Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
Review
. 2022 Sep;16(5):324-345.
doi: 10.1049/ise2.12073. Epub 2022 Jul 4.

The COVID-19 scamdemic: A survey of phishing attacks and their countermeasures during COVID-19

Ali F Al-Qahtani  1 Stefano Cresci  2
Affiliations
Review

The COVID-19 scamdemic: A survey of phishing attacks and their countermeasures during COVID-19

Ali F Al-Qahtani et al. IET Inf Secur. 2022 Sep.

Abstract

The COVID-19 pandemic coincided with an equally-threatening scamdemic: a global epidemic of scams and frauds. The unprecedented cybersecurity concerns emerged during the pandemic sparked a torrent of research to investigate cyber-attacks and to propose solutions and countermeasures. Within the scamdemic, phishing was by far the most frequent type of attack. This survey paper reviews, summarises, compares and critically discusses 54 scientific studies and many reports by governmental bodies, security firms and the grey literature that investigated phishing attacks during COVID-19, or that proposed countermeasures against them. Our analysis identifies the main characteristics of the attacks and the main scientific trends for defending against them, thus highlighting current scientific challenges and promising avenues for future research and experimentation.

PubMed Disclaimer

Conflict of interest statement

The authors declare that have no conflicts of interest.

Figures

FIGURE 1
FIGURE 1
Complexity and dimensions of phishing attacks. Attacks can exploit several vectors, including websites, emails and Online Social Networks (OSNs), as well as SMSs, robocalls and malwares. As such, defensive techniques leverage a large set of different features to detect possible attacks. Phishing attacks can be perpetrated for a wide array of malicious goals, such as for stealing sensitive information and for financial fraud. This diversity of goals and techniques poses challenges to the detection of phishing attacks
FIGURE 2
FIGURE 2
Frequency of the different techniques used for cyber‐attacks occurred during COVID‐19, over the total number of attacks. The sum of the frequencies exceeds 100% since some attacks used multiple techniques. Phishing includes all its subcategories: smishing, vishing and spear‐phishing
FIGURE 3
FIGURE 3
Relative frequency of the prevalent subcategories of phishing attacks occurred during COVID‐19
See this image and copyright information in PMC

References

    1. Hijji, M. , Alam, G. : A multivocal literature review on growing social engineering based cyber‐attacks/threats during the COVID‐19 pandemic: challenges and prospective solutions. IEEE Access. 9, 7152–7169 (2021). 10.1109/access.2020.3048839 - DOI - PMC - PubMed
    1. Di Pietro, R. , et al.: New dimensions of information warfare. Adv Inf Sec, vol. 84. (2021)
    1. Valiyaveedu, N. , et al.: Survey and analysis on AI based phishing detection techniques. The 2021 International Conference on Communication, Control and Information Sciences (ICCISC’21), vol. 1, pp. 1–6. IEEE; (2021)
    1. Zarocostas, J. : How to fight an infodemic. Lancet. 395(10225), 676 (2020). 10.1016/s0140-6736(20)30461-x - DOI - PMC - PubMed
    1. Ferrara, E. , Cresci, S. , Luceri, L. : Misinformation, manipulation, and abuse on social media in the era of COVID‐19. J Comput Soc Sci. 3(2), 271–277 (2020). 10.1007/s42001-020-00094-5 - DOI - PMC - PubMed

LinkOut - more resources