt, 2009; Holtfreter et al., 2010; Marcum, Ricketts, & Higgins, 2010; Pratt et al., 2010; Reyns et al., 2016).

The relationship between online frequency and cybercrime victimization has also been investigated using international samples. Drawing data from a cross-national sample of individuals between the ages of 15 and 30 from Finland, United States, Germany, and the United Kingdom, Näsi and colleagues (2017) explored the relationships between respondents’ number of social media services (i.e., Facebook, YouTube, blogs, discussion forums) used in the past 3 months, respondents’ number of Facebook friends, and their risks of experiencing online harassment. They found the respondents’ number of social media services was positively related to the outcome variable across all four countries, while the respondents’ number of Facebook friends did not predict the likelihood of online harassment. Likewise, employing a sample of 26,665 internet users aged 16 and older in two federal states in Germany, Bergmann and colleagues (2018) reported that more frequent use of the internet significantly increased the risk of malware infection, ransomware infection, and misuse of personal data. In a recent study, Holt and colleagues (2020) employed a representative sample of the general population of the Netherlands and explored the relationship between the average number of hours per week respondents spent on a computer or laptop at home and malware infection victimization. They found that respondents who spent more hours per week on their computer or laptop at home had greater risks of experiencing malware infection victimization (see also Leukfeldt, 2014; Reyns, 2015; 2013; Reyns & Henson, 2016; Van Wilsem, 2013a, 2013b).

Online Activities and Cybercrime Victimization

In addition to examining the linkage between the amount of time a person spends online and their experience with cybercrime victimization, cybercrime scholars and researchers have also explored the association between the activities that a person participates in while online and their risk of becoming a victim in cyberspace. Employing a sample of 1,000 adults in the state of Florida, Pratt and colleagues (2010) investigated the association between internet website purchase and online consumer fraud (i.e., phony investment deal, false advertisement, etc.). They uncovered that respondents who made a purchase from an internet website were significantly more likely to experience online consumer fraud relative to respondents who did not engage in this activity. Leukfeldt (2014) also examined the effect of online activities on the risk of becoming a victim of phishing and malware. The author categorized various types of online activities into low visibility (i.e., using email, Skype, direct messaging platforms, and targeted browsing) and high visibility (i.e., participating in online chatrooms, online gaming, online purchasing, social networking sites, other internet forums, and downloading software) activities. Using a sample of 10,314 Dutch citizens who participated in a cybercrime victim survey, he found one low visibility activity (targeted browsing) significantly predicted both phishing and malware while four types of high visibility activities (untargeted browsing, online gaming, online purchasing, and downloading software) were significant predictors of malware (but not phishing). Leukfeldt also found that other online activities (email, Skype, direct messaging platforms, online chatrooms, social networking sites, and other internet forums) were not related to either phishing or malware.

In a more recent study, Holt and colleagues (2020) employed a representative sample of the general population of the Netherlands and examined the relationships between 15 online activities (banking, posting social media, downloading, gaming, etc.) and the risk of malware infection victimization. They found 7 of the 15 online activities (email, downloading, reading news, posting social media, visiting dating websites, watching movies, and writing blogs) significantly increased the likelihood of malware infection victimization, 3 of the 15 online activities (searching for information, reading social media, and reading news) significantly decreased the likelihood of malware infection victimization, and 1 online activity (participating in online forums) both increased the likelihood of having one’s computer crashed and decreased the likelihood of having one’s home page altered (see also; Marcum, Ricketts, & Higgins, 2010; Mesch & Dodel, 2018; Ngo & Paternoster, 2011; Reyns, 2013; Reyns & Henson, 2016; Reyns et al., 2011, 2016).

Online Postings and Cybercrime Victimization

Prior research on cybercrime victimization has also investigated the association between the types and amount of personal information an individual provides online and his or her likelihood of being victimized in cyberspace. However, the number of these studies is limited. For instance, Ngo and Paternoster (2011) examined the associations between providing personal information online and the risk of encountering seven forms of cybercrime victimization among a sample of college students. The authors found that providing personal information online was not related to any of the seven types of cybercrime victimization. Likewise, Van Wilsem (2013b) explored the effect of having a profile on the popular Dutch social networking site known as Hyves on the risk of cybercrime victimization (measured as a combined risk of online harassment and hacking) and found that having a profile on a social network site decreased the odds of becoming a victim in cyberspace. In a more recent study, Mesch and Dodel (2018) employed a national sample of U.S. citizens and explored the effect of the disclosure of personal information on the risk of online fraud. They reported that individuals who disclosed personal information online had greater risks of receiving scam emails relative to individuals who did not share personal information while online.

Current Study

To summarize, the evidence on the association between online frequency and cybercrime victimization is mixed with some studies providing support for the predicted relationship, while other studies do not. Similarly, the evidence on the association between types of online activities and cybercrime victimization is also inconsistent in that some activities were found to be significantly related to certain types of cybercrime, while other activities were not. Likewise, the association between online postings and cybercrime is incongruous with some studies reporting that posting certain information online increased the likelihood of individuals becoming a victim of cybercrime, while other studies found that sharing certain information in cyberspace decreased the possibility of cybercrime victimization.

Herein, we seek to contribute to the extant scholarship by exploring the associations between online frequency (the length of time one spends online), online activity (the activities or tasks one engages in while online), online posting (the information that one posts or shares online), and the risk of becoming a victim of crime in cyberspace using a more expansive list of online activity and online posting variables within the context of an integrated lifestyles/routine activities theoretical framework. Doing so permits a finer grained investigation into the nature of what persons do online that may increase their victimization risk.

Data and Methods

Data for the current study came from an online self-report survey administered to a sample of students from a southeastern college campus. The campus is an upper division institution that offers junior, senior, and graduate course work leading to bachelor’s and master’s degrees, as well as certificate programs. Participating students were recruited from four colleges: Arts & Sciences, Business, Education, and Hospitality & Tourism. This institution also offers courses to senior citizens from a local nonprofit organization as non-degree-seeking students. Senior citizens enrolling in courses at this campus were also recruited for the study.

Study participants were informed about the study via a recruitment email. The email contained information regarding the purpose of the study, the anonymous nature of the study, the name of the principal investigator and her contact information, and the web address to access the survey. The recruitment email was sent to approximately 1,500 students (including seniors enrolling in classes as non-degree-seeking students) from the Office of Student Activities. The director of the nonprofit organization that partners with the institution to offer classes to senior citizens also sent a follow-up email encouraging its members to participate in the study. It is noteworthy that participants were not asked to identify themselves as college students or senior citizens taking classes at the campus on the survey. Hence, it was not possible to differentiate these two groups. Notwithstanding this limitation, the inclusion of senior citizens in this study provides us with the opportunity to further explore the associations between several key demographic variables such as age, education level (i.e., senior citizens with graduate degree), and employment (i.e., retired senior citizens) and the likelihood of becoming a crime victim in cyberspace.

Following Dillman’s (2007) tailored design method, three waves of email invitations were sent to the students to increase the response rate (i.e., an initial solicitation email and two follow-up emails). A total of 284 participants completed the online survey. This yielded a response rate of 18% which is not atypical of that found in other studies that have used web-based data collection surveys but still low—a point we return to later in this article (Ngo & Paternoster, 2011; Porter & Whitcomb, 2007; Ranchhod & Zhou, 2001).

Table 1 shows the demographic characteristics of the sample. As shown, the mean age of the sample was 40 years (range = 18–87). The majority of the sample were females (66%), Whites (85%), and had a college, professional, or graduate degree (84%). Slightly more than one third of the participants were married (36%) and more than half (61%) of the participants were employed (part time and full time) at the time of the study.¹

Table 1.

Descriptive Statistics for Sample.

Variables	N	Mean/%	SD	Min.	Max.
Age	284	39.64	19.15	18	87
Male (1 = male; 0 = female)	282	0.34	0.48	0	1
White (1 = White; 0 = non-White)	284	0.85	0.36	0	1
Married (1 = married; 0 = not married)	284	0.36	0.48	0	1
College plus (1 = college/professional/graduate degree; 0 = less than college)	284	0.84	0.37	0	1
Employed (1 = employed; 0 = unemployed)	283	0.61	0.49	0	1
Cyber deviance (1 = yes; 0 = no)	284	0.28	0.45	0	1
Online frequency
Internet hours	283	18.04	14.24	1	140
Email hours	284	7.12	9.53	1	63
Instant messaging hours	284	2.18	7.25	0	60
Chat hours	281	0.58	3.22	0	40
Social media hours	284	5.36	10.46	0	100
Online activities
Work/school (1 = yes; 0 = no)	284	0.90	0.30	0	1
Banking (1= yes; 0 = no)	284	0.82	0.39	0	1
Reading news (1 = yes; 0 = no)	284	0.83	0.37	0	1
Gaming (1 = yes; 0 = no)	284	0.37	0.48	0	1
Shopping (1 = yes; 0 = no)	284	0.82	0.39	0	1
Selling goods (1 = yes; 0 = no)	284	0.26	0.44	0	1
Planning travel (1 = yes; 0 = no)	284	0.69	0.46	0	1
Socializing (1 = yes; 0 = no)	284	0.83	0.38	0	1
Communicate with stranger (1 = yes; 0 = no)	284	0.21	0.41	0	1
Other activities (1 = yes; 0 = no)	284	0.11	0.31	0	1
Online postings
Picture of self (1 = yes; 0 = no)	284	0.18	0.38	0	1
Phone number (1 = yes; 0 = no)	284	0.14	0.35	0	1
Home address (1 = yes; 0 = no)	284	0.07	0.26	0	1
Sexual orientation (1 = yes; 0 = no)	284	0.08	0.28	0	1
Family conflicts (1 = yes; 0 = no)	284	0.03	0.17	0	1
Other info (1 = yes; 0 = no)	284	0.68	0.47	0	1
Cybercrime victimization
Computer virus	284	0.47	0.50	0	1
Harassment by stranger	283	0.16	0.37	0	1
Harassment by nonstranger	283	0.15	0.36	0	1
Unwanted porn	283	0.23	0.42	0	1
Sex solicitation	284	0.17	0.37	0	1
Phishing	284	0.56	0.50	0	1
Defamation	284	0.10	0.29	0	1

Dependent Variables

Seven specific measures of cybercrime victimization were created for the study. Respondents were asked whether they had experienced each of the following seven forms of cybercrime victimization in the past 12 months: having their computer infected with a virus (computer virus); receiving unwanted pornographic messages or pictures (unwanted porn); being solicited for sex (sex solicitation); getting emails that look like those coming from legitimate businesses asking for personal data (phishing); receiving harassing, insulting, or threatening messages from someone they do not know (harassment by stranger); receiving harassing, insulting, or threatening messages from someone they know (harassment by nonstranger); and having false information or allegations about them posted on websites, chat rooms, blogs, or user pages for the purpose of damaging their reputation (defamation). These measures were coded as dichotomous variables with 1 = the respondent was a victim of this type of cybercrime and 0 = the respondent was not a victim of this type of cybercrime.

More than half of the respondents (56%) reported that they were victims of phishing, almost half of the respondents (47%) reported that their computers were infected with a virus, approximately one quarter of the respondents (23%) reported that they received unwanted exposure to pornography, and about one fifth of the respondents reported that they were harassed by a stranger (16%), harassed by a nonstranger (15%), or were solicited for sex while online (17%).

Independent Variables

Online frequency

Five measures of online frequency were created for the study, which can be linked to LRAT’s exposure to motivated offenders and risky online behavior. Respondents were asked to report the number of hours they spent per week on the internet (internet hours; mean = 18.04 hr), using email (email hours; mean = 7.02 hr), using instant messaging (instant messaging hours; mean = 2.18 hr), visiting chatrooms (chat hours; mean = 0.58 hour), and visiting social networking sites (social media hours; mean = 5.36) in the prior 12 months.

Online activities

Ten online activity variables were created for the study, which can be linked to LRAT’s risky online behavior. Respondents were asked to indicate whether or not they engaged in the following activities while online in the past 12 months: doing school work and work-related chores (school/work; 90%), conducting banking activities (banking; 82%), reading newspaper/magazine (read news; 83%), playing games (gaming; 37%), shopping (shopping; 82%), selling goods (selling goods; 26%), planning travel (planning travel; 69%), socializing with others (socializing; 83%), and chatting with people who they do not know (communicating with stranger; 21%). The respondents were also asked to list other activities that they participated in that were not listed on the survey (other activities; 11%). These items were coded as dichotomous variables with 1 = the respondent engaged in this activity and 0 = the respondent did not engage in this activity.

Online posting

Similar to the online activity variables, six measures denoting the specific information that a person posts or shares online were created for the study, which are consistent with indicators of LRAT’s risky online behavior. Respondents were asked to indicate whether or not they posted or shared the following information online in the prior 12 months: pictures of themselves (picture of self; 18%), phone number (phone number; 14%), home address (home address; 7%), information about their sexuality (sexual orientation; 8%), family conflicts (family conflicts; 3%), and other information that were not listed on the survey (other info; 68%). These items were coded dichotomously with 1 = the respondent posted or shared this information and 0 = the respondent did not post or share this information.

Control Variables

Seven measures were included as control variables. Except for the variable age (which was coded continuously), all of the control variables were dichotomous. Male was coded with 1 = male and 0 = female, White was coded with 1 = White and 0 = non-White, married was coded with 1 = married and 0 = not married, employed was coded with 1 = employed (both part time and full time) and 0 = not employed, and college plus was coded with 1 = had a college, professional, or graduate degree and 0 = had less than a college degree. Respondents were also asked to indicate whether or not they engaged in the following activities in the prior 12 months: made or gave to another person a “pirated” copy of commercially sold computer software (14%); made or gave to another person “pirated” media such music, television show, or movie (24%); accessed another person’s computer account or files without the person’s knowledge or permission to look at the information or files (7%); and added, deleted, changed, or printed any information in another person’s computer files without the owner’s knowledge or permission (2%). The response categories for the above four measures were “never,” “1–2 times,” “3–5 times,” and “5 or more times.” These measures were recoded as dichotomous variables with 1 = the respondent engaged in the above activity and 0 = the respondent did not engage in the above activity. Next, these four measures were combined to create the variable of computer deviance with 1 = the respondent engaged in at least one of the four above activities and 0 = the respondent did not engage in any of the above activities. The descriptive statistics for the independent and control variables are provided in Table 1.

Data Analysis

Given the dichotomous dependent variables, logistic regression is used to assess the relationships of the 5 online frequency variables (internet hours, email hours, instant messaging hours, chat hours, and social media hours), the 10 online activity variables (school/work, banking, reading news, gaming, shopping, selling goods, planning travel, socializing, communicating with stranger, and other activities), 6 six online posting variables (picture of self, phone number, home address, sexual orientation, family conflicts, and other info), and the likelihood of being a victim of the 7 forms of cybercrime (computer virus, unwanted porn, sex solicitation, phishing, harassment by stranger, harassment by nonstranger, and defamation). Specifically, three separate analyses were estimated. In the first analysis, each of the seven forms of cybercrime victimization was regressed on the five online frequency variables while holding the control variables constant. Similarly, net of the control variables, each of the 7 forms of cybercrime victimization was regressed on the 10 online activity variables in the second analysis, and in the third analysis, each of the 7 forms of cybercrime victimization was regressed on the 6 online posting variables. All three analyses were performed using SPSS Version 25.

Results

Bivariate Analyses

The analyses for the present study began by examining the bivariate correlations among the dependent, independent, and control variables (results not shown). The results reveal that four of the five measures of online frequency were correlated with four of the seven measures of cybercrime victimization. Respondents who spent long hours on the internet were at risk of receiving unwanted pornographic messages/pictures (r = .122; p < .05) and encountering sex solicitation (r = .124; p < .05). Similarly, respondents who used email often were at risk of encountering sex solicitation (r = .117; p < .05), and respondents who spent long hours participating in social media networking had a heightened risk of experiencing online harassment by someone they know (r = .167; p < .02). Likewise, respondents who engaged in instant messaging constantly were at risk of being harassed by someone they know (r = .180; p < .01) as well as receiving unwanted pornographic messages/pictures (r = .128; p < .05).

On the other hand, 5 of the 10 measures of online activities were correlated with 3 of the 7 measures of victimization. Respondents who indicated that they read the news online (r = .136; p < .05) and respondents who reported that they shop while online (r = .118; p < .05) were at risk of falling victim to phishing. Conversely, respondents who indicated that they engaged in activities not listed on the survey had a reduced risk of encountering phishing (r = −.119; p < .05). Respondents who participated in online gaming had a heightened risk of receiving unwanted pornographic messages/pictures (r = .127; p < .05), while respondents who booked their travel online had a reduced risk of experiencing harassment by someone they know (r = −.145; p < .05).

Concerning the measures of online postings, only one measure was correlated with the victimization of harassment by a nonstranger in that respondents who reported that they disclosed information not listed on the survey had a reduced risk of being harassed by someone that they know (r = −.197; p < .01). The results also reveal that four of the seven control measures were correlated with all seven measures of cybercrime victimization. Older respondents were less likely than younger respondents to report having their computers infected with a virus (r = −.153; p < .05), being harassed by someone they know (r = −.195; p < .01), and experiencing defamation (r = −.133; p < .05). Similarly, relative to non-White respondents, White respondents were less likely to report having their computers infected with a virus (r = −.122; p < .05), receiving unwanted pornographic messages/pictures (r = −.118; p < .05), and being solicited for sex (r = −.150; p < .05). Also, respondents who were employed were less likely to experience online harassment by someone they know (r = −.128; p < .05), while respondents who engaged in computer deviance were more likely to report being harassed by someone they know while online (r = .132; p < .05).

Logistic Regressions

To assess the relationship between spending time online and the likelihood of becoming a victim of cybercrime, we estimated seven logistic regression models in which each of the seven forms of cybercrime victimization was regressed on the five online frequency variables while holding the control variables constant. The results for the seven models are shown in Table 2. As can be seen, only one online frequency variable, internet hours, was significantly related to the victimization of unwanted porn. That is, spending long hours surfing the internet increased the odds of being exposed to pornography by approximately 2% (Model 4 of Table 2). None of the other online frequency variables predicted an individual’s risk of becoming a victim of cybercrime. On the other hand, several of the control variables were significantly related to six of the seven measures of cybercrime victimization. Specifically, male respondents were 110% more likely to be solicited for sex relative to female respondents, but White respondents were 60% less likely to receive a solicitation for sex relative to non-White respondents (Model 5 of Table 2). Likewise, relative to younger respondents, older respondents were 2% less likely to get a computer virus (Model 1 of Table 2), 3% less likely to experience harassment by someone they know (Model 3 of Table 2), and 4% less likely to experience defamation (Model 7 of Table 2). Similarly, relative to unemployed respondents, respondents who were employed were 68% less likely to experience harassment by a stranger (Models 2 of Table 2).

Table 2.

Logistic Regressions of Online Frequency and Control Variables on Seven Types of Cybercrime Victimization.

Variables	Model 1	Model 2	Model 3	Model 4	Model 5
Variables	Computer Virus	Harassment Stranger	Harassment Nonstranger	Unwanted Porn	Sex Solicitation	Model 6 Phishing	Model 7 Defamation
Internet hours	0.99 (.01)	0.99 (.01)	0.99 (0.02)	1.02*** (.01)	1.02 (.01)	1.01 (.01)	1.01 (0.02)
Email hours	1.01 (.01)	1.01 (.02)	1.00 (0.02)	1.00 (.02)	1.03 (.02)	0.99 (.01)	0.97 (0.03)
Instant messaging hours	1.04 (.03)	0.99 (.03)	1.03 (0.03)	1.03 (.03)	0.99 (.03)	1.01 (.03)	0.97 (0.04)
Chat hours	0.97 (.05)	1.02 (.06)	0.97 (0.05)	0.99 (.06)	0.95 (.08)	1.00 (.05)	1.03 (0.06)
Social media hours	0.99 (.02)	1.00 (.02)	1.02 (0.02)	0.98 (.02)	1.00 (.02)	0.99 (.02)	1.00 (0.02)
Male	1.32 (.27)	1.06 (.37)	0.94 (0.41)	0.94 (.33)	2.11*** (.37)	0.92 (.27)	0.92 (0.48)
Age	0.98** (.01)	0.98 (.01)	0.97*** (0.02)	1.01 (.01)	1.01 (.01)	0.99 (.01)	0.96*** (0.02)
White	0.62 (.36)	0.80 (.46)	2.42 (0.59)	0.56 (.40)	0.40*** (.43)	1.31 (.36)	1.12 (0.60)
Married	1.34 (.29)	0.86 (.41)	0.78 (0.44)	0.67 (.36)	0.57 (.42)	0.67 (.29)	1.67 (0.49)
College plus	1.96 (.37)	1.38 (.51)	3.53 (0.65)	2.09 (.49)	2.74 (.61)	1.88 (.35)	1.62 (0.67)
Employed	1.10 (.31)	0.32** (.40)	1.06 (0.44)	0.58 (.36)	0.67 (.42)	0.63 (.31)	0.60 (0.48)
Cyber deviance	0.78 (.29)	1.04 (.39)	1.81 (0.39)	1.16 (.35)	0.90 (.41)	1.03 (.29)	1.05 (0.47)
Constant	1.95 (.68)	0.82 (.86)	0.07 (1.08)	0.19 (.80)	0.09 (.94)	1.31 (.67)	0.31 (1.13)
Model χ²	20.14	10.51	24.26***	16.19	20.72	10.27	11.73

Note. N = 277. Entries are odds ratio; standard errors are given in parentheses.

*p < .001. **p < .01. ***p < .05.

To examine the relationship between engaging in various online activities and the likelihood of becoming a victim of cybercrime, we estimated 7 logistic regression models in which each of the 7 forms of cybercrime victimization was regressed on the 10 online activity variables while holding the control variables constant. The results for the seven models are shown in Table 3. Here, 6 of the 10 online activity variables (banking, reading news, shopping, planning travel, socializing, and communicating with stranger) were significantly related to 4 of the 7 types of cybercrime victimization (computer virus, harassment by nonstranger, unwanted porn, and phishing). Specifically, although engaging in online banking and booking travel online decreased the odds of experiencing harassment by a nonstranger by 68% (Model 3 of Table 3), communicating with strangers online increased the odds of experiencing harassment by a nonstranger by over 230% (Model 3 of Table 3). Communicating with strangers while online also increased the odds of being exposed to pornography by over 110% (Model 4 of Table 3). Further, although spending time socializing online decreased the odds of experiencing computer virus by 66% (Model 1 of Table 3), reading newspapers or magazines as well as shopping for merchandise online increased the odds of experiencing phishing by over 110% (Model 6 of Table 3).

Table 3.

Logistic Regressions of Online Activities and Control Variables on Seven Types of Cybercrime Victimization.

Variables	Model 1	Model 2	Model 3	Model 4	Model 5	Model 6	Model 7
Variables	Computer Virus	Harassment Stranger	Harassment Nonstranger	Unwanted Porn	Sex Solicitation	Phishing	Defamation
Work/school	0.98 (.52)	2.61 (0.87)	7.35 (1.27)	0.61 (0.58)	0.70 (.67)	1.42 (.51)	3.71 (1.26)
Banking	1.15 (.36)	0.70 (0.47)	0.32*** (0.51)	1.56 (0.45)	1.51 (.51)	1.41 (.37)	0.95 (0.63)
Read news	1.83 (.38)	1.04 (0.53)	1.19 (0.54)	2.12 (0.49)	2.23 (.57)	2.31*** (.37)	0.38 (0.54)
Gaming	1.26 (.27)	1.67 (0.37)	1.70 (0.40)	1.81 (0.32)	1.00 (.37)	1.18 (.28)	1.01 (0.49)
Shopping	0.91 (.37)	2.79 (0.62)	0.93 (0.55)	1.56 (0.46)	1.45 (.50)	2.19*** (.38)	1.37 (0.67)
Selling goods	1.13 (.31)	1.08 (0.41)	1.93 (0.44)	1.00 (0.37)	0.85 (.43)	0.69 (.31)	0.86 (0.54)
Planning travel	1.41 (.31)	0.85 (0.41)	0.32** (0.44)	0.68 (0.36)	0.63 (.39)	0.64 (.32)	0.52 (0.50)
Socializing	0.37*** (.38)	0.69 (0.52)	0.59 (0.58)	0.63 (0.43)	0.75 (.47)	0.52 (.38)	0.46 (0.63)
Other activities	0.89 (.44)	0.58 (0.67)	0.43 (0.85)	0.86 (0.50)	0.55 (.66)	0.46 (.43)	0.00 (6.91)
Communicate with stranger	1.47 (.32)	1.28 (0.43)	3.40** (0.43)	2.13*** (0.36)	1.24 (.41)	1.52 (.33)	1.94 (0.51)
Male	1.22 (.29)	1.16 (0.39)	0.51 (0.45)	0.77 (0.34)	1.63 (.37)	0.87 (.29)	0.97 (0.51)
Age	0.98*** (.01)	0.99 (0.01)	0.97 (0.02)	1.01 (0.01)	1.00 (.01)	0.99 (.01)	0.96** (0.02)
White	0.56 (.36)	0.85 (0.47)	2.23 (0.53)	0.41*** (0.40)	0.37** (.42)	1.22 (.36)	1.50 (0.63)
Married	1.26 (.30)	0.86 (0.41)	0.69 (0.45)	0.60 (0.37)	0.59 (.43)	0.70 (.30)	2.30 (0.52)
College plus	1.94 (.38)	1.16 (0.49)	4.35*** (0.64)	1.96 (0.48)	2.01 (.54)	1.83 (0.36)	1.64 (0.67)
Employed	1.03 (.30)	0.31** (0.39)	0.98 (0.43)	0.47*** (0.36)	0.65 (.40)	0.54 (.32)	0.52 (.48)
Cyber deviance	0.67 (.30)	1.01 (0.40)	1.74 (0.40)	1.12 (0.35)	0.97 (.39)	1.10 (.30)	1.07 (0.49)
Constant	1.75 (.93)	0.15 (1.38)	0.05*** (1.58)	0.27 (1.11)	0.19 (1.21)	0.51 (.93)	0.37 (1.69)
Model χ²	29.12***	20.35	47.59*	26.54	18.69	30.71***	25.64

Note. N = 277. Entries are odds ratio; standard errors are given in parentheses.

*p < .001. **p < .01. ***p < .05.

Pertaining to the control variables, relative to younger respondents, older respondents were 2% less likely to have their computer infected with a virus (Model 1 of Table 3) and 4% less likely to experience defamation (Model 7 of Table 3). Further, respondents who were employed were 69% less likely to experience harassment by a stranger (Model 2 of Table 3) and 53% less likely to be exposed to pornography (Model 4 of Table 3). Similarly, relative to non-White respondents, White respondents were 59% less likely to receive unwanted pornographic messages or pictures (Model 4 of Table 3) and 63% less likely to receive a solicitation for sex (Model 5 of Table 3). Conversely, respondents with more education were 335% more likely to experience harassment by someone they know relative to respondents with less education (Model 3 of Table 3).

Finally, to assess the relationship between posting or sharing information online and the risk of becoming a victim in cyberspace, we estimated seven logistic regression models in which each of the seven types of cybercrime victimization was regressed on the six online posting variables while holding the control variables constant. The results for the models are shown in Table 4. Four of the six online posting variables, picture of self, home address, phone number, and other info, emerged as significant predictors of four of the seven types of cybercrime victimization (computer virus, harassment by nonstranger, unwanted porn, and sex solicitation). As shown, although posting one’s phone number online increased the odds of getting a computer virus by almost 250%, posting one’s home address decreased the odd of getting a computer virus by 73% (Model 1 of Table 4). Posting one’s picture online also decreased the odds of receiving unwanted pornographic pictures or messages by 66% (Model 4 of Table 4). On the other hand, posting other information not listed on the survey decreased the odds of experiencing harassment by a nonstranger by 75% (Model 3 of Table 4) and being solicited for sex by 67% (Model 5 of Table 4). Finally, four of the seven control variables were significantly related to six of the seven outcome variables in that relative to younger respondents, older respondents were 2% less likely to get a computer virus (Model 1 of Table 4), 4% less likely to experience harassment by a nonstranger (Model 3 of Table 4), and 4% less likely to experience defamation (Model 7 of Table 4). Further, relative to respondents who were not employed, respondents who were employed were 70% less likely to experience harassment by a stranger (Model 2 of Table 4),² but compared to respondents with less education, respondents with more education were 277% more likely to experience harassment by someone they know (Model 3 of Table 4). Finally, relative to non-White respondents, White respondents were 68% less likely to be solicited for sex (Model 5 of Table 4).

Table 4.

Logistic Regressions of Online Postings and Control Variables on Seven Types of Cybercrime Victimization.

Variables	Model 1	Model 2	Model 3	Model 4	Model 5	Model 6	Model 7
Variables	Computer Virus	Harassment Stranger	Harassment Non-Stranger	Unwanted Porn	Sex Solicitation	Phishing	Defamation
Picture of self	1.11 (.52)	1.12 (0.73)	0.65 (0.63)	0.34*** (.66)	0.42 (0.67)	0.56 (.53)	0.42 (0.84)
Phone number	3.47*** (.55)	1.07 (0.68)	0.94 (0.61)	0.62 (.66)	1.87 (0.63)	0.93 (.52)	1.09 (0.75)
Home address	0.28*** (.65)	0.27 (0.99)	0.49 (0.79)	1.01 (.72)	0.20 (0.93)	0.44 (.62)	0.40 (0.95)
Sexual orientation	0.60 (.61)	1.96 (0.72)	0.65 (0.71)	0.37 (.94)	0.82 (0.78)	0.46 (.61)	1.57 (0.89)
Family conflicts	1.74 (.89)	3.26 (1.01)	1.67 (1.07)	3.34 (1.11)	0.97 (1.27)	4.39 (.98)	3.64 (1.14)
Other info	1.10 (.40)	1.03 (0.58)	0.25** (0.50)	0.48 (.44)	0.33*** (0.49)	0.79 (.40)	0.35 (0.58)
Male	1.35 (.27)	1.20 (0.37)	0.89 (0.40)	1.03 (.32)	1.78 (0.36)	0.98 (.27)	1.13 (0.47)
Age	0.98*** (.01)	0.98 (0.01)	0.96*** (0.01)	1.00 (.01)	1.00 (0.01)	0.99 (.01)	0.96** (0.02)
White	0.54 (.36)	0.84 (0.48)	1.71 (0.53)	0.53 (.39)	0.32** (0.43)	1.44 (.36)	1.27 (.62)
Married	1.39 (.30)	0.94 (0.42)	0.67 (0.44)	0.55 (.36)	0.58 (0.42)	0.71 (.29)	1.87 (.52)
College plus	2.00 (.37)	1.27 (0.50)	3.77*** (0.61)	2.18 (.48)	2.52 (0.57)	1.94 (.36)	1.53 (0.64)
Employed	1.16 (.30)	0.30** (0.39)	0.78 (0.42)	0.50*** (.35)	0.62 (0.41)	0.57 (.31)	0.50 (0.47)
Cyber deviance	0.60 (.30)	0.90 (0.41)	1.47 (0.39)	1.26 (.35)	0.86 (0.40)	1.15 (0.30)	0.88 (.49)
Constant	1.38 (.59)	0.73 (0.92)	0.44 (1.01)	0.80 (.79)	0.62 (0.88)	1.68 (.68)	0.76 (1.12)
Model χ²	24.02***	17.40	30.06**	19.30	21.27	12.77	16.12

Note. N = 277. Entries are odds ratio; standard errors are given in parentheses.

*p < .001. **p < .01. ***p < .05.

Discussion and Conclusion

In cyberspace, vulnerabilities exist on every type of information system (e.g., social networking, gaming, shopping, banking). In combating cybercrime, commercial security software products such as firewalls, antivirus software, and antispyware programs typically serve as the first line of defense for computer systems as well as users (but see, Holt & Bossler, 2014). However, focusing solely on the technical aspect of the problem and neglecting the human side of the issue will inhibit the development and implementation of effective preventive measures. If recent headlines on hacking and data breaching are any indication, even the most sophisticated security systems today are incapable of preventing ordinary citizens and businesses from falling victim to cybercrime. Yet, the human factor remains security’s weakest link in cyberspace (Wiederhold, 2014).

Accordingly, examining and understanding the types of users and usage that may heighten the risks of victimization in cyberspace are crucial for devising practical and effectual strategies and policies to mitigate and prevent cybercrime. Toward this end, this study appealed to the integrated lifestyle–routine activities theoretical framework that predicts that cybervictimization increases as online usage (exposure to motivated offenders) and online risky behaviors (online activities and online postings) increases. We explore the associations between 5 specific online frequency variables (internet hours, email hours, instant messaging hours, chat hours, and social media hours), 10 specific activities or tasks that an individual engages in while online (school/work, banking, reading news, gaming, shopping, selling goods, planning travel, socializing, communicating with stranger, and other activities), and 6 online posting variables (picture of self, phone number, home address, sexual orientation, family conflicts, and other info) on the likelihood of being a victim in cyberspace. Our outcome measures encompass seven distinct forms of cybercrime including: getting a computer virus, being exposed to pornography, receiving solicitation for sex, encountering phishing, being harassed by a stranger, being harassed by a nonstranger, and experiencing defamation.

We uncovered several notable findings, some of which support integrated LRAT and some which are not as supportive. Among the online frequency variables, except for the variable of internet hours (which was significantly related to the likelihood of being exposed to pornography), we found the length of time one spends in cyberspace does not appear to impact their risk of falling victim to cybercrime, a result inconsistent with LRAT since more exposure to motivated offenders would predict an increased odds of victimization. Yet, it is noteworthy that this finding parallels the findings generated from several prior studies on cybercrime victimization (Holt & Bossler, 2013; Ngo & Paternoster, 2011; Reyns & Henson, 2016). Further, while cybercrime victimization appears to be unrelated to the length of time an individual spends in cyberspace, we discovered that it is the time one spends engaging in specific activities on the computer that is salient in understanding cybercrime victimization. In particular, we found that individuals who read newspapers/articles and shop online were at risk of falling victim to phishing (Model 6 of Table 3), but individuals who socialize online were less likely to have their computers infected with a virus. While the former finding appears to be intuitive, the latter finding is unexpected. It is plausible that the observed negative association between online socializing and computer virus results from prior experiences with cybercrime victimization (i.e., the respondents took measures to protect their computers after they fell victim to cybercrime) or from the inability of respondents to know unequivocally whether or not their computer was infected with a virus. Hence, we encourage future research to employ longitudinal analysis to determine the causal effect between online socializing and having one’s computer infected with a virus.

We also found that individuals who communicate with strangers online had a heightened risk of being harassed by a nonstranger and receiving unwanted pornographic messages/pictures, while individuals who conduct online banking and planning their travel online had a lower risk of experiencing harassment by a nonstranger. The latter finding is somewhat puzzling but given the positive bivariate correlation (results not shown) between computer deviance and harassment by a nonstranger (individuals who engaged in computer deviance were at risk of being harassed by someone they know), we suspect that this finding could be attributed to the possibility that individuals who conduct online banking and planning their travel online were less likely to engage in computer deviance. When we explored the above supposition, we found that among respondents who conduct online banking, almost 70% did not engage in computer deviance, and among respondents who plan their travel online, over 70% did not engage in computer deviance. Since computer deviance has been found to be a correlate of cybercrime victimization (Holt & Bossler, 2009; Ngo & Paternoster, 2011), we encourage future research to explore the mediating and moderating effects of computer deviance on the relationships between online frequency, online activities, online postings, and online victimization.

Similar to the finding that it is the time one spends engaging in specific online activities that increase(s) their likelihood of experiencing cybercrime victimization, we found a significant association between specific information that one posts or shares online and their risk of online victimization. In particular, we found individuals who post or share information about family conflicts were more likely to get a computer virus, experience harassment by a stranger, and be exposed to pornography relative to individuals who did not post or share this information. We also uncovered that individuals who post their home addresses online had an increased risk of experiencing harassment by a nonstranger. Given that social media is one of the most popular online activities today (Statista, n.d.), individuals often post or share personal information online as a way to stay connected to people they may not otherwise stay in touch with, once someone puts something on the internet it is there forever, and information found on the internet could be used for nefarious and illegal purposes (Trace Security, 2018), we call on future research to better identify the causal mechanism(s) that links online posting and cybercrime victimization as well as examine plausible interventions to address the underlying causes (e.g., the role that online companies, online service platforms, and third-party interventions play in curbing online harassment).

Among the control variables, we consistently found that relative to younger participants, older participants were less likely to get a computer virus, be harassed by a nonstranger, and experience defamation. To further explore the relationship between age and the risk of falling victim to cybercrime, we created two subsamples—respondents age 50 or older and respondents less than 50 years old³—and performed a series of mean difference tests to examine differences in the mean number of online hours, online activities, and online postings between these two groups (results not shown).⁴ We uncovered that individuals who were less than 50 years old had a significantly higher mean number of internet hours, instant messaging hours, chat hours, and social media hours compare to individuals aged 50 or older. The mean number of email hours was not significantly different between the two groups.

We also found that relative to individuals aged 50 or older, a significantly higher proportion of individuals who were less than 50 years old engaged in 7 of the 10 online activities included in this study (school/work, banking, gaming, selling goods, planning travel, socializing, and communicating with stranger). Conversely, compared to individuals who were less than 50 years old, a significantly higher proportion of individuals aged 50 or older engaged in activities that were not listed in the study survey (other activities). The proportion of individuals who read newspapers online and shop online did not differ significantly between the two groups. Relatedly, we uncovered a higher proportion of individuals who were less than 50 years old disclosed information about their sexual orientation online, and a higher proportion of individuals aged 50 or older shared information that was not listed on the study survey online (other postings). The proportion of individuals who posted their pictures, phone numbers, home addresses, and family conflicts did not differ significantly between the two groups.

Taken together, the additional analysis seems to substantiate the findings suggested from prior research that younger people tend to spend longer time online engaging in various activities, making themselves more exposed to online risks (Bossler & Holt, 2009; Gopal et al., 2004; Higgins, 2005; Hinduja, 2001; Ngo & Paternoster, 2011). Nevertheless, it is plausible that relative to younger individuals, older individuals tend to be less vulnerable to certain types of cybercrime (e.g., online harassment, online sex solicitation, exposure to unwanted pornography) but are more susceptible to other types such as online fraud, financial crimes, identity theft, and so on (see Mesch & Dodel, 2018; Näsi et al., 2015; Reyns, 2013). Since there is evidence that cybercriminals are targeting senior citizens because compared to the average population, seniors tend to be technologically less savvy, more asset-rich, and more trusting (Grimes et al., 2010; Munanga, 2019), we recommend that future research broaden the categories of cybercrime victimization and include the types of cybercrime that we did not include in our study (e.g., online fraud, dating scams, ransomware, online stalking). We also advocate for innovative methods to gather evidence of victimization associated with hard-to-detect crimes committed online such as hacking, malware, and data breach.

We also found that relative to female and White participants, male and non-White participants were more likely to be solicited for sex, and relative to Whites, non-Whites were more likely to be exposed to pornography. To further explore the relationships between sex and cybercrime and between race and cybercrime, we performed a series of mean difference tests to examine differences in the mean number of online hours, online activities, and online postings between males and females as well as between Whites and non-Whites (results not shown).⁵ We found no significant differences in the mean number of internet hours, email hours, instant messaging hours, chat hours, and social media hours between males and females. Likewise, we did not find significant differences in the proportion of males and females who post their pictures, phone numbers, home addresses, sexual orientation, information about family conflicts, or other information online. However, we uncovered that relative to males, a significantly higher proportion of females shopped, socialized, and booked their travels online. Conversely, compared to females, a significantly higher proportion of males indicated that they communicate with strangers online. Concerning the results for Whites and non-Whites, we found no significant differences with respect to online frequency, online activities, and online postings between the two groups.

Given the robust correlations between sex, race, and off-line victimization (see Button et al., 2012; Fox et al., 2009; Lauritsen et al., 2014) and the assumption that everyone who is connected to the internet is a potential victim of cybercrime, we encourage future research to further examine the effects of demographic factors on the risk of cybercrime victimization. It is plausible that personality factors, rather than demographic characteristics, are salient factors in understanding cybercrime and cybercrime victimization (see Holt et al., 2020; Mesch & Dodel, 2018).

In addition to sex, age, and race, we found that individuals who were employed had a lower risk of experiencing harassment by a stranger and being exposed to pornography, while individuals with a college, professional, or graduate degree were more likely to experience harassment by a nonstranger. The former finding could be attributed to the possibility that individuals who are employed tend to spend less time surfing the internet and/or visiting chat rooms and this, in turn, decreases their chances of experiencing harassment by a stranger as well as being exposed to pornography. This latter finding is both interesting and puzzling. One plausible explanation is that individuals with more education choose to engage in various online debates and forums, and this fact increases their likelihood of experiencing online harassment. In light of the above finding and the speculation that everyone has an equal chance of becoming a victim in cyberspace (Ashford, 2017), we urge future research to investigate the linkage between individuals’ employment status, financial characteristics, and their risks of online victimization.

Overall, we found some support for integrated LRAT; however, this theory may not provide a full understanding of cyber victimization. According to our results, it may not be that increased general exposure to motivated offenders increases the risk of victimization but more specifically the kind of exposure. Furthermore, this study furthers our knowledge on the types of online behavior and online postings that embody a more risky lifestyle, instead of general online behavior or postings creating a general increased victimization risk overall in itself. Therefore, more studies are needed to clarify and provide more specifics on the association between online behavior and cyber victimization within the context of an integrated LRAT, and this would certainly include additional and different measures used to assess aspects of LRAT within the cyberworld.

Returning to the assumption that everyone who is connected to the internet is a potential victim of cybercrime, we believe a pertinent topic for future exploration is to examine and explore the protective—instead of risk—factors that may limit individuals’ exposure to online crime and deviance. That is, it may be that how long people spend online, what they do online, or what they post online matters some but it is what persons fail to do in terms of prevention and taking precaution that elevates their vulnerabilities to online victimization in more significant ways. For instance, to combat the crime of identity theft, cybersecurity experts have recommended the following strategies: (1) monitor one’s credit card accounts and bank statements, (2) obtain free credit reports and review them every year, (3) password protect one’s computer and other devices, (4) use caution when sharing account numbers or personal information online or over the phone, and (5) shred documents that include personal information before disposing of them (Experian, n.d.; USA.gov, n.d.). It is important to note that the above recommendations concede the fact that we live in a technologically interconnected world, and people must rely on computers and the internet for many aspects of their lives. Hence, people will have to spend time online, engage in various activities online, and post and share information online. The solution to combating and preventing cybercrime victimization, therefore, is on educating and encouraging internet users to adopt and implement preventive measures. We appeal to future research to undertake the task of examining how protective factors affect individuals’ likelihood of falling to crime and deviance online.

Lastly, it is important to acknowledge the limitations of this study. First, our research involves a convenience sample, and hence, our findings are not generalizable to the larger population. Relatedly, the survey was unable to parcel out the two different but related samples within our work. Second, the sample size in our study is somewhat small, and a larger sample size may yield different findings and insights. Third, the use of cross-sectional data in our study may confound the time ordering of the predictor variables and the outcome variable. Fourth, our data do not include measures of guardianship, one of the key components of LRAT. We call on future research to further examine the relationship between online guardianships and cybercrime victimization as well as explore the effects of specific measures of guardianship on specific types of victimization (see, e.g., Holt & Bossler, 2015; Navarro et al., 2016). Fifth, the list of control variables included in our analysis is rather limited. We suggest future research expand the list of control variables (particularly including measures such as participants’ knowledge about computers and computer systems, participants’ awareness regarding various tactics and deceptive ploys employed by cybercriminals, whether participants undertook preventive measures such as creating complex passwords, having their credit history and activities monitored, etc.) as well as consider relevant and significant mediating and moderating variables in their analyses.

Relatedly, we recommend future research to expand the list of online activities and online postings and include additional items that were not included in this study. We also encourage future research to explore and identify online situations in which individuals display a high tendency to discount the risk of sharing personal and private information. For example, in the physical world, there is evidence that people tend to be more willing as well as more likely to share personal and confidential information in less formal settings such as casual conversation or on social networks (John et al., 2011). Sixth, our survey did not include questions related to portable devices including mobile phones, tablets, and external hard disks. The ubiquitous of handheld and mobile devices in today’s society and the Internet of Things phenomenon warrant future research consideration and efforts. In particular, we encourage future research to explore the impact of embedded technologies including wireless sensor networks, home automation, voice control systems, and so on, on criminal victimization occurring both online and off-line. Given the mental and especially financial costs associated with cybercrime—particularly identity theft (see Green et al., 2020)—it is not surprising that people are willing to pay some amount of money for some level of external protection (Piquero et al., 2011). Yet, it is still the case that persons may inadvertently put themselves in harm’s way by the nature of their online activities. Further analyses of the risk and protective factors for cybercrime victimization will be useful in helping to identify additional points of prevention.

Footnotes

Declaration of Conflicting Interests

The authors declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The authors received no financial support for the research, authorship, and/or publication of this article.

Notes

References

Ashford

(2017). Cyber crime a significant risk to individuals and organisations. ComputerWeekly.com. https://www.computerweekly.com/news/450426626/Cyber-crime-a-significant-risk-to-individuals-and-organisations

Bergmann

M. C.

Dreißigacker

von Skarczinski

Wollinger

G. R.

(2018). Cyber-dependent crime victimization: The same risk for everyone? Cyberpsychology, Behavior, and Social Networking, 21, 84–90.

Bossler

A. M.

Holt

T. J.

(2009). On-line activities, guardianship, and malware infection: An examination of routine activities theory. International Journal of Cyber Criminology, 3(1), 974–2891.

Button

D. M.

O’Connell

D. J.

Gealt

(2012). Sexual minority youth victimization and social support: The intersection of sexuality, gender, race, and victimization. Journal of Homosexuality, 59, 18–43.

Cohen

L. E.

Felson

(1979). Social change and crime rate trends: A routine activity approach. American Sociological Review, 44, 588–608.

Cohen

L. E.

Kluegel

J. R.

Land

K. C.

(1981). Social inequality and predatory criminal victimization: An exposition and test of a formal theory. American Sociological Review, 46, 505–524.

Dillman

D. A.

(2007). Mail and Internet surveys: The tailored design method. Wiley.

Eck

J. E.

Clarke

R. V.

(2003). Classifying common police problems: A routine activity approach. Crime Prevention Studies, 16, 7–40.

Experian. (n.d.). Identity theft basics. https://www.experian.com/blogs/ask-experian/acr-faqs/acr-identity-theft-basics/

10.

Felson

(2002). Crime and everyday life. Sage.

11.

Fox

K. A.

Nobles

M. R.

Piquero

A. R.

(2009). Gender, crime victimization and fear of crime. Security Journal, 22, 24–39.

12.

Gopal

Sanders

Bhattacharjee

Agrawal

Wagner

(2004). The voice of victims of crime: Estimating the true level of conventional crime. Forum of Crime and Society, 3, 127–140.

13.

Green

Gies

Bobnis

Piquero

N. L.

Piquero

A. R.

Velasquez

. (2020). Exploring identity-based crime victimizations: Assessing threats and victim services among a sample of professionals. Deviant Behavior. https://doi.org/10.1080/01639625.2020.1720938

14.

Grimes

G. A.

Hough

M. G.

Mazur

Signorella

M. L

(2010). Older adults’ knowledge of Internet hazards. Journal of Educational Gerontology, 36, 173–192.

15.

Higgins

G. E.

(2005). Can low self-control help with the understanding of the software piracy problem? Deviant Behavior, 26, 1–24.

16.

Hindelang

M. J.

Gottfredson

M. R.

Garofalo

(1978). Victims of personal crime: An empirical foundation for a theory of personal victimization. Ballinger.

17.

Hinduja

(2001). A book review on. International Journal of Comparative and Applied Criminal Justice, 109–110. https://doi.org/10.1080/01924036.2001.9678667

18.

Holt

T. J.

Bossler

A. M.

(2013). Examining the relationship between routine activities and malware infection indicators. Journal of Contemporary Criminal Justice, 29, 420–436.

19.

Holt

T. J.

Bossler

A. M.

(2014). An assessment of the current state of cybercrime scholarship. Deviant Behavior, 35, 20–40.

20.

Holt

T. J.

Bossler

A. M.

(2015). Cybercrime in progress: Theory and prevention of technology-enabled offenses. Routledge.

21.

Holt

T. J.

van Wilsem

van de Weijer

Leukfeldt

(2020). Testing an integrated self-control and routine activities framework to examine malware infection victimization. Social Science Computer Review, 38, 187–206.

22.

Holtfreter

Reisig

M. D.

Leeper Piquero

Piquero

A. R.

(2010). Low self-control and fraud: Offending, victimization, and their overlap. Criminal Justice and Behavior, 37, 188–203.

23.

Internet Crime Complaint Center. (2019). 2019 Internet crime report. https://pdf.ic3.gov/2019_IC3Report.pdf

24.

John

L. K.

Acquisti

Loewenstein

(2011). Strangers on a plane: Context-dependent willingness to divulge sensitive information. Journal of Consumer Research, 37, 858–873.

25.

Lauritsen

J. L.

Rezey

M. L.

Heimer

(2014). Violence and economic conditions in the United States, 1973-2011: Gender, race, and ethnicity patterns in the national crime victimization survey. Journal of Contemporary Criminal Justice, 30, 7–28.

26.

Leukfeldt

E. R.

(2014). Phishing for suitable targets in the Netherlands: Routine activity theory and phishing victimization. Cyberpsychology, Behavior, and Social Networking, 17, 551–555.

27.

Leukfeldt

E. R.

Yar

(2016). Applying routine activity theory to cybercrime: A theoretical and empirical analysis. Deviant Behavior, 37, 263–280.

28.

Mabunda

. (2017, May 30–June 2). Applying the Gordon & Ford categorisation and the routine activities theory to cybercrime: A suitable target. In 2017 IST-Africa Week Conference (IST-Africa). Windhoek, Namibia. IEEE.

29.

Marcum

C. D.

Ricketts

M. L.

Higgins

G. E.

(2010). Assessing sex experiences of online victimization: An examination of adolescent online behaviors utilizing routine activity theory. Criminal Justice Review, 35, 412–437.

30.

Mesch

G. S.

Dodel

(2018). Low self-control, information disclosure, and the risk of online fraud. American Behavioral Scientist, 62, 1356–1371.

31.

Miethe

T. D.

Meier

R. F.

(1990). Opportunity, choice, and criminal victimization: A test of a theoretical model. Journal of Research in Crime and Delinquency, 27(3), 243–266.

32.

Miethe

T. D.

Meier

R. F.

(1994). Crime and its social context: Toward an integrated theory of offenders, victims, and situations. State University of New York Press.

33.

Munanga

(2019). Cybercrime: A new and growing problem for older adults. Journal of Gerontology of Nursing, 45, 3–5.

34.

Näsi

Oksanen

Keipi

Räsänen

(2015). Cybercrime victimization among young people: A multi-nation study. Journal of Scandinavian Studies in Criminology and Crime Prevention, 16, 203–210.

35.

Näsi

Räsänen

Kaakinen

Keipi

Oksanen

(2017). Do routine activities help predict young adults’ online harassment: A multi-nation study. Criminology & Criminal Justice, 17, 418–432.

36.

National Academies of Sciences, Engineering, and Medicine. (2018). Modernizing crime statistics—Report 2: New systems for measuring crime. The National Academies Press.

37.

Navarro

J. N.

Clevenger

Marcum

C. D.

(Eds.). (2016). The intersection between intimate partner abuse, technology, and cybercrime: Examining the virtual enemy. Carolina Academic Press.

38.

Ngo

F. T.

Paternoster

(2011). Cybercrime victimization: An examination of individual and situational level factors. International Journal of Cyber Criminology, 5, 773–793.

39.

Piquero

N. L.

Cohen

M. A.

Piquero

A. R

. (2011). How much is the public willing to pay to be protected from identity theft? Justice Quarterly, 28, 437–459.

40.

Porter

S. R.

Whitcomb

M. E.

(2007). Mixed-mode contacts in web surveys: Paper is not necessarily better. Public Opinion Quarterly, 71, 635–648.

41.

Pratt

T. C.

Holtfreter

Reisig

M. D.

(2010). Routine online activity and internet fraud targeting: Extending the generality of routine activity theory. Journal of Research in Crime and Delinquency, 47, 267–296.

42.

Pratt

T. C.

Turanovic

J. J.

(2016). Lifestyle and routine activity theories revisited: The importance of “risk” to the study of victimization. Victims & Offenders, 11(3), 335–354.

43.

Ranchhod

Zhou

(2001). Comparing respondents of e-mail and mail surveys: Understanding the implications of technology. Marketing Intelligence & Planning, 254–262.

44.

Reyns

B. W.

(2013). Online routines and identity theft victimization: Further expanding routine activity theory beyond direct-contact offenses. Journal of Research in Crime and Delinquency, 50, 216–238.

45.

Reyns

B. W.

(2015). A routine activity perspective on online victimisation. Journal of Financial Crime, 22, 396–411.

46.

Reyns

B. W.

Henson

(2016). The thief with a thousand faces and the victim with none: Identifying determinants for online identity theft victimization with routine activity theory. International Journal of Offender Therapy and Comparative Criminology, 60, 1119–1139.

47.

Reyns

B. W.

Henson

Fisher

B. S.

(2011). Being pursued online: Applying cyberlifestyle–routine activities theory to cyberstalking victimization. Criminal Justice and Behavior, 38, 1149–1169.

48.

Reyns

B. W.

Henson

Fisher

B. S.

(2016). Guardians of the cyber galaxy: An empirical and theoretical analysis of the guardianship concept from routine activity theory as it applies to online forms of victimization. Journal of Contemporary Criminal Justice, 32, 148–168.

49.

Statista. (n.d.). Number of social media users worldwide from 2010 to 2021. https://www.statista.com/statistics/278414/number-of-worldwide-social-network-users/

50.

Trace Security. (2018). Avoid social media cybercrime. https://www.tracesecurity.com/blog/articles/avoid-social-media-cybercrime

51.

USA.gov. (n.d.). Identity theft. https://www.usa.gov/identity-theft

52.

Vakhitova

Z. I.

Reynald

D. M.

Townsley

(2016). Toward the adaptation of routine activity and lifestyle exposure theories to account for cyber abuse victimization. Journal of Contemporary Criminal Justice, 32, 169–188.

53.

Van Wilsem

(2013a). “‘Bought it, but never got it.’ Assessing risk factors for online consumer fraud victimization.” European Sociologic Review, 29(2), 168–178.

54.

Van Wilsem

(2013b). Hacking and harassment—Do they have something in common? Comparing risk factors for online victimization. Journal of Contemporary Criminal Justice, 29, 437–453.

55.

Wiederhold

B. K.

(2014). The role of psychology in enhancing cybersecurity. Cyberpsychology, Behavior, and Social Networking, 17, 131–132.

56.

Williams

M. L.

(2016). Guardians upon high: An application of routine activities theory to online identity theft in Europe at the country and individual level. British Journal of Criminology, 56, 21–48.

57.

Windle

. (2017). 10 Ways what you share on Facebook could make you a crime target…so how many are you guilty of? The Sun. https://www.thesun.co.uk/living/4119821/10-share-facebook-crime-target/

58.

Yar

(2005). The novelty of “cybercrime” an assessment in light of routine activity theory. European Journal of Criminology, 2, 407–427.