running project Services AND Cyber-Security (SCS)
BMS-COVID19-fUND
Funded by: UT
Period: Jan, 2021- March, 2022
Contact:
Description:
During the first COVID-19 outbreak in Europe there was a decrease in physical-related crime activities (e.g., property crime) while there was a noticeable surge and shift towards online fraudulent activities. A significant increase was observed in phishing, which has quadrupled during the outbreak. Typical examples reported in the media are zoom phishing emails, fraudulent CEO mails, and phishing emails aimed at healthcare institutions. This sudden rise of COVID-19 phishing fraud as a global problem may be explained by the COVID-19 outbreak. That is, because the social disturbance resulting from a disaster makes society typically more vulnerable to fraudulent activities, hence, more susceptible to phishing attacks. We should be aware of the magnitude of impact these COVID-19 related fraudulent activities may cause. In particular, because this impact is often underestimated. Phishing, apart from its effectivity to gain direct financial gain, is also the typical starting point that leads to successful cyber-attacks and resulting data breaches, of course, associated with all sorts of financial losses. Accumulating all such organizational, as well as societal costs, ask for preventive measures to increase resilience against cyber attacks, such as awareness campaigns, and the ability to timely scale customer support when novel phishing schemes are noticed or expected. Based on these observations, we must recognize the importance of analyzing new phishing behavior that appeared during the pandemic. Therefore, we propose a study on COVID-19 related phishing emails and their malware attachments, to understand better how attackers adapted to new societal conditions. This crime shift and rise may affect organizations, individuals, and society in general. Additionally, we aim to reflect these findings by means of comparative analysis to the pre-COVID-19 period as reported in the literature (from the last couple of years before until the start of COVID-19). This results in our key research question: how do cybercriminals use the instrument of phishing in relation to the COVID-19 pandemic?, with three sub-questions, being: (SQ.1) how do cybercriminals use COVID-19 related topics in their phishing emails?, (SQ.2) what are the characteristics of COVID-19 phishing emails and how do these differ from regular phishing? and (SQ.3) how do COVID-19 related phishing emails co-occur with COVID-19 related trends and events?