Cybercrime Security Gap Leaves People Who Aren’t Proficient in English Poorly Protected

Our research finds that language is often a barrier for people dealing with cybercrime issues and that it’s important to close this security gap

Asian man at desk with laptop holding a credit card

People in the U.S. with limited English proficiency are particularly vulnerable to cybercrime.

The following essay is reprinted with permission from The Conversation, an online publication covering the latest research.

In the United States, the Internet Crime Complaint Center serves as a critical component in the FBI’s efforts to combat cybercrime. The center’s website provides educational resources to help individuals and businesses protect themselves from cyberthreats and also allows them to report their victimization by submitting complaints related to internet crimes. The Internet Crime Complaint Center also publishes annual reports summarizing the current state of internet crime, trends and notable cases.


On supporting science journalism

If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.


However, the information and resources, including the reporting form, posted on the center’s website are only available in English. This excludes a substantial number of internet users and victims of cybercrime: people with limited English proficiency. In addition to leaving out many people who are more vulnerable to cyberthreats, one consequence is that the Internet Crime Complaint Center’s annual Internet Crime Reports are incomplete and inaccurate.

The lack of information and resources on cybersecurity and internet safety in languages other than English on the Internet Crime Complaint Center website further widens the “security gap,” a divide that has emerged between those who can manage and mitigate potential cybersecurity threats and those who cannot. Because there isn’t an appropriate reporting mechanism and structure for people with limited English proficiency to report their victimization, data and statistics on cyber victimization within this population are severely limited.

Cybercrime and prevention

I’m a criminologist. My colleagues and I conducted focus groups with a sample of adult internet users with limited English proficiency to examine their experiences with nine forms of cybercrime and explore their knowledge of cybersecurity. The study is slated to be published in a forthcoming issue of the International Journal of Cybersecurity Intelligence and Cybercrime.

We recruited 18 Spanish- and six Vietnamese-speaking internet users for the study based on the evidence that limited English proficiency individuals in the U.S. tend to be Latino or Asian, and among the Asian ethnic groups Vietnamese Americans are the least proficient in English.

We asked participants whether they had encountered any of the following during the previous 12 months:

  • They received a phishing email, which is a deceptive message with the intent of tricking them into divulging sensitive information such as login credentials, personal details or financial information.

  • Their computer was infected with a computer virus.

  • They received online harassment; for example, a message from someone that threatened, insulted or harassed them.

  • They were the victim of an online scam; for example, they sent money to an individual or organization that they encountered online and later found to have misrepresented themselves.

  • They were notified that their financial account had been hacked.

  • They were notified that their email, social media, shopping or other account had been hacked.

Study participants encountered all nine types of cybercrime. The most common types of cyber victimization they experienced were computer virus, reported by seven participants; phishing emails, reported by six participants; notification that their financial account had been hacked and their personal data was at risk, reported by six participants; and notification that another type of account had been hacked, reported by six participants.

We asked participants whether they had engaged in the following cybersecurity measures during the previous 12 months:

  • Have antivirus, anti-spyware, or firewall software installed on their computer and laptop.

  • Create strong passwords for their online accounts.

  • Employ two-factor authentication procedure.

  • Avoid unsecured wireless networks such as free Wi-Fi at airports.

  • Avoid websites that are not protected by Secure Sockets Layer, or SSL, encryption, meaning look for URLs to begin with https rather than http.

  • Use a strong password or encryption to secure their home’s wireless network.

  • Employ email filters to block suspicious senders and attachments.

  • Check email senders and attachments to avoid phishing and online scams.

  • Be cautious when providing personal information to a third party.

  • Take extra steps such as shredding documents with personal information to prevent data theft.

The answer choices were yes, no and I don’t know. In all cases except creating strong passwords, more participants reported “no” than “yes,” and in all cases, the combination of participants who reported “no” and “I don’t know” significantly exceeded the number of participants who reported “yes.”

Closing the security gap

Executive Order 13166, signed in 2000, requires federal agencies to improve access to services for people with limited English proficiency. U.S. Attorney General Merrick Garland issued a memorandum on Nov. 21, 2022, directing the Justice Department’s Civil Rights Division to share best practices and exchange information about language access with other federal agencies.

I believe that it’s important to close the security gap and attain accurate data and statistics on cyber victimization. Internet- and computer-based crime is one of the fastest-growing security threats in the U.S.

Getting a full and accurate picture of the problem requires that data and statistics on cybercrime and cyber victimization include victims who have limited English proficiency as well as those who are English-proficient.

And just as public campaigns related to health and safety tend to be available in multiple languages to reach diverse audiences, I believe all users, regardless of their language skills, should have the knowledge and skills to protect themselves from cybercrime.

This article was originally published on The Conversation. Read the original article.