The first months of the COVID-19 pandemic witnessed a surge of social engineering attacks. Although the pandemic is certainly not the first occurrence of socially disruptive circumstances that drive cybercrime, relevant academic scholarship has remained scarce. To fill this gap in literature and propose the analytical framework of mazephishing that places particular emphasis on the importance of credible social context in the online scam ecosystem, we carried out a content analysis of (N = 563) international news stories reporting on social engineering attacks. Our results indicate that criminals make heavy use of social context and impersonation to make scams seem more credible. Major themes used in the scam messages include health information, personal protective equipment, cures, financial relief and donations. Additionally, scammers diversify their use of mediums depending on the type of scam being perpetrated. Our analysis also shows a significant presence of principles of persuasion in the circulated scam attempts.
Algarni, A., Y. Xu, and T. Chan (2014) “Social engineering in social networking sites: the art of impersonation”. In 2014 IEEE International Conference on Services Computing, 797–804.
https://doi.org/10.1109/SCC.2014.108
Alsharnouby, M., F. Alaca, and S. Chiasson (2015) “Why phishing still works: user strategies for combating phishing attacks”. International Journal of Human-Computer Studies 82, 69–82.
https://doi.org/10.1016/j.ijhcs.2015.05.005
Atkins, B. and W. Huang (2013) “A study of social engineering in online frauds”. Open Journal of Social Sciences 1, 3, 23–32.
https://doi.org/10.4236/jss.2013.13004
Austin Daily Herald (2020) “MN AG warning of COVID-19 phishing scams”. Available online at
<https://www.austindailyherald.com/2020/03/mn-ag-warning-of-covid-19-phishing-scams/>. Accessed on 21.08.2021.
Bisson, D. (2020) “COVID-19 scam roundup – April 6, 2020”. Available online at
<https://www.tripwire.com/state-of-security/security-awareness/covid-19-scam-roundup-april-6-2020/>. Accessed on 21.08.2021.
Briquelet, K. (2020) “Botox doc busted in COVID-19 scam peddling Trump’s favorite drug”. Available online at
<https://www.thedailybeast.com/botox-doctor-busted-in-covid-19-scam-peddling-trumps-favorite-drug-hydroxychloroquine>. Accessed on 21.08.2021.
Button, M. and C. Cross (2017) Cyber Frauds, scams and their victims. Oxon: Routledge.
https://doi.org/10.4324/9781315679877
Button, M., C. Lewis, and J. Tapley (2009) “Fraud typologies and the victims of fraud: literature review”. London: National Fraud Authority.
Campbell, C. (2020) “Burnaby residents warned of coronavirus face mask scam”. Available online at
<https://www.burnabynow.com/local-news/burnaby-residents-warned-of-coronavirus-face-mask-scam-3116016>. Accessed on 21.08.2021.
Capodanno, K. (2020) “BBB warns of coronavirus text messaging scam”. Available online at:
<https://www.wdbj7.com/content/news/BBB-warns-of-coronavirus-text-messaging-scam-568900021.html>. Accessed on 21.08.2021.
Carter, E. (2021) “Distort, extort, deceive and exploit: exploring the inner workings of a romance fraud”. The British Journal of Criminology 61, 2, 283–302.
https://doi.org/10.1093/bjc/azaa072
Chiew, K. L., K. S. C. Yong, and C. L. Tan (2018) “A survey of phishing attacks: their types, vectors and technical approaches”. Expert Systems with Applications 106, 1–20.
https://doi.org/10.1016/j.eswa.2018.03.050
Chiluwa, I. (2019) “’Congratulations, your email account has won you €1,000,000’: analyzing the discourse structures of scam emails”. In T. Docan-Morgan, ed. The Palgrave handbook of deceptive communication, 897–912. Cham: Springer.
https://doi.org/10.1007/978-3-319-96334-1_46
Cialdini, R. B. (2009) Influence: the psychology of persuasion. HarperCollins e-books.
De, R., N. Pandey, and A. Pal (2020) “Impact of digital surge during Covid-19 pandemic: a viewpoint on research and practice”. International Journal of Information Management 55.
https://doi.org/10.1016/j.ijinfomgt.2020.102171
EC News Desk (2020) “SophosLabs tracks significant uptick in COVID-19 scams and phishing attacks”. Available online at
<https://www.ec-mea.com/sophoslabs-tracks-significant-uptick-in-covid-19-scams-and-phishing-attacks/>. Accessed on 21.08.2021.
Eysenbach, G. (2011) “Infodemiology and infoveillance”. American Journal of Preventive Medicine 40, 5, S154–S158.
https://doi.org/10.1016/j.amepre.2011.02.006
Ferreira, A., L. Coventry, and G. Lenzini (2015) “Principles of persuasion in social engineering and their use in phishing”. In T. Tryfonas and I. Askoxylakis, eds. Human aspects of information security, privacy, and trust, 36–47. (HAS 2015. Lecture Notes in Computer Science, 9190.) Cham: Springer.
https://doi.org/10.1007/978-3-319-20376-8_4
Ferreira, A. and P. Vieira-Marques (2018) “Phishing through time: a ten year story based on abstracts”. In Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP 2018), 225–232.
https://doi.org/10.5220/0006552602250232
Grad, P. (2020) “Router phishing scam targets global fear over coronavirus”. Available online at
<https://techxplore.com/news/2020-03-router-phishing-scam-global-coronavirus.html>. Accessed on 21.08.2021.
Greene, K. K., M. P. Steves, M. F. Theofanos, and J. Kostick (2018) “User context: an explanatory variable in phishing susceptibility”. In Workshop on Usable Security (USEC) 2018.
https://dx.doi.org/10.14722/usec.2018.23016
Hadnagy, C. (2018) Social engineering: the science of human hacking. Indianapolis: Wiley.
https://doi.org/10.1002/9781119433729
Hong, J. (2012) “The state of phishing attacks”. Communications of the ACM 55, 1.
https://doi.org/10.1145/2063176.2063197
Holt, T. J. and D. C. Graves (2007) “A qualitative analysis of advance fee fraud e-mail schemes”. International Journal of Cyber Criminology 1, 137–154. Available online at
<http://www.cybercrimejournal.com/thomas&danielleijcc.htm>. Accessed on 21.08.2021.
Inveiss, M. (2020) “Officials warn of scam “mandatory” COVID-19 tests”. Available online at
<https://www.channel3000.com/officials-warn-of-scam-mandatory-covid-19-tests/>. Accessed on 21.08.2021.
Jagatic, T. N., N. A. Johnson, M. Jakobsson, and F. Mencer (2007) “Social phishing”. Communications of the ACM 50, 10, 94–100.
https://doi.org/10.1145/1290958.1290968
Jakobsson, M. and S. Myers (2007) Phishing and countermeasures: understanding the increasing problem of electronic identity theft. Hoboken, NJ: Wiley.
Jampen, D., G. Gür, T. Sutter, and B. Tellenbach (2020) “Don’t click: towards an effective anti-phishing training: a comparative literature review”. Human-centric Computing and Information Sciences 10, 33.
https://doi.org/10.1186/s13673-020-00237-7
Khonji, M., Y. Iraqi, and A. Jones (2013) “Phishing detection: a literature survey”. IEEE Communi-cations Surveys & Tutorials 15, 4, 2091–2121.
https://doi.org/10.1109/SURV.2013.032213.00009
Kikerpill, K. (2021) “The individual’s role in cybercrime prevention: internal spheres of protection and our ability to safeguard them”. Kybernetes50, 4, 1015–1026.
https://doi.org/10.1108/K-06-2020-0335
Kikerpill, K. and A. Siibak (2019) “Living in a spamster’s paradise: deceit and threats in phishing emails”. Masaryk University Journal of Law and Technology 13, 1, 45–66.
https://doi.org/10.5817/MUJLT2019-1-3
Kikerpill, K. and A. Siibak (2021) “Abusing the COVID-19 Pan(dem)ic: A Perfect Storm for Online scams”. In J. C. Pollock and D. A. Vakoch, eds. COVID-19 in international media: global pandemic perspectives, 249–258. Oxon: Routledge.
https://doi.org/10.4324/9781003181705-25
KNEB (2020) “Scam bill payment calls growing during COVID-19 outbreak”. Available online at
<https://kneb.com/regional-news/scam-bill-payment-calls-growing-during-covid-19-outbreak/>. Accessed 21.08.2021.
Krippendorff, K. (2004) Content analysis: an introduction to its methodology. Thousand Oaks, CA: Sage.
Lallie, H. S., L. A. Shepherd, J. R. C. Nurse, A. Erola, G. Epiphaniou, C. Maple, and X. Bellekens (2020) “Cyber security in the age of COVID-19: a timeline and analysis of cyber-crime and cyber-attacks during the pandemic”. Available online at
<https://arxiv.org/abs/2006.11929>. Accessed on 21.08.2021.
https://doi.org/10.1016/j.cose.2021.102248
Lawson, P., C. J. Pearson, A. Crowson, and C. B. Mayhorn (2020) “Email phishing and signal detection: how persuasion principles and personality influence response patterns and accuracy”. Applied Ergonomics 86.
https://doi.org/10.1016/j.apergo.2020.103084
Levine, S. (2020) “Con artists put new twist on ‘grandparent scam’ during coronavirus pandemic”. Available online at
<https://abc6onyourside.com/on-your-side/con-artists-put-new-twist-on-grandparent-scam-during-coronavirus-pandemic>. Accessed on 21.08.2021.
Liu, P. L. (2020) “COVID-19 information seeking on digital media and preventive behaviors: the mediation role of worry”. Cyberpsychology, Behavior, and Social Networking 23, 10, 677–682.
http://doi.org/10.1089/cyber.2020.0250
Lourie, G. (2020) “Coronavirus: Sassa warns of COVID-19 special grant scam”. Available online at
<https://www.techfinancials.co.za/2020/04/26/coronavirus-sassa-warns-of-covid-19-special-grant-scam/>. Accessed on 21.08.2021.
Montañez, R., E. Golob, and S. Xu (2020) “Human cognition through the lens of social engineering cyberattacks”. Frontiers in Psychology 11, 1755.
http://doi.org/10.3389/fpsyg.2020.01755
Morton, N. (2020) “COVID-19 scam offering grocery vouchers with Coles, Woolworths”. Available online at
<https://www.theleader.com.au/story/6708704/250-supermarket-voucher-too-good-to-be-true-scamwatch-warns/>. Accessed on 21.08.2021.
Mouton, F. and A. de Coning (2020) “COVID-19: Impact on the cyber security threat landscape”.
https://doi.org/10.13140/RG.2.2.27433.52325
Naidoo, R. (2020) “A multi-level influence model of COVID-19 themed cybercrime”. European Journal of Information Systems 29, 3, 306–321.
https://doi.org/10.1080/0960085X.2020.1771222
Nelson, A. (2020) “Covid-19: Why the coronavirus has been given its new name by the WHO – and what it means”. Available online at:
<https://inews.co.uk/inews-lifestyle/travel/covid-19-coronavirus-name-who-china-virus-outbreak-why-explained-1555896>. Accessed on 21.08.2021.
Nguyen, C., M. L. Jensen, A. Durcikova, and R. T. Wright (2020) “A comparison of features in a crowdsourced phishing warning system”. Information Systems Journal 31, 3, 473–513.
https://doi.org/10.1111/isj.12318
Norris, G., A. Brookes, and D. Dowell (2019) “The psychology of internet fraud victimisation: a systematic review”. Journal of Police and Criminal Psychology 34, 231–245.
https://doi.org/10.1007/s11896-019-09334-5
Ogbodo, J. N., E. C. Onwe, J. Chukwu, C. J. Nwasum, E. S. Nwakpu, S. U. Nwankwo, S. Nwamini, S. Elem, and N. Iroabuchi Ogbaeja (2020) “Communicating health crisis: a content analysis of global media framing of COVID-19”. Health Promotion Perspectives 10, 3, 257–269.
https://doi.org/10.34172/hpp.2020.40
Olenick, D. (2020) “World Health Organization warns about coronavirus phishing scams”. Available online at
<https://www.scmagazine.com/home/email-security/world-health-organization-warns-about-coronavirus-phishing-scams/>. Accessed on 06.02.2021.
Palmer, D. (2020) “What is phishing? Everything you need to know to protect yourself from scam emails and more”. Available online at
<https://www.zdnet.com/article/what-is-phishing-how-to-protect-yourself-from-scam-emails-and-more/>. Accessed on 21.08.2021.
Parker, K., J. Menasce Horowitz, and A. Brown (2020) “About half of lower-income Americans report household job or wage loss due to COVID-19”. Pew Research Center. Available online at
<https://www.pewsocialtrends.org/2020/04/21/about-half-of-lower-income-americans-report-household-job-or-wage-loss-due-to-covid-19/>. Accessed 21.08.2021.
Pranggono, B. and A. Arabo (2021) “COVID-19 cybersecurity issues”. Internet Technology Letters 4, 2, e247.
https://doi.org/10.1002/itl2.247
Radicati Group (2020) Email statistics report, 2020–2024. The Radicati Group, Inc.
Richardson, P. (2007) A late dinner: discovering the food of Spain. London: Bloomsbury.
Rigotti, E. and A. Rocci (2006) “Towards a definition of communication context: foundations of an interdisciplinary approach to communication”. Studies in Communication Sciences 6, 2, 155–180.
RiskIQ (2020) “Ransomware attacks the next consequence of the coronavirus outbreak”. Available online at
<https://cdn.riskiq.com/wp-content/uploads/2020/03/Coronavirus-Outbreak-Intelligence-Brief-RiskIQ.pdf>. Accessed on 21.08.2021.
Romm, T. (2020) “‘That can actually kill somebody’: scam robocalls are pitching fake coronavirus tests to vulnerable Americans”. Available online at
<https://www.washingtonpost.com/technology/2020/03/19/robocalls-coronavirus-test/>. Accessed on 21.08.2021.
Salisbury, J. (2020) “Warning over coronavirus scam texts which demand money ‘for leaving the house’”. Available online at
<https://www.southwarknews.co.uk/news/warning-over-coronavirus-scam-texts-which-demand-money-for-leaving-the-house/>. Accessed on 21.08.2021.
Shein, E. (2020) “667% spike in email phishing attacks due to coronavirus fears”. Available online at:
<https://www.techrepublic.com/article/667-spike-in-email-phishing-attacks-due-to-coronavirus-fears/>. Accessed on 21.08.2021.
Sommestad, T. and H. Karlzén (2019) “A meta-analysis of field experiments on phishing suscept-ibility”. In APWG Symposium on Electronic Crime Research (eCrime), 1–14.
https://doi.org/10.1109/eCrime47957.2019.9037502
Stabek, A., P. Watters, and R. Layton (2010) “The seven scam types: Mapping the terrain of cybercrime”. In 2010 Second Cybercrime and Trustworthy Computing Workshop, 41–51.
https://doi.org/10.1109/CTC.2010.14
Steinmetz, K., A. Pimentel, and W. R. Goe (2021) “Performing social engineering: a qualitative study of information security deceptions”. Computers in Human Behavior 124, 106930.
https://doi.org/10.1016/j.chb.2021.106930
Talib, Y. Y. A. and R. M. Saat (2017) “Social proof in social media shopping: an experimental design research”. In The 17th Annual Conference of the Asian Academic Accounting Association.
https://doi.org/10.1051/shsconf/20173402005
Vargo, D., L. Zhu, B. Benwell, and Z. Yan (2021) “Digital technology use during COVID-19 pandemic: a rapid review”. Human Behavior and Emerging Technologies 3, 1, 13–24.
https://doi.org/10.1002/hbe2.242
Venkat, A. (2020) “Phishing campaigns tied to coronavirus persist”. Available online at:
<https://www.bankinfosecurity.com/phishing-campaigns-tied-to-coronavirus-persist-a-13741>. Accessed on 21.08.2021.
Verma, R., D. Crane, and O. Gnawalli (2018) “Phishing during and after disaster: Hurricane Harvey”. In 2018 Resilience Weeks 2018 (RWS), 88-–94.
https://doi.org/10.1109/RWEEK.2018.8473509
Wall, E. (2020) “Irish people issued Garda warning about sick COVID-19 contact tracing text scam”. Available online at
<https://extra.ie/2020/04/09/news/irish-news/irish-people-warned-covid-19-contact-tracing-text-scam>. Accessed on 21.08.2021.
Weisbaum, H. (2020) “How to avoid falling victim to a coronavirus phishing email attack”. Available online at
<https://www.nbcnews.com/better/lifestyle/how-avoid-falling-victim-coronavirus-phishing-email-attack-ncna1137941>. Accessed on 21.08.2021.
WHSV (2020) “Scammers take new approach to classic utility scam amid COVID-19”. Available online at
<https://www.whsv.com/content/news/Scammers-take-new-approach-to-classic-utility-scam-amid-COVID-19-569985421.html>. Accessed on 21.08.2021.
Williams, M. (2020) “Age UK in Sheffield warns of coronavirus scam targeting elderly”. Available online at
<https://www.thestar.co.uk/news/crime/age-uk-sheffield-warns-coronavirus-scam-targeting-elderly-2533732>. Accessed on 21.08.2021.
Williams, E. J. and D. Polage (2018) “How persuasive is phishing email? The role of authentic design, influence and current events in email judgements”. Behaviour & Information Technology 38, 2, 184–197.
https://doi.org/10.1080/0144929X.2018.1519599
Wolff-Mann, E. (2020) “Coronavirus fraud is so bad the FTC made a scam bingo card”. Available online at
<https://finance.yahoo.com/news/coronavirus-fraud-is-so-bad-the-ftc-made-a-scam-bingo-181324962.html?guccounter=1>. Accessed on 21.08.2021.
WMC (2020) “BBB warns of coronavirus-related secret shopper scam”. Available online at
<https://www.wmcactionnews5.com/2020/04/09/bbb-warns-coronavirus-related-secret-shopper-scam/>. Accessed on 21.08.2021.
Wright, R. T., M. L. Jensen, J. B. Thatcher, M. Dinger, and K. Marett (2014) “Research note – influence techniques in phishing attacks: an examination of vulnerability and resistance”. Information Systems Research 25, 2, 385–400.
https://doi.org/10.1287/isre.2014.0522
Zhuang, M., G. Cui, and L. Peng (2018) “Manufactured opinions: the effect of manipulating online product reviews”. Journal of Business Research87, 24–35.
https://doi.org/10.1016/j.jbusres.2018.02.016
Zielinska O. A., A. K. Welk, C. B. Mayhorn, and E. Murphy-Hill (2016) “A temporal analysis of persuasion principles in phishing emails”. Proceedings of the Human Factors and Ergonomics Society Annual Meeting 60, 1, 765–769.
https://doi.org/10.1177/1541931213601175
Zorz, Z. (2020) “Wuhan coronavirus exploited to deliver malware, phishing, hoaxes”. Available online at
<https://www.helpnetsecurity.com/2020/02/03/wuhan-coronavirus-exploited-to-deliver-malware-phishing-hoaxes/>. Accessed on 21.08.2021