Mazephishing: the COVID-19 pandemic as credible social context for social engineering attacks

Although the pandemic is certainly not the first occurrence of socially disruptive circumstances that drive cyber criminals to action, relevant academic scholarship has remained scarce. To fill this gap in literature, and propose the analytical framework of mazephishing that places particular emphasis on the importance of credible social context in the functioning of the online scam ecosystem, we carried out a content analysis of international news stories reporting on social engineering attacks. Our results indicate that criminals make heavy use of social context and impersonation to make scams seem more credible, including health information, personal protective equipment, cures, financial relief and donations. Our analysis also shows a significant presence of principles of persuasion in the circulated scam attempts.