Scam Pandemic: How Attackers Exploit Public Fear through Phishing

TL;DR

This study analyzes how cybercriminals exploited public fear during the COVID-19 pandemic by conducting a comprehensive measurement of phishing activities, revealing significant increases and new scam tactics in early 2020.

Contribution

It provides a detailed measurement and analysis of pandemic-related phishing attacks, highlighting the surge and evolution of attack methods during the initial months of COVID-19.

Findings

Phishing traffic increased up to 220% in March and April 2020.

Attackers exploited pandemic-related fear with targeted scams.

Traditional phishing outpaced defenses, indicating gaps in security.

Abstract

As the COVID-19 pandemic started triggering widespread lockdowns across the globe, cybercriminals did not hesitate to take advantage of users' increased usage of the Internet and their reliance on it. In this paper, we carry out a comprehensive measurement study of online social engineering attacks in the early months of the pandemic. By collecting, synthesizing, and analyzing DNS records, TLS certificates, phishing URLs, phishing website source code, phishing emails, web traffic to phishing websites, news articles, and government announcements, we track trends of phishing activity between January and May 2020 and seek to understand the key implications of the underlying trends. We find that phishing attack traffic in March and April 2020 skyrocketed up to 220\% of its pre-COVID-19 rate, far exceeding typical seasonal spikes. Attackers exploited victims' uncertainty and fear related to the pandemic through a variety of highly targeted scams, including emerging scam types against which current defenses are not sufficient as well as traditional phishing which outpaced the ecosystem's collective response.