The degree of familiarity with threats is considered as a predictor of Internet attitudes and security behaviors. Cross-sectional data were collected from 323 student participants about their familiarity about 16 different Internet threats. All participants were presented with definitions of threats and then asked to state how familiar they were with each. Their responses were then used to identify the extent to which threat familiarity differed among the sample. Three different clusters were identified. One set of participants were relatively knowledgeable about all threats. Cluster 1 was therefore labelled experts (n = 92). Cluster 2 (n = 112) and 3 (n = 92) showed very different patterns as familiarity appeared to depend on the novelty of the threat (with one cluster showing more familiarity with well-known threats and the other more familiarity with new threats). Participants who were experts were more likely to engage in computer security behaviors than the other two groups. Mediation analysis showed that time spent on the Internet and the length of Internet experience were significant predictors of familiarity, and both were significant indirect predictors of computer security use (suggesting a relationship fully mediated by familiarity). Our paper makes several important contribution. First, the research reflects a systematic effort to investigate the relationship between the familiarity and engagement of online security activities. Second, we provide evidence that familiarity is an important mediator between Internet use and security behaviors – making this an important baseline variable to consider in terms of training on future threat-oriented interventions aimed at changing security behavior. This study also provides implications for practitioners to improve user familiarity of security risks.