Individual differences in cyber security behavior using personality-based models to predict susceptibility to sextortion attacks

The term sextortion is derived from the words sex and extortion. Extortion is about causing fear or threat in order to obtain something of value by the perpetrator. These threats could be to cause physical harm, commit a crime, or expose sensitive information (Lindgren, 1993). In the context of cyber sextortion, the threat is of the online release of explicit, intimate, or embarrassing sexual images in the absence of consent, in an attempt to procure additional images, money, or something of valuable nature to the attackers (Patchin & Hinduja, 2018). Cyber sextortion utilizes social engineering and phishing techniques as attack vectors, which has been considered a cyber security problem. In recent times, this problem has been growing, mostly due to the growth of internet technology: as technology increases so do the security threats (Gupta, Tewari, Jain, & Agrawal, 2017). According to the Australian government website Scamwatch, $933,470 was lost to phishing attacks in 2018. This is a huge increase from the $373,860 reported loss in 2016 (Australian Competition and Consumer Commission: ScamWatch, 2016). Although the number of reports remained steady from 2016 to 2018, there was still a significant increase in money lost. Due to the increasing use and reliance on technology, security threats to systems are relentlessly inventive (Gupta, Arachchilage, & Psannis, 2018). This further demonstrates that phishing is one of the most prevalent techniques for compromising personal and organizational information (Bailey, Mitchell, & Jensen, 2008). Given that cyber sextortion utilizes social engineering and phishing vectors, it is important to analyze cyber sextortion within the context of these vectors.