This paper explores factors that may explain online banking fraud victimization. The routine activity approach and protection motivation theory are used as theoretical lenses for this study. Based on 30 semi-structured interviews with phishing and malware victims, we found that suitable target factors from the routine activity approach have a marginal influence on victimization. About a third of the respondents were aware of the scam that they fell victim to prior to the incident. Most respondents had taken measures to protect themselves against online banking fraud. However, phishing victims were negligent and gave security codes to fraudsters. Several respondents reported having insufficient knowledge and skills regarding the safety and security of online banking and finding it difficult to assess to what extent protective measures help them to safeguard against fraudulent attacks. The results suggest, in line with the literature, that everyone is susceptible to some degree to online banking fraud victimization. From a customer perspective, both awareness of fraudulent schemes and training in how to apply protective measures are critical in keeping online banking safe and secure. Future research is needed to assess how customers can be trained to effectively mitigate phishing scams and whether customers are the right unit of analysis to target with interventions for combating malware attacks.