Exploring Individuals’ Experiences with Security Attacks: A Text Mining and Qualitative Study

Cyber-attacks have become increasingly prevalent with the widespread integration of technology into various aspects of our lives. The surge in social media platform usage has prompted users to share their firsthand experiences with cyber-attacks. Despite this, previous literature has not extensively investigated individuals' experiences with these attacks. This study aims to comprehensively explore and analyze the content shared by cyber-attack victims in Saudi Arabia, encompassing text, video, and audio formats. The primary objective is to investigate the factors influencing victims' perceptions of the security risks associated with these attacks. Following data collection, preparation, and cleaning, Latent Dirichlet Allocation (LDA) is employed for topic modeling, shedding light on potential factors impacting victims. Sentiment analysis is then utilized to examine the nuanced negative and positive perceptions of individuals. NVivo is deployed for data inspection, facilitating the presentation of insightful inferences. Hierarchical clustering is implemented to explore distinct clusters within the textual dataset. The study's results underscore the critical importance of spreading awareness among individuals regarding the various tactics employed by cyber attackers.

touched several areas of our lives, including the judiciary, healthcare, governance, business, community service, education, and more.For example, in the education field, the sudden shift towards online education during the COVID-19 crisis has influenced millions of learners [3].In the post-crisis era, individuals continue to embrace these emerging technologies in their lives.
Along with this quick noticeable shift, there is a need for a cyber-safe distance-based environment.Several studies have indicated a significant increase in malware and scam attacks during COVID-19 [4].As indicated by Shi [5], by March 2020, there was a 600% rise in COVID-19-related phishing attacks.Common gateway interfaces indicated a 30,000% rise in the number of cyber risks, which were linked to the COVID-19 crisis [6].Between January to April 2020, around 907,000 spam messages, 48,000 malicious URLs, and 737 malware-related incidents, which were linked to the current crisis, were located by Interpol [4].Saudi Arabia prioritizes cybersecurity and is ranked second among nations in terms of dedication to this topic.However, the country has tremendous difficulty, with 22.5 million cyberattacks per year [7].As a result, Saudi Arabia has launched a number of cybersecurity efforts, education initiatives, and instructional resources to tackle this problem.Furthermore, the country's cybersecurity abilities are constantly being improved and expanded.There is a call for improving the awareness, education, and knowledge of the end-users [8].Building upon the survey of 1001 respondents conducted within the UK Department of Trade and Industry, which specifically focused on Information Security Breaches and explored the actions most beneficial for UK businesses in addressing future risks, awareness among end users is of great importance.The majority of respondents (62%) underlined the importance of 'increased public knowledge and awareness regarding information security concerns' [9].Unfortunately, despite widespread media coverage of security hazards, there is concern over whether end users have the requisite knowledge to protect themselves.
Based on the above discussion, the main aim of this study is to explore individuals' perceptions of security risk through their posted experiences on social media portals.To meet the goal of the study, we retrieved the data from the social media portals, and the LDA was utilized to discover the dimensions of individuals' experiences.Sentiment analysis was utilized to examine the negative and positive perceptions of the individuals.NVivo was deployed to inspect the data and present insightful inferences from it.Heiriricial clustering was implemented to examine the different clusters in the textual data set.The novelty of this study is emphasized through the deployment of a user-based methodology that investigates users' experiences, referring to the content reported by the users themselves.While the literature has traditionally explored perceived security using a quantitative approach [10,11], this study brings a unique perspective by focusing on qualitative aspects.On the other hand, previous studies examining social media content have often concentrated on specific contexts or areas within the domain of perceived security.In the study by Okey et al. [12], the authors investigated the content posted on social media using LDA and sentiment analysis, but focusing on users' perceptions of the security of the ChatGPT.
To simplify the reading of this study, we present a list of abbreviations used in this study in Table 1.The rest of the study is structured as follows; research background is presented in Section 2, the material and method are displayed in Section 3, the discussion of the results is presented in Section 4, and the conclusion along with practical contributions is presented in Section 5.

2-1-Security Risks and Social Media
The advent of social media portals has enabled easy access to large volumes of data and allowed instant sharing of social data [13].Social media portals allow users to share their statuses, personal information, interests, locations, ideas, and behaviors.It also enabled the users to reflect on their experiences through the online reviews and ratings that are formed as user-generated content.Day by day, several social media portals are introduced to people, with advanced technologies and high-quality services that are provided, including WhatsApp, Instagram, Facebook, Twitter, and Snapchat.The sharing of such data has many advantages; however, it has imposed several threats in terms of security and privacy aspects [14].Facebook, Google+, Twitter, LinkedIn, Instagram, WhatsApp, and many other online social networks allow users to create profiles, exchange personal data, and share posts with people all over the globe.All social networks require user data to build their profiles; these profiles entail private data such as names, country of origin, birthdate, email, mobile phone, and other sensitive information.Such a diverse atmosphere attracts attackers for penetrating users' information [15,16].With the rapid progress of deep learning and machine learning techniques, attackers have discovered various attribute inference attack approaches, leading to information leakage and posing a threat to social media confidentiality [17,18].For example, tweets from users can be used in machine-learning models to identify users' information, such as location, age, and gender [19].
While the sharing of personal data has become more widespread and convenient, it has also given rise to the disclosure of information that can be exploited for criminal purposes [13].An integral dimension of social information sharing involves the intersection of social data and location data, where both types of information are divulged concurrently, posing inherent security risks to individuals.The evolution of social media has become intricately connected with various forms of security threats, including fraud attacks, injection flaws, the theft of sensitive data, information leakage, SQL injection attacks, phishing attacks, malware attacks, and more [14].Within the realm of social media, security risks encompass a spectrum of challenges, ranging from cross-site scripting and injection flaws to information leakage.Key cyber-attacks can be categorized into Social Engineering, Spear Phishing, and Web Application-related attacks.Social Engineering relies on establishing trust with users to access specific information at both individual and organizational levels.Social media platforms such as Facebook, Twitter, and Instagram facilitate users sharing critical content with their social connections.By gaining the trust of users, malware can be embedded into shared content, deceiving users through malicious links [20].Spear Phishing attacks target specific types of social media users, attempting to scam them by prompting actions like clicking on links containing malware or opening specific documents [21].Web Application attacks might entail the access of malicious web applications on users' accounts, which might be granted by the user unintentionally [22].

2-2-Security Attacks and COVID-19
The COVID-19 crisis has been interlinked with diverse types of cyber-attacks and cyber-crimes that have grown in an unpredictable manner.The crisis has caused several implications on the individual's usual activities and implied several types of disruptions over the globe on both the individual and organizational levels, including shifting to a remote-based manner in work and education, boosting the trail activities towards online commerce, and empowering the feelings of fear among community members [4].The dramatic change in individuals' lives, among which are feelings of anxiety and stress, has increased the number of cyber-attacks in both local and global areas.The reports indicated a rise in the ratios of malware and scam attacks since the beginning of the crisis [23,24].According to Shi [5], a 600% growth in the rate of phishing attacks has been indicated by March 2020.Besides, a 50.1% increase in cyber-attacks, as indicated by the World Economic Forum (WEF), along with 30,000 cyber-attacks that are linked to the crisis, were reported in the time interval between December 2019 and April 2020 [25].Interpol also reported 48,000 malicious URLs, 737 malwarerelated incidents, and 907,000 spam messages that are linked to the crisis [4].Interpol also indicated that the average payment for ransomware in the second quarter of 2020 reached $178,254, with an increase over the first quarter of 60% [4].This indicated that cybercriminals perceive a rise in the probability of payout regarding unusual conditions imposed by the pandemic.
Another piece of evidence is presented by the block of 18 million phishing and malware emails that are linked to the pandemic by Google [26].These attacks were directly related to the marketing activities of products related to the pandemic, such as drugs, test kits, and PPE.Other attacks were related to the stocks' investments or linked to the impersonations of public organizations such as WHO or local governments [27].An increasing number of cyber-attacks have been detected, including ransomware and phishing-related attacks.It is not obvious whether these attacks originated from the COVID-19 crisis or not.Literature reported difficulty in measuring the growth of the attacks during the crisis in a quantitative manner or the degree to which the pandemic impacted the type of cyber-attacks.The attackers endeavors to utilize the online platforms were obvious during COVID-19, assuming they will persist for a long time.Therefore, many recommendations and instructions were published by local and global organizations to face the increasing risks of attacks.Still, there is a need to get an in-depth understanding of the types of attacks and the best strategies to face them.

2-3-Types of Cyber Security Attacks
The widespread usage of online social networks has resulted in hundreds of millions of social media users.Platforms such as Facebook, Google+, Twitter, LinkedIn, Instagram, WhatsApp, and various others enable users to create profiles, exchange personal data, and share posts with people globally.The diverse nature of these platforms makes them attractive targets for attackers seeking to breach users' information [15].Social media platforms strive to address privacy concerns by safeguarding users' sensitive data.However, the rapid advancements in deep learning and learning structures have enabled attackers to exploit automatic data attribute implications, leading to information leakage and compromising social media confidentiality [18].For instance, tweets from users used in machine-learning models can reveal significant information such as user location, age, and gender [19].Despite the impressive reasoning capacity of machine learning models, they are susceptible to adversarial attacks [28].By introducing minor disturbances into the data, attackers can easily manipulate misclassification.Given the vulnerabilities in social media confidentiality defense, the issue can be reduced to a potential adversarial attack problem compared to attribute inference attacks.A recent study by Jia and Gong [19] confirmed that adversarial attacks are emerging as defenders against inference attacks.Researchers [29,30] have detailed various attacks against user-specific applications, such as the device-centric model to minimize attacks on portable malware, allowing network operators to safeguard clients' mobile devices through their mobile networks.These attacks employ different methods, including Intrusion Detection System tools, various operating systems, collected data, designs, and detection standards Chiang & Tsaur [31] explore permission-based techniques and behavioral-based techniques, demonstrating their effectiveness on Android devices and leveraging mobile ecosystems to safeguard against cybercrime.Khan et al. [32] describe a natural biometric mobile ecosystem, outlining mobile device threats, weaknesses, and challenges.
Malware is employed to pilfer personal data, business information, financial details, and other sensitive information for use as valuable data by malicious actors [33].Malware has been utilized to target government or corporate data for destruction or theft.Subsequently, it is leveraged to compromise individuals' information, such as bank account and credit card numbers, or other critical information for attackers.The primary motive behind malware development has evolved beyond information theft to profit generation [34].Once malware infiltrates a victim's system, various cyberattacks can be employed across hardware, software, and networks.Hardware attacks provide attackers with the means to initiate attacks, making them more challenging to detect compared to software attacks, which are typically protected by antivirus and antispyware programs [35,36].
All social networks necessitate the completion of user profiles, which contain sensitive information such as names, country, birthdate, email, and mobile phone numbers.This information poses a significant risk if accessed by unauthorized entities [37].However, contemporary social networks often share and publicize private data and real identities, leading to an expansion of privacy concerns across these platforms [38].Online social media has become a valuable data source for researchers, data analysts, and others who exploit these resources for phishing, spamming, or advertising purposes [39].The accessibility of data on social network servers raises concerns about user privacy, as these platforms may not be entirely transparent in safeguarding sensitive information [38].

3-Material and Method
This study comprises four main stages.The qualitative data for this research was gathered from social media platforms.We explored various portals that enabled individuals to articulate their experiences with different types of cyber-attacks.The search process was undertaken by two of the authors, and the textual data were subsequently translated and reviewed by another two authors.The video files were also transcribed and translated into English by the authors.We obtained 90 records of textual data expressing various types of cyber-attacks or attempted cyberattacks.The qualitative data reflect the actual experiences of users, as conveyed in their own words.Data cleaning procedures were applied to eliminate unnecessary information from the dataset.We employed the LDA topic modeling technique to extract the main factors and topics from the data.Sentiment analysis was conducted using Orange software.Qualitative data analysis was performed using NVivo to uncover hidden, unorganized information from the data.The research method employed in this study is illustrated in Figure 1.

3-1-Deployed Method (LDA)
Topic modeling techniques utilize statistical approaches to analyze unstructured texts and investigate the underlying themes.This is accomplished by organizing the text into a number of topics that reflect its content, typically using LDA.In the LDA technique, the optimal number of topics must be determined.Several studies have indicated that 20 topics provide the best performance [40].LDA has been employed in text mining studies to explore online reviews and capture customers' perceptions across various research domains, including marketing [41], online education [42], and accommodation business [43].Figure 2 illustrates the generative model of LDA, while Figure 3 displays a sample word cloud representing the generated topics.Where α is the Dirichlet parameter, θu is the topic distribution for document , Zuj is the sampled topic for the th word in the th document,  is the observered word, ∅ is the word distribution for topic , and β is the topic hyber parameter.

3-2-Sentiment Analysis
In the subsequent stage, the Orange tool was employed in the data mining process.The Orange tool, an open-source application, facilitates various machine-learning techniques, including text mining.Through visualized workflows, researchers can explore data, identify hidden patterns, classify it, and conduct different types of segmentations [44].Various types of diagrams, such as histograms, box plots, and scatter plots, are available for visualizing the data.The Orange tool can generate more complex diagrams like tree visualizations, dendrograms, and silhouette plots.The Orange data mining tool empowers researchers to effectively explore the content of textual documents, conduct comparisons within texts, mine keywords, and investigate maps generated from the texts.The initial stage involves data preprocessing to generate tokens.This process includes converting words to lowercase, dividing them into separate words, and removing stopwords.Sentiment analysis predicts sentiments for each textual document.The results of the sentiment analysis are presented in Figure 4.

3-3-Nvivo Qualitative Data Analysis
Nvivo is a software that was utilized in this study to investigate the gathered qualitative data.Qualitative data analysis is a methodology that is subjective to the researcher's judgment and investigates the hidden information from data that might be hard to collect and evaluate.This tool helps in analyzing unstructured data and reveals valuable information from that data.The software not only excels in discerning various data directions and exploring diverse analytical approaches but also in systematically assigning codes to the acquired data [45].Nvivo is an appropriate software for discovering relevant keynotes, visualizing the data in several patterns, and classifying the data into different categories [46,47].In Figure 5, a sample of the Nvivo text search query was provided.Nvivo can reveal patterns from the provided data in a systematic manner and provide visualization of the data in several structures like maps, graphs, and word clouds [48].Validation can be achieved by several methods, such as inspection of data saturation, research boundaries, and triangulation [49].

3-4-Hierarchal Clustering Analysis
The goal of clustering is to categorize provided instances into groups, known as clusters, where instances within the same cluster are maximally similar and those in different clusters are as dissimilar as possible [50].In this process, each instance is assigned a label indicating its membership in a specific group.While various clustering methods generally share similar principles, they may differ in the techniques used for similarity/distance calculation and label allocation [51].Hierarchical clustering, as one such approach, endeavors to designate each sample as an individual category [52].The distance between categories becomes a critical criterion for gauging their similarity.Smaller distances signify greater similarity between categories.Hierarchical clustering amalgamates two akin categories into a new group, and the distance between this merged category and others is measured.This iterative process continues with the calculation of new distances and the merging of similar categories until all comparable categories ar e unified into a single category.This systematic approach ensures the progressive consolidation of similar categories throughout the clustering process.

4-Discussion
Sentiment analysis has been explored in the literature in several contexts currently, trying to emphasize the perceptions of the end user and understand the user's experience [53,54].In the work by Chen et al. [55], the authors used deep learning to analyze emotional cues in earnings conference call audio, finding that positive emotions in statements positively influence analysts' report issuance, negative emotions have the opposite effect, and non-negative emotions in questions and responses positively impact analysts.Another study by Okey et al. [12] has examined ChatGPT users' opinions on cybersecurity using the LDA for topic extraction and sentiment analysis tools.Data from over 700,000 tweets with specific search terms is collected from Twitter.However, in the context of sentiment analysis, the rationale of the study, along with the used data, has a major impact on the results of the study.The specific goal of this study is to explore the perceptions of victims of attacks.The results of our study stressed that victims express fear and detail their experiences to spread awareness.The analysis indicates a strong relationship between negative sentiments and the risk level of the attack.Many victims lack sufficient knowledge about web platform security, making them vulnerable to phishing methods.Surprisingly, attackers often pretend to be cybersecurity specialists, capitalizing on victims' fear of attacks.In one scenario, an attacker poses as a government or bank employee, claiming an attack on the victim's account and requesting information.Strikingly, victims not only provide account information but also the verification security code received on their mobiles, enabling attackers to access and transfer funds easily.
In the collected data, users also reported several types of attacks targeting them for financial gain or personal information.Attackers commonly employ multiple approaches simultaneously to manipulate victims.Despite many victims having a sufficient education level, they fall prey to fraudulent attacks.Methods range from sending emails and making phone calls to deceiving victims through websites developed specifically for fraudulent activities.Victims trust these websites, believing them to be official e-commerce platforms.Attackers also create websites supposedly affiliated with popular e-commerce sites and advertise them on social media platforms.Instances where attackers pretend to be employees of official government or charity organizations are reported, with victims easily providing personal and bank account information.In some cases, attackers send a link to induce victims to click, leading to the hacking of their devices.Attackers may persuade victims to invest in a fraudulent business, ultimately extorting money.Fraud through social media platforms, such as Instagram or Facebook, involves users ordering from pages, transferring money, and subsequently being blocked without receiving the purchased product.
The Nvivo software's data analysis, using specific keywords, allowed the researcher to understand relationships within the textual data.The focus on the keywords "mobile" and "bank" revealed a significant number of attacks conducted through mobile devices, targeting information related to bank accounts.The hierarchical clustering results present nine clusters, which we will elaborate on.Cluster 1 (C1) encompasses instances where individuals experienced issues related to canceled bills and compromised card information.Victims reported incidents involving financial transactions that were either disrupted or involved unauthorized access to their card details.In Cluster 2 (C2), victims reported varied experiences, including missed calls, the receipt of non-original products after purchase, and attempts to update their accounts.These incidents highlight different forms of deceptive practices, ranging from communication tactics to product misrepresentation.Cluster 3 (C3) covers a wide range of fraudulent activities, from warnings about deceptive Snap Ads to impersonation attempts by individuals claiming to be from governmental organizations.The cluster also includes cases of fake services, job offers, and fraudulent links leading to potential security threats.Cluster 4 (C4) focuses on themes related to financial victimization, including several themes such as "green victims", "money theft", and "unauthorized money transfers".Cluster 5 (C5) reveals a multitude of fraudulent schemes, including fake job applications, links, travel offers, WhatsApp groups, courses, charity accounts, competitions, and investments.These incidents involve deceptive practices aimed at extracting personal information or financial resources.Cluster 6 (C6) concentrates on the overarching theme of cybersecurity, reflecting concerns and experiences related to the broader landscape of online security.Cluster 7 (C7) highlights incidents involving Saudi citizenship and experiences with Forex companies, shedding light on specific areas of vulnerability and potential scams targeting individuals.Cluster 8 (C8) focuses on the creation and use of fake accounts, showcasing the prevalence of deceptive online personas.Cluster 9 (C9) encompasses diverse fraudulent activities, including impersonation, fake links related to particular applications such as "Sadad" and "Absher", fake commerce websites, and instances where individuals added beneficiaries for deceptive ecommerce purposes.The cluster illustrates the range of deceptive practices victims encountered across various platforms and scenarios.

5-Conclusions
With recent technological advancements, the proliferation of portable devices, and the widespread use of social media sites like Facebook, Twitter, LinkedIn, and others, where users frequently share sensitive information, many individuals are increasingly vulnerable to security risks.This susceptibility is particularly prevalent among users residing in highincome countries such as Saudi Arabia, who engage in various critical daily activities over the Internet involving personal information, including bank account details and online payment services.Despite the convenience of these web services, they are not entirely secure, and numerous users regularly fall victim to scams and cybersecurity attacks.Cybercrimes are broadly classified into two categories: cyber-dependent and cyber-enabled crimes [4].The former involves violations achieved through a system or technology [56], while the latter encompasses traditional offenses empowered by the use of systems or technology [56].The classification can be further subdivided to include hacking, malware, and denial of services for cyber-dependent crimes.In contrast, cyber-enabled crimes include financial fraud, phishing, pharming, and extortion.Often, various types of attacks are interconnected; for instance, a phishing message or email may lead users to a fraudulent portal where their data is collected, or malware is downloaded for financial extortion (Table 2).

Type Definition Example
Hacking Act of finding weak points in a network or computer system to access data without permission.
 A call from a fixed phone starting with 011 or 012 from Riyadh or Jeddah.When you reply, the caller tells you that you need to open a file on WhatsApp, and when you open the file, your mobile will be hacked.

Malware
Malicious software is developed to harm and break down computer systems and devices.
 The user is attacked by ransomware, which has spread widely over the past three years, penetrates, and controls the victims' devices, and asks the victim to transfer certain amounts to the hackers.

Denial of services
Cyber-attacks aim to turn off, disorder, or intrude on a website, service, or network.
 A university reported several types of attacks that targeted employees by sending emails to them with malicious attachments.

Financial fraud
Taking property or money from others by criminal or deceptive means.
 Someone contacted me through WhatsApp, posing as an employee in ….. bank and offered me a soft loan.-He asked me to fill out a particular application.
 A scammer contacted me as an official account of the delivery company and tried to collect my credit card information.
 A fake message with a link to register in a driving training school.
Phishing Cyber-attacks aim to gain victims' critical information through deception.
 A charity account offers financial assistance, directing the individual to fill in the account information, leading to hacking.
 A post from a fake account of a celebrity offers prizes and asks for personal information.
 A miscall from the Maldives charges a huge cost for the call.
 A fraudulent account steals card information.
 A School of driving education offered jobs, and after the applicant fills in the information, online purchases were performed from his bank account.
 The attacker pretends to be an employee from the central bank, asking for personal information to investigate a fraud attempt.

Pharming
Similar to phishing, uses malicious code to obtain sensitive information from users.
 You have a package in the postal office, and you need to pay for the delivery fees to receive it within 24 hours.The user has to pay the fees by clicking a link that will direct him to a fraud payment page.

Extortion
A method where the attacker tries to persuade, induce, or intimidate a victim to quit either money or confidential data, or both.
 Fake perfume website sells online but does not send the products to customers.
 Start your investment journey with only 150 SR in global companies through the following link.
Saudi Arabia has become a prime target in cyber warfare due to increased economic activities, facilitated by innovation, digital transformation, widespread technology adoption by both individuals and businesses, and the expansion of the oil and gas sector.These economic developments have heightened the vulnerability of Saudi citizens to cyberattacks.Therefore, it is crucial to conduct a thorough study and investigation into the experiences of victims who have suffered from scam attacks.Such an analysis provides decision-makers with valuable insights to enhance citizen awareness of serious cyber threats.
This article presents a case study of security attacks on Saudi organizations and individuals, exploring and analyzing the incidents as described by the victims through various mediums, including text, video, and audio.The investigation encompasses both qualitative and quantitative analyses, involving the application of topic modeling techniques such as LDA and the use of NVivo to analyze unstructured data.Online purchase scams were reported, with users facing issues on platforms like Instagram.They ordered products, transferred money, and then got blocked.Instances of misrepresented products and financial losses were prevalent.
The research yields recommendations for decision-makers in Saudi Arabia to address the escalating security risks, formulate robust cybersecurity strategies, and gain a better understanding of scammers' behaviors toward victims.These recommendations are not only pertinent to decision-makers but also essential for public awareness.Consequently, increased awareness among citizens on protecting themselves from cyberattacks is anticipated.Moreover, promoting security consciousness when dealing with critical data will contribute to a more resilient and cyber-aware society.

5-1-Practical Conclusion
The findings of this research offer recommendations for decision-makers in Saudi Arabia to counter the behaviors of cyber attackers.Scammers employ specific tactics, leveraging social media to illicitly acquire critical information from citizens.This study delves into the experiences of victims who have fallen prey to scammers on various social media platforms.The outcomes contribute to the cyber security literature by analyzing victims' experiences conveyed through text, audio, and video formats.It is crucial to identify the predominant behaviors and methods employed by scammers, particularly within the context of Saudi Arabia.Scammers often adopt impersonation strategies, creating fake accounts on social media to gain the trust of their victims.The deceptive behaviors presented in this study highlight the need to understand these tactics.As gleaned from the results, scammers predominantly exploit popular social media platforms such as WhatsApp, Facebook, Instagram, Twitter, and other modern communication channels.Consequently, social media users in Saudi Arabia, particularly those in critical positions, should be equipped with the latest insights into the methods employed by scammers to safeguard their credentials and finances.Awareness of cybersecurity policies should be heightened, and citizens should exercise caution when dealing with messages and links from unknown or anonymous users.Strengthening national defense capabilities against cybersecurity threats, incorporating recent innovations in recovery plans, and harnessing advancements in AI and quantum computing for implementing security measures against fraudulent content is imperative.
High-level cyber education initiatives must be implemented to mitigate risks and enhance public awareness of the significance of cybersecurity, thereby thwarting the efforts of scammers to exploit citizens.This is crucial in countering evolving online threats, including social engineering, catfishing methods, pharming, and credit card redirection.Additionally, promoting innovations and investments in the domestic cybersecurity industry, coupled with the development of specialized national capacities in cybersecurity disciplines through participation in educational and training programs, is essential.This not only helps establish professional industry standards and secure Saudi cyberspace but also protects citizens lacking the requisite educational background from falling victim to scams.Finally, concerted efforts should be made to achieve the desired level of security by enhancing cybersecurity cooperation with international organizations, supported by sophisticated information exchange mechanisms, thereby increasing security awareness through the sharing of relevant experiences with global institutions.

5-2-Limitations
One limitation of this study is the comparison of our results with previous outcomes.However, we argue that the nature of this study, which relies on the experiences of victims of cyber-attacks as described by the victims, in which we tried to explore these qualitative data, inherently makes direct comparisons challenging.The unique and evolving nature of cyber threats, coupled with the dynamic tactics employed by perpetrators, contributes to a constantly shifting landscape in which no two cyber-attacks are precisely alike.Moreover, the diversity of cyber-attack scenarios captured in our qualitative data, ranging from financial fraud to deceptive online practices, introduces a level of complexity that may not be directly comparable to more narrowly focused studies.Cyber-attacks manifest in various forms, each demanding distinct strategies for prevention and mitigation.Consequently, attempting a direct comparison with previous outcomes may oversimplify the nuanced findings derived from the rich narratives of the victims in our study.

6-2-Data Availability Statement
Data sharing is not applicable to this article.

6-3-Funding
We would like to thank the SAUDI ARAMCO Cybersecurity Chair for funding this project.

6-6-Conflicts of Interest
The authors declare that there is no conflict of interest regarding the publication of this manuscript.In addition, the ethical issues, including plagiarism, informed consent, misconduct, data fabrication and/or falsification, double publication and/or submission, and redundancies have been completely observed by the authors.

Figure 1 .
Figure 1.Flowchart of the research methodology