The pandemic has profoundly changed how people use technology. For a large number of people, routine daily activities now occur at home using a connection to the Internet, including work, school, shopping, doctor visits and entertainment. As time spent online has increased, cybercrime has grown dramatically. This is of concern to psychiatry since the human dimension is a fundamental aspect of cybersecurity [1,2,3]. The surge in cybercrime was noted in a joint alert from security officials in the USA and UK [4], and a report from Interpol [5]. The FBI stated that the number of cybercrime complaints in between January through end of May 2020 were nearly the same as for the entire year of 2019 [6]. Cybercrime has wide-ranging, long-lasting effects across society, targeting individuals, small and large businesses, academia and governments. Even before the pandemic, cybercrime was recognized as a major global risk [7]. In 2018, it was estimated in that cybercrime cost the world $600 billion, and that two billion people have had personal data stolen or compromised [8].

Technology provides powerful tools, but like any tool, may be dangerous if not used with appropriate safety measures. The challenge of dealing with cybercrime is complex. Human factors and the human-computer interface are a central component of cybersecurity, and technology alone will not prevent cybercrime [1,2,3]. Susceptibility to online fraud is associated with an individual’s behaviors and personality traits [9, 10], and mental illness may increase this vulnerability [11]. The purpose of this narrative review is to discuss why the rapid growth of cybercrime is important to psychiatry. The topics include the changing use of technology, societal impacts of the pandemic, evolving cybercrime including medically related fraud, individual vulnerabilities, aftermath of cybercrime on mental health, special concerns with mental illness, and the need to educate physicians and patients.

Changing Use of Technology

Since the pandemic, people routinely use the Internet to work, study, shop, visit the doctor, entertain and access government programs. As a result, the demand for broadband communications services has soared globally, with some fixed and mobile operators reporting a 60% increase in Internet traffic [12]. For example, in the USA between 3/1/2020 and 6/26/2020, there was a downstream peak traffic growth of 20.1%, and upstream peak traffic growth of 36.9% [13]. The digital workplace and classroom at home have also changed the type of technology that people purchase and use. In 2020, smartphone sales declined globally by 20% in the first and second quarters [14, 15], and a decrease in the addition of new IoT (Internet of things) connections of 45% is estimated [16]. In contrast, shipments of the traditional PC market (laptops, desktops, notebooks) grew by 11.2% in the second quarter [17]. Other Internet habits have also changed since the pandemic. About 30% of people in the USA have increased their use of social media [18, 19]. Online shopping has increased globally, including in USA, UK, and Europe [20], and accelerated the use of digital alternatives to cash [21, 22].

There was an unprecedented increase in telemedicine since the pandemic across all specialties, but particularly in psychiatry [23, 24]. Psychiatry is well suited for telemedicine as most services do not require in-person interaction [23]. Many outpatients now routinely receive psychiatric care by virtual visits [25,26,27], and most expect telepsychiatry to be further optimized and persist indefinitely [23, 28].

Societal Impacts of the Pandemic

The pandemic has impacted communities everywhere. It is estimated that globally, 150 million people will be pushed into extreme poverty by 2021, with 8 out of 10 new poor living in middle-income countries [29]. In the USA, at least half of households have serious financial problems, including income loss, unemployment and trouble paying bills [30]. The financial distress is disproportionately high in minority, low income, and low education households [30, 31], and households with children under age 18 [32, 33]. Another change in the USA is that a majority of those aged 18–29 live with their parents for the first time since the Great Depression [34].

The isolation, disruption of daily routines, financial hardship, uncertainties, and frequent misinformation associated with the pandemic often has psychological impacts [35] with global reports of depression, anxiety, stress and loneliness in the general public [36,37,38,39]. Severe financial stressors may be associated with an increase in suicide attempts [40, 41]. A history of mental health problems increases the risk of the psychological impacts of the pandemic [42] in both adolescents [43, 44] and adults [39, 45,46,47]. People with a history of anxiety or mood disorders experience more severe pandemic-related fears [48], and those with mental problems frequently report insomnia [44, 46, 47]. Pandemic-related stress may increase alcohol and substance use [38, 49, 50].

Many people are avoiding getting healthcare during the pandemic. Nearly half of adults in the USA are concerned about catching the virus in medical settings including hospitals, outpatient clinics and laboratories, and have deferred medical care [51, 52] including those with mental illness [53, 54]. Some patients with mental illness may no longer be able to afford their medications [55]. A lack of regular treatment may increase the risk of psychiatric symptoms in those with severe mental illness [53]. Despite the increase in psychological stressors from the pandemic, emergency room visits for psychiatric problems have decreased in the USA and Europe [56,57,58].

Cybercrime Is Evolving

There is no reason to think cybercrime will decrease after the pandemic ends. Cybercrime has evolved from a nefarious hobby of individual hackers to a highly organized, international business network covering every aspect of cyberattack activities, including black markets for stolen data [59, 60]. With the widespread adoption of the cybercrime-as-a-service model, a broad range of attack “services” can be purchased through cybercrime markets on the dark web or hacker forums, with little technical expertise needed [59]. Traditional physical crime to steal money like breaking into a house or business leaves considerable evidence including DNA, fingerprints, shoeprints, and security camera recordings [61]. In contrast, a cybercriminal obscures their identity and has a very low risk of getting arrested or going to jail [8, 61].

Cybercriminals are maximizing the new opportunities related to the rapid increase in working from home and pandemic-related fears by emphasizing attacks that exploit human vulnerabilities [62]. Today’s organized cybercriminals take advantage of the latest software and hardware developments just like legitimate developers. For example, cybercriminals may use machine learning to generate disinformation including text, fake image, video and voice, or to break CAPTCHA [63, 64]. Types of cybercrime that are frequently aimed at individuals are shown in Table 1. Of particular concern is the sharp rise in medical cybercrime triggered by the pandemic occurring worldwide [66]. Between February and March 2020, over 116,000 coronavirus themed new domain names were registered, with over 2000 malicious registrations, and over 40,000 high-risk registrations with evidence of association with malicious URLs [67]. Examples of medical cybercrime related to COVID-19 are shown in Table 2.

Table 1 Some types of cybercrime that impact individuals
Table 2 Examples of online medical fraud related to COVID-19 aimed at individuals in the USA

Vulnerability to Cybercrime

With the rapid and massive shift online, there is concern that individuals are insufficiently trained, are using unfamiliar tools, are inexperienced with the technology, and, as a result, becoming easy targets for cybercriminals. In the UK, the increase in cybercrime during the pandemic mainly impacted individuals rather than organizations [80]. With cybercrime, individuals often actively participate in the fraudulent process to which they become the victim, such as by responding to a phishing email and providing private information [81]. Individuals may not be sufficiently suspicious, may not be able to detect fraudulent messages, or may not pay sufficient attention to stop a fraudulent process [81]. Falling for a scam involves errors in decision-making, and the spammers’ goal is to create situations that increase the likelihood of errors in judgment [82]. Spammers make their offers look like they come from official institutions or legitimate businesses that people routinely trust [82], and use persuasion principles found to be effective in legitimate emails [83, 84].

Vulnerability to online fraud involves a combination of psychological and demographic factors, and online activities, where victim profiles vary with the type of cybercrime [85]. Overall, victims of online fraud are older, impulsive, sensation seeking, have an addictive disposition, and follow routine activities placing them at risk for fraud like online banking and shopping [10]. Victims of tech support scams are usually over age 50, and may have less technical familiarity than younger people [86]. Although older people have the highest risk of large financial loss, in 2020, many cybercrimes increased by at least 10% in all age groups, including phishing by text, online shopping scams, and romance scams [86]. Individuals with healthcare concerns may have increased susceptibility to health related phishing [87].

The malicious attempts by cybercriminals to influence people’s behavior co-exist with the legitimate Internet business model based on “surveillance capitalism” [88]. Data from everyone’s online activities and smart devices are collected, combined, and analyzed and packaged as products to predict and modify our behavior [88]. Additionally, many online products are designed to be addictive, to generate an instant response to a message, and maximize time spent with the product [89]. In other words, legal online manipulation defined as “the use of information technology to covertly influence another person’s decision making, by targeting and exploiting their decision making vulnerabilities” is part of our lives [90]. Spammers’ output may blend in with the background of individual messages tailored to people’s habits. The routine behavioral manipulation from targeted online advertising may make it harder to discern fraudulent manipulation by cybercriminals.

The importance of human factors in cybercrime cannot be overstated. The problems of cybersecurity cannot be solved just by adding more technology. Humans are involved in every aspect of cybersecurity in our complex, interconnected, digitalized world as software and hardware developers, systems administrators, managers, end users, consumers, attackers, and victims. The ways in which humans interact with each other, process information and make decisions, handle workload and stress, and interface with technology are fundamental to cybersecurity. Humans often place inappropriate levels of trust in automated systems [91]. Research in cybersecurity is shifting from a primary focus on technology to recognize the central importance of human behavior, social, and cultural factors [2, 83]. Since the focus of most attacks is on human vulnerabilities, it is critical to understand how humans routinely interface with technology, including cybersecurity products. For example, consider the “prevalence effect,” defined that when signals become less common they are substantially more difficult for an operator to detect [3•]. As modern anti-spam technology reduces the number of spam emails received, a user may be increasingly less likely to detect and report a cyberattack sent by email [3•].

Aftermath of Online Fraud

Victims of online fraud may face psychological effects as well as financial consequences [92]. Large, sudden economic losses are associated with mental health changes, especially depression, as found in Europe and the USA after the Great Recession of 2008 [93,94,95]. Victims of online fraud report that psychological effects of being scammed are felt as strongly as the financial impacts [92]. Victims of online romance scams also experience the loss of a relationship, and report feelings of depression, guilt, deep shame and embarrassment [96]. Victims of identity theft report considerable emotional distress including feeling anger, stress, and depression, as well as many physical symptoms [97, 98]. Online fraud may worsen the symptoms of mental illness, as stressful life events may trigger relapses in those with an enduring mental illness [42].

Mental Illness May Increase Vulnerability

Mental illness may increase vulnerability to cybercrime. People who are psychologically vulnerable, including those with severe mental illness, and older adults, may become victims of many types of financial fraud [99, 100]. People who are impulsive or emotionally unstable are more likely to lose money to online fraud [85]. Social isolation and the change to daily routines may disrupt the coping strategies and decrease social connections of those with mental illness [55]. Some people with mental illness may go online while experiencing psychotic symptoms, during a crises, or have some degree of cognitive or memory impairment. Lower short-term memory and negative affect in old age may contribute to increased risk of online deception [101]. Some adolescents have negative emotional effects from heavy use of social media or digital devices [102]. The digital divide remains, and some people go online irregularly, lack technical training and skills, which may increase vulnerability to fraud [103]. Additionally, when individuals with less education become victims of online fraud, they often remain passive and do not evaluate their own actions to prevent future incidents [104].


Psychiatrists need to recognize the increasing risks of cybercrime, and that patients may be unaware of these risks. Many people have no formal training in technology, and have limited skills and knowledge. Patients may not recognize the need for cybersecurity, understand which online behaviors are risky, know how to implement cybersecurity measures, or how to report a cybercrime. When patients are prescribed medications, they are given instructions by the prescriber, and receive printed information from the pharmacy that includes instructions, cautions, and possible side effects. Similarly, patients should be made aware that there are serious risks of cybercrime when going online for all purposes, including mental health related services. We suggest that psychiatrists who use or recommend technology provide patients with a list of trusted sources that educate consumers on how to recognize and lessen the risk of cybercrime. Examples of USA governmental agencies that provide cybersecurity information for consumers are shown in Table 3. With the large increase in disinformation and the registration of phony domains since the pandemic, providing trusted sources of cybersecurity advice becomes more important.

Table 3 Examples of USA organizations that provide advice about cybersecurity for consumers

Providing information sources will not prevent patients from experiencing online fraud, and the role of the psychiatrist is not to teach about cybercrime and cybersecurity. We do suggest that distributing information will increase the awareness of cybersecurity and encourage individuals to educate themselves using information from professional organizations that deal with cybercrime. Likewise, if telemedicine is used for psychiatric visits, trusted technical sources should be provided for training and ongoing support on the specific telemedicine product.

The problem of cybercrime prevention has no easy solution. Home computers and home networks are often out of date, without the latest security patches, and lacking antivirus protection. Younger people may be less aware of cybersecurity and less likely to follow recommended policies [105, 106]. Even technically sophisticated people fall victim to phishing due to a lack of cognitive involvement when processing emails [107]. Given the increased vulnerability to cybercrime for those with mental illness, and the long-term negative psychological and financial impacts for victims, it is important to increase awareness of cybercrime. Many patients may not know where to go for help with cybersecurity issues. Providing trusted information is an important first step.


Many individuals are victims of a corporate data breach, but cybercrime against corporations or universities was not included. In an international study, healthcare was the industry with the highest average data breach costs [108]. Attacks against research organizations related to COVID-19 were not included [109]. Employer-related cybersecurity issues for those working at home were not included. The measures available to prevent cybercrime for individuals or employees, the effectiveness of these measures, and training approaches to teach about cybersecurity were not discussed. International legal structures, challenges in investigating and prosecuting cybercrime, and policing resources spent on cybercrime were not discussed. The presence of mental illness in those who commit cybercrime was not discussed.


Since the pandemic, there has been a dramatic shift online for routine activities including work, school, shopping, entertainment and doctor visits, and a surge in cybercrime. Technology provides powerful tools but these tools must be used with the appropriate safety measures. Human factors are a central component of cybersecurity as individual behaviors, personality traits, online activities, and attitudes to technology impact susceptibility. Mental illness may increase vulnerability to cybercrime, yet patients may not be aware of the dangers, risky online behaviors, or measures to mitigate risk. Psychiatrists should be aware of the potential aftermath of cybercrime on mental health, and the increased patient risk since the pandemic, including from online mental health services. With the long-term psychological and financial consequences experienced by victims of cybercrime, it is important to increase patient awareness of cybersecurity. As a first step, psychiatrists should provide a recommended list of trusted sources that educate consumers on cybersecurity.