This article presents a systematic literature review (SLR) of research profiling victims of cyber scams, aiming to establish a framework for future studies. The review was motivated by the rapid global growth of cyber scams, which cause profound financial and psychological harm while being difficult to prosecute due to their transnational nature. The study argues that profiling victims is more feasible and impactful than profiling offenders, given the challenges in apprehending cybercriminals. The review followed PRISMA 2020 guidelines, analyzing 22 empirical, quantitative studies published between 2000 and 2025. Eligible research focused on adult scam victims and examined psychological characteristics or behaviors linked to victimization. Most studies used surveys; a few employed questionnaires or longitudinal designs. Scam types included general cyber fraud, romance scams, investment scams, phishing, and consumer fraud. Two theories dominated the literature: Routine Activities Theory (RAT) and Personality Theory. RAT studies emphasized how exposure, guardianship, and online routines influence risk, while personality-focused research linked traits such as impulsivity, addictive personality, internal locus of control, optimism, and low openness to victimization. Other factors included loneliness, materialism, low inquisitiveness, low kindness, low trustworthiness, and low truth-seeking. Some findings were inconsistent—awareness, for example, was protective in one study but a risk factor in another—highlighting the complexity of measuring vulnerability. The review also identified behavioral clusters relevant to victimization: financial transactions (shopping, investing, donating), communication/social interaction (dating, social media use), information seeking, general internet use, risky behaviors (opening unknown attachments, sharing passwords), and safe behaviors (strong passwords, antivirus use). However, methodologies for measuring behaviors varied widely, limiting comparability. Whitty proposes a heuristic model of predictors (Figure 5, p. 19) that organizes risk factors into six domains: personality, individual characteristics, behaviors, cognition, self-esteem, and attitudes/beliefs. This model highlights how dispositional traits may interact with online routines and cognitive appraisals to shape victimization outcomes. The review suggests that neglected theories such as Information Processing Theory, Theory of Planned Behavior, Protection Motivation Theory, and Social Identity Theory could strengthen future research. The article concludes that research on profiling scam victims remains fragmented and heterogeneous, with inconsistent definitions and measures across studies. To advance the field, Whitty calls for standardized outcome measures, theory-driven designs, and longitudinal studies to clarify causal relationships. By focusing on resilience-building and identifying risk factors without stigmatization, this line of research can inform more effective prevention campaigns, education programs, and therapeutic interventions.