You talk about the “hybridisation of crime”, where criminal behaviour fundamentally involves both offline and online components. A key question is whether we are dealing with a genuinely new group of offenders, or if cybercrime is simply a change in medium. What types of crimes are you primarily investigating to answer this?
Dr. Bekkers: “Our research focuses mainly on two of the most prevalent types of cybercrime: cyber-dependent crimes, which are technical offences committed using and aimed at IT, such as hacking, DDoS attacks, and ransomware, and financially motivated cybercrimes, which we often refer to as online frauds. Understanding these two groups helps us determine their profiles and pathways.
Let’s start with the hackers. Their profile seems to contradict that of the classic criminal. What sets the cyber-dependent offender apart?
Dr. Bekkers: “Indeed, their profile significantly contradicts what we expect based on traditional criminological insights. For instance, unlike traditional offenders, who typically display low self-control – a key risk factor for criminal behaviour – hackers exhibit higher levels of self-control. This makes sense because complex crimes like hacking require significant competence, time, effort, and patience to learn. We also find they often have higher intelligence than non-offenders, programming skills, and tend to follow jobs and education specifically in IT.
Furthermore, they are not the stereotypical loners operating out of an attic. They are very much influenced by their social network, learning and operating together, sometimes with peers known from gaming or the physical world. Their pathway often involves an early interest in IT – often before the age of 10 – followed by continuous self-improvement using publicly accessible resources like YouTube and forums. The escalation into crime happens when they are exposed to deviant online environments and are encouraged in offending behaviours, perhaps testing their skills against systems like their own school network as a personal challenge, which, although often starting as non-financial, can lead to reputation-building or later monetisation.
Turning to the other group, the financial cybercriminals, such as those involved in phishing or online marketplace fraud, how do they compare to the hacker profile?
Dr. Bekkers: “These online fraudsters present a profile much more in line with the traditional criminal. We see in self-report studies that they perform poorly at school, lack self-control and empathy, are high in so-called Dark Triad traits – narcissism, Machiavellianism, and psychopathy – and lack meaningful leisure activities. For this group, cybercrime is simply “on the menu”. We have evidence that they are literally the same people who previously committed crimes offline for financial reasons who now use the digital realm because it offers new opportunities. For example, one suspect was arrested for robbery with a machete and a gun and later for online fraud. Their motivation is purely financial; they act based on opportunity and risk perception.
Online frauds are complex. How are these crimes structured, and what is the role of networks and local environments?
Dr. Bekkers: “Online frauds are almost always committed by groups. We identified core members who are the key figures, coordinating attacks and recruiting others. They rely heavily on the so-called money mules – individuals who receive stolen funds into their bank accounts – to remain anonymous. The money is quickly withdrawn in cash, often using local ATMs, ensuring the fraudster’s identity is protected. In the cases we investigated, the networks consist of one to a dozen core suspects but can have hundreds of money mules.
Crucially, these financial cybercriminal networks almost always originate and grow in a local neighbourhood. Core members generally know each other from their past, having grown up together or lived on the same street, providing necessary trust in a criminal environment where they cannot rely on the police or the law. Recruitment is also locally anchored. They actively approach potential money mules in places like parks or homeless shelters. In spite of these local roots, networks are capable of crossing boundaries between national regions and even neighbouring countries, recruiting co-offenders abroad and targeting victims from other nations.
Where does social media fit into this locally embedded structure?
Dr. Bekkers: Although the networks are locally anchored, social media platforms like Telegram, Instagram, and Snapchat act as an extension of the local network. They can function as an online offender convergence setting, offering a place to connect with others, obtain specialised knowledge and recruit money mules. It has become a key pathway into cybercrime. However, even when using platforms to advertise, they often include local parameters in the ads such as “Do you live in South Holland?” because physical meetings are still necessary for certain aspects of the crime.
Finally, how can we use this understanding of their profiles and recruitment methods to intervene?
Dr. Bekkers: We developed an evidence-based intervention targeting the recruitment of money mules on social media. By carefully analysing the format of criminal recruitment ads, we recreated our own, posing as a company named “MoneymakerNL”. We bought advertising space on Instagram and showed these ads to young, at-risk individuals, with the promise of quick money using a bank card.
Those who clicked were redirected to a landing page warning them that money mule activity is punishable, the criminals merely use them, and they are the ones taking the risk. In our pilot, we reached almost 100,000 unique individuals in one month. It was somewhat surprising to see that one per cent of them clicked on the ads, showing that there is a significant group interested in making money with their bank account. While determining the success of this campaign is difficult in terms of decreased offending, it is a vital step in terms of reach and providing preventative information to this target population.
