Introducing the Citizens' Cyber Attack Framework
Every year, hundreds of millions of individuals fall victim to online attacks — fraud, account compromise, intimate image abuse, psychological manipulation. Yet unlike attacks on organisations or critical infrastructure, these crimes remain largely invisible. Underreported, undermeasured, and underserved.
The Cyber Helpline is working to change that.
A different kind of threat
Cyber attacks against individuals are not simply smaller versions of corporate incidents. They are categorically different. Where organisational attacks exploit technical vulnerabilities, attacks against individuals are overwhelmingly psychological — exploiting trust, emotional attachment, and shame. They span cybersecurity, digital fraud, and online harm simultaneously, yet are treated as separate problems by industry, law enforcement, and policymakers alike.
The result is a profound knowledge gap. Without shared, structured data on how these attacks work, who they target, and how they unfold, it is impossible to design effective prevention, allocate resources appropriately, or measure whether interventions are working.
A framework built for citizens
Attack frameworks have already transformed how the cybersecurity industry understands and defends against adversaries — providing a common language for describing, detecting, and mitigating threats. We need the same for individuals.
The Citizens' Cyber Attack Framework is being built to do exactly that. It catalogues attacker tactics, techniques, and procedures across the full range of online harms facing individuals. It maps how different attack types intersect. And crucially, it goes beyond attack patterns to outline evidence-based response techniques and document the true human impact of these crimes.
The framework is intended as a shared tool — one that:
drives security-by-design in online platforms
focuses government policy
guides frontline support services
informs public education
What it looks like in practice
The framework organises attacks into tactical stages, from initial targeting through to sustained impact. Users can explore the full threat landscape, filter by threat actor type to see which techniques each actor commonly employs, or apply an attack prevalence heatmap to understand which techniques are most frequently encountered in the real world.
Built together, or not at all
The Cyber Helpline is building this framework using its unique dataset and frontline expertise — but it cannot achieve its potential in isolation. The fragmentation that has defined the response to online crime is a choice. Closing the knowledge gap requires governments, regulators, platforms, researchers, and support services to commit to building and using a common model.