IEEE Access (Jan 2021)
COVID-19 and Phishing: Effects of Human Emotions, Behavior, and Demographics on the Success of Phishing Attempts During the Pandemic
Abstract
Phishing is an online scam where criminals trick users with various strategies, with the goal of obtaining sensitive information or compromising accounts, systems, and/or other personal or organisational Information Technology resources. Multiple studies have shown that human factors influence the success of phishing attempts. However, these studies were conducted before the COVID-19 pandemic, which is significant because security reports show that the numbers of phishing attacks have been rapidly increasing since the start of COVID-19. This study investigates the extent to which users’ fear, anxiety and stress levels regarding COVID-19, impact falling for common and COVID-19 themed phishing scams during the outbreak period. Prior studies have depicted the effects of human behaviour on phishing attacks before the pandemic, such as risk-taking preferences and users’ demographic factors, hence this study also focuses on the effects of those factors on the likelihood of phishing victimisation. More concretely, we present the results of a scenario-based roleplay experiment to study the relationship between fear, anxiety, stress, risk-taking, and demographic factors and the success of phishing attacks during the pandemic. The findings indicate that fear of COVID-19 influences the success of COVID-19 specific themed phishing scams, while anxiety, stress, and risk-taking influences the success of both the COVID-19 themed and common phishing scams. Our findings also suggest that the users’ education level impacts common phishing attacks during the pandemic.
Keywords