Lesson Objectives
At the end of this lesson, learners should be able to connect cybercrime with the major concerns of criminology, explain how digital environments affect offenders and victims, and discuss the importance of digital evidence, attribution, and interdisciplinary knowledge.
Cybercrime Belongs Within Criminology
Criminology studies crime, criminal behavior, victimization, law enforcement, social control, investigation, corrections, prevention, and the operation of the criminal justice system. Cybercrime belongs within this field because it involves all these concerns.
The presence of technology does not remove the human and social dimensions of crime. Behind a phishing message, hacked account, fraudulent transaction, or malicious program is a human decision, organizational process, or criminal objective. Someone selects the target, chooses a method, calculates the possible reward, and attempts to avoid detection.
Technology changes the environment of the crime, but the basic criminological questions remain. Who committed the act? Why was it committed? Who was harmed? What opportunity made it possible? How should society respond? What conditions could be changed to prevent a similar incident?
The Changing Nature of the Offender
Cyber offenders are often portrayed as technically gifted individuals capable of writing advanced computer code. In reality, cyber offenders vary greatly in skill, motive, organization, and experience.
Some possess advanced technical knowledge. Others rely on publicly available tools, stolen credentials, copied scripts, purchased malware, or instructions found in online communities. Many offenders depend more heavily on manipulation than on technical sophistication.
A scammer who convinces a victim to reveal an OTP may not need to defeat a bank’s security system. The victim is manipulated into authorizing the transaction. In such cases, the offender attacks the human decision-making process rather than the software itself.
Cyber offenders may work alone, in small groups, or as part of organized networks. One person may gather personal information, another may communicate with victims, another may control payment accounts, and another may withdraw or transfer the proceeds. The visible account used in the crime may therefore represent only one part of a larger operation.
Digital offenders may also operate several false identities, use compromised accounts, share devices, or communicate through encrypted channels. This complicates identification and investigation.
The Changing Nature of the Victim
Cybercrime victims may be individuals, families, businesses, schools, government agencies, or entire groups of users. Victimization can occur because of weak security, but it can also occur because offenders deliberately exploit normal human behavior.
People respond to messages based on trust, familiarity, fear, curiosity, urgency, authority, and emotion. Cybercriminals study and manipulate these reactions. A message may appear to come from a supervisor, family member, bank, courier, government agency, or social media platform. The more familiar and urgent the situation appears, the less likely the victim may be to pause and verify it.
Victims should not automatically be described as careless or ignorant. Even experienced users can be deceived when an attack is well-timed, professionally designed, and based on accurate personal information.
The harms suffered may extend beyond financial loss. Victims may experience shame, anxiety, loss of confidence, reputational damage, family conflict, professional consequences, and fear that personal information will continue to be misused.
These effects make cybercrime an important area of victimology.
The Changing Nature of the Crime Scene
A physical crime scene usually has a recognizable location. A cybercrime scene may involve several connected digital spaces.
Consider an account takeover followed by online fraud. The initial compromise may begin through a phishing link sent by message. The stolen credentials may be entered on a fake website. The offender may then access the social media account through another device, communicate with the victim’s contacts, and receive money through a digital wallet. Relevant records may exist on the victim’s phone, the phishing website, the social media platform, the offender’s device, the payment service, and the telecommunications network.
No single location contains the entire incident. The crime scene is distributed, and each source contributes only part of the evidence.
This changes how investigators identify, collect, preserve, and interpret evidence.
The Nature of Digital Evidence
Digital evidence may include messages, emails, photographs, videos, audio recordings, account histories, transaction records, browser activity, metadata, device information, system logs, location records, and files stored in local or cloud-based systems.
Unlike many physical objects, digital evidence can be copied without obvious changes in appearance. It can also be renamed, edited, compressed, forwarded, converted, or deleted. This creates both opportunities and risks for investigation.
A screenshot may help document what was visible at a particular time, but it may not reveal the full message history, technical source, account ownership, metadata, or whether the content was altered. It should therefore be treated as one form of documentation rather than automatic proof of authorship or authenticity.
Proper handling requires investigators and victims to preserve original files when available, record relevant dates and account details, avoid unnecessary editing, and follow lawful procedures when accessing devices or requesting platform records.
The Problem of Attribution
Attribution refers to the process of connecting a digital act to the person or group responsible for it. It is one of the most challenging areas of cybercrime investigation.
An account may be registered under one person’s name but operated by another. A device may be owned by one person, shared by several family members, or temporarily used by someone else. A social media profile may be compromised, and a false account may use another person’s photograph and personal information.
Investigators must therefore avoid assuming that the visible account holder automatically committed the offense. They may need to distinguish among the registered owner, device owner, person with access, actual operator, organizer, and beneficiary.
Digital records may support attribution, but they must be examined together with witness statements, financial evidence, device analysis, communication patterns, and other surrounding circumstances.
Cybercrime and Criminal Opportunity
Criminologists are concerned not only with offenders but also with the opportunities that make crime possible. In digital environments, criminal opportunity may arise from weak passwords, exposed personal information, poor account recovery controls, outdated software, insufficient institutional safeguards, and lack of public awareness.
A large number of potential victims may be available on a single platform. Offenders can observe users, collect public information, test different messages, and identify individuals who respond. The cost of attempting the crime may be low, while the possible reward may be high.
This environment affects offender decision-making. When the perceived risk of detection is low and the number of targets is high, some individuals may view cybercrime as an attractive opportunity.
Crime prevention must therefore reduce both technical and human vulnerabilities.
The Need for Interdisciplinary Competence
Cybercrime cannot be understood through one discipline alone. Legal knowledge is necessary to determine the offense and the limits of investigative authority. Technical knowledge is necessary to understand systems, accounts, data, and digital traces. Psychology helps explain manipulation and decision-making. Sociology explains group influence, digital culture, and social conditions. Criminology integrates these concerns by examining offending, victimization, prevention, and justice.
Criminologists do not need to replace digital forensic examiners, cybersecurity professionals, lawyers, or programmers. Their role is to understand how these disciplines connect and to communicate accurately with specialists.
A criminologist who understands the basic language of digital evidence can ask better questions, recognize limitations, avoid misleading conclusions, and contribute more effectively to investigation and public education.
Illustrative Scenario
A defamatory post appears on a social media account bearing the name and photograph of a particular individual. The victim immediately accuses that individual of creating the post.
However, later examination shows that the account was recently created using copied photographs and false contact information. The visible profile therefore did not reliably identify the person who operated it.
This example illustrates why attribution requires more than reading the name on an account. Investigators must establish who created, controlled, and used the account during the relevant period.
Key Takeaways
- Cybercrime is directly related to the main concerns of criminology.
- Cyber offenders do not always require advanced technical skills.
- Victims may be manipulated through ordinary emotions and social trust.
- Digital evidence may be distributed, altered, copied, or deleted.
- Account ownership does not automatically establish actual authorship or control.
- Cybercrime requires cooperation among criminology, law, technology, psychology, and forensic science.