Scam Pandemic: How Attackers Exploit Public Fear through Phishing

Marzieh Bitaab, Haehyun Cho, Adam Oest, Penghui Zhang, Zhibo Sun, Rana Pourmohamad, Doowon Kim, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupe, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

As the COVID-19 pandemic started triggering widespread lockdowns across the globe, cybercriminals did not hesitate to take advantage of users' increased usage of the Internet and their reliance on it. In this paper, we carry out a comprehensive measurement study of online social engineering attacks in the early months of the pandemic. By collecting, synthesizing, and analyzing DNS records, TLS certificates, phishing URLs, phishing website source code, phishing emails, web traffic to phishing websites, news articles, and government announcements, we track trends of phishing activity between January and May 2020 and seek to understand the key implications of the underlying trends.We find that phishing attack traffic in March and April 2020 skyrocketed up to 220% of its pre-COVID-19 rate, far exceeding typical seasonal spikes. Attackers exploited victims' uncertainty and fear related to the pandemic through a variety of highly targeted scams, including emerging scam types against which current defenses are not sufficient as well as traditional phishing which outpaced the ecosystem's collective response.

Original languageEnglish (US)
Title of host publicationProceedings of the 2020 APWG Symposium on Electronic Crime Research, eCrime 2020
PublisherIEEE Computer Society
ISBN (Electronic)9780738132617
DOIs
StatePublished - Nov 16 2020
Externally publishedYes
Event2020 APWG Symposium on Electronic Crime Research, eCrime 2020 - Virtual, Online
Duration: Nov 16 2020Nov 19 2020

Publication series

NameeCrime Researchers Summit, eCrime
Volume2021-November
ISSN (Print)2159-1237
ISSN (Electronic)2159-1245

Conference

Conference2020 APWG Symposium on Electronic Crime Research, eCrime 2020
CityVirtual, Online
Period11/16/2011/19/20

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Scam Pandemic: How Attackers Exploit Public Fear through Phishing'. Together they form a unique fingerprint.

Cite this