Journal article
This online field experiment tested how risk and reward cues in (fake) account credential ads on a hacker forum influence target selection for account hijacking. High-risk posts, warning of account monitoring, received fewer views, while high-reward posts, promising benefits, attracted more. An unexpected law enforcement operation targeting an illicit marketplace created a natural experiment, triggering increased removals of high-risk posts by forum administrators, which slowed over time. These findings suggest hacker forum users respond rationally to risk and reward cues in target selection, and forum administrators adapt their moderation efforts in response to external threats to reduce perceived risk.
Text and figures are licensed under Creative Commons Attribution CC BY 4.0. The figures that have been reused from other sources don't fall under this license and can be recognized by a note in their caption: "Figure from ...".