Routine Activity Theory and Phishing Victimisation: Who Gets Caught in the ‘Net’?

Abstract

Phishing is the use of fraudulent emails to obtain personal financial information from victims by posing as legitimate financial institutions or commerce sites. This exploratory study involved interviewing 104 participants, 50 of whom reported having received a phishing email. The theoretical foundation for this research is Routine Activity Theory, whereby crime is considered to be the consequence of the presence of a motivated offender, the presence of a suitable target, and the absence of a capable guardian. One of the findings arising from this research indicates that potential victims who undertake high levels of routine activities relating to computer use and internet banking use are more likely to be attacked by motivated offenders. However, it is proposed that high measures in these variables also act as protective factors against subsequent victimisation. Additionally, email filters, although they may be effective in blocking a large number of spam emails, are unable to differentiate legitimate emails from some phishing attacks.