Online Victimization During the Covid-19 Pandemic
George W. Burruss, Ph.D. Department of Criminology
Nathan Fisk, Ph.D. Department of Educational and Psychological Studies
Federico Giovannetti, M.S. MUMA College of Business, DBA program
2 | Online Victimization during the Covid-19 Pandemic
Executive Summary The COVID-19 pandemic has produced unprecedented conditions for increased risk of widespread cybercrime victimization. With strains placed on individuals and families due to COVID effects combined with an ever-increasing reliance on online technologies in everyday life, the U.S. population is more vulnerable to cyberattacks than ever before. This study surveyed 3,000 Floridians to assess their vulnerability to and experiences with cybercrime during the pandemic, asking participants to report on the ways in which the pandemic has impacted their everyday lives, and the ways in which those impacts might make them more vulnerable to online scams, disinformation, and other common forms of cybercrime. Key findings from the research included the following: 1. Use of online platforms for everyday tasks has risen significantly, with online grocery shopping and streaming seeing the most growth. 2. Nearly half of the survey participants reported that they trusted neither the government nor law enforcement to protect them online, suggesting a significant – and potentially warranted – mistrust of the cybersecurity capabilities of the state. 3. Participants reported a concerning reliance on using the same password across sites, 4. A significant proportion of participants reported that they have been exposed to mis- or disinformation online during the pandemic, and a concerning number reported that they would like, share, or otherwise engage with suspicious or false messaging online. Overall, it is critical that the state and nation work to address the threat of mis- and disinformation via online social networks, particularly in instances where public health is at risk. With 1 out of 4 participants stating that they had been frequently exposed to misinformation about the pandemic, and nearly half reporting at least one incident with COVID falsehoods, it is clear that these campaigns have significant reach. Further, the study demonstrates a troubling willingness by a significant portion of participants to engage with potentially fraudulent posts – further amplifying their reach through likes and shares. Perhaps most concerning is the suggestion by the study findings that individuals are more easily persuaded by messages appearing to come from
...the study demonstrates a troubling willingness by a significant portion of participants to engage with potentially fraudulent posts.
government or institutional authorities, rather than media companies or retailers. Further, this suggests that additional educational and awareness campaigns need to be developed that highlight the collective dangers of liking, sharing, or engaging with potentially fraudulent posts.
cyberflorida.org | 3
Cybercrime and Online Victimization During the Covid-19 Pandemic The COVID-19 pandemic has changed the day-to-day lives of Americans in ways that are entirely unprecedented. There has been immense stress wrought by the crisis on the collective public through shifting practices, underemployment, social isolation, closing support services, limited access to emergency healthcare, and, of course, fear of the virus itself, among other pressures and uncertainties. Combined, the crisis has set the conditions for a wave of new cybersecurity vulnerabilities and breakdowns—highlighted by emergent forms of abuse mostly related to COVID-19 mis- and disinformation for fraudulent and political aims. This study was designed to better understand emerging and potentially growing cybercrime threats during the pandemic, as the nation’s everyday activity – including work, social life, and entertainment – moves increasingly online. Our survey was designed to collect insights that would help us answer the following broad questions: I. What is the nature and extent of cybercrime and online victimization during the COVID-19 pandemic? II. What technical changes and pressures have contributed to cybersecurity risk during the COVID-19 pandemic? III. What social changes and pressures have contributed to cybersecurity risk during the COVID-19 pandemic?
Experiences of the Respondents During the COVID-19 Pandemic We conducted a survey of 3,000 Florida residents over the age of 18 to understand the nature and extent of cybercrime and online victimization, brought about by broad sociotechnical changes during the COVID-19 pandemic. The survey was an opt-in online survey that was structured to be representative of the Florida population in 2020. We note that the respondent pools in opt-in surveys are typically better educated and have higher incomes than the general population. All respondents have access to some kind of device that connects to the Internet. The typical survey respondent was White, non-Hispanic (70%), male (51%), and about 43 years old. With regard to COIVD-19, 43.32% of respondents (n=1,466) indicated they were somewhat or very likely to become infected. A smaller proportion thought they might die from an infection (32.40%, n=475). A little over half thought someone in their family would be infected (54.10%, n= 792). Finally, about 40% thought someone in their family might die from infection (n=585). These results show a sizable proportion of the respondents in the study were under stress in considering their vulnerability to COVID-19. We asked a series of questions to gauge the respondents’ experiences with the COVID-19 pandemic, especially regarding their health and employment. We were interested in how stressors from dealing with the pandemic might affect their online behaviors. Table 1 shows a breakdown of the responses to these survey items.
4 | Online Victimization during the Covid-19 Pandemic
Table 1 Details of Respondents Experiences with COVID-19 Pandemic: Health and Employment Employment situation
Number
Percent
Currently employed — YES
734
51%
Currently employed — NO
764
49%
Lost job as a result of the pandemic — YES
213
14.29%
Lost job as a result of the pandemic — NO
1,278
85.71%
Experienced reduced income because of pandemic — YES
545
36.58%
Experienced reduced income because of pandemic — NO
945
63.42%
Number
Percent
Co-workers will become ill from COIVD-19 — YES
353
48.48%
Co-workers will become ill from COIVD-19 — NO
375
51.51%
Lose job because of pandemic — YES
208
28.61%
Lose job because of pandemic — NO
519
71.38%
Lose access to employee benefits — YES
180
24.73%
Lose access to employee benefits — NO
548
75.27%
Because of the pandemic, how fearful that:
Given current situation on a scale from 0 (no chance) to 100 (100% likely), how likely do you think it is for you to… Mean
Standard Deviation
95% Confidence Intervals
Lose your job
21.92
30.54
20.36 23.48
See a reduction in income
34.38
36.05
32.54 36.22
Lose employee benefits such as health insurance
23.11
32.87
21.43 24.79
Get the corona virus because of your job?
26.15
33.04
24.47 27.84
cyberflorida.org | 5
Online Behavior During the COVID-19 Pandemic We asked participants: How has your online behavior for specific activities changed since the coronavirus situation started? Most online activities saw an increase since the pandemic started. The increase was in the order of 30-50% of participants increasing utilization in each activity. The notable exceptions were visiting porn sites (33% decrease) and online dating (42% decrease). The activities that saw the highest increase were streaming movies (53%) and groceries/supplies shopping (49%).
Figure 1 How has your online behavior changed since the beginning of the coronavirus pandemic? Less than before
About the same
More than before
Social media use
9%
49%
42%
Business meetings
18%
33%
49%
Talking with friends
11%
43%
46%
Other social events
21%
40%
39%
Instant messaging
10%
56%
34%
Online banking
6%
63%
31%
Online gaming
12%
48%
39%
Streaming movies
7%
40%
53%
Visiting pornography sites
33%
51%
16%
Buying groceries
11%
40%
49%
Online dating apps
42%
43%
15%
Using credit cards online
8%
53%
39%
Sending money online
12%
51%
37%
Get news traditionally
14%
53%
33%
Get news independent
18%
57%
25%
Note: We also asked about paying with cash for merchandise and services since the pandemic started. Respondents reported 41% less than before, about 49% about the same, and about 10% more than before.
6 | Online Victimization during the Covid-19 Pandemic
We wanted to understand if participants experienced any difficulties or limitations accessing online services. We asked the following questions:
Table 2
Table 3
What is your primary Internet service at home?
What device do you use for most of your Internet activities?
Internet Service Provider
Number
Percent
Device for Internet
Number
Percent
Broadband – Cable
1,034
51.93
Smartphone
786
39.48
Broadband – Fiber
437
21.95
Laptop PC
629
31.59
Cellular – 4G
202
10.15
Desktop PC
376
18.88
Not sure
146
7.33
Tablet
149
7.48
Broadband – Other
73
3.67
Internet-enabled
43
2.16
Other (not broadband or cellular)
53
2.66
Other
8
0.4
Cellular – Other
23
1.16
Total
1,991
100
No home Internet access
23
1.16
Total
1,991
100
Note: Percent may not total 100 due to rounding
Note: Percent may not total 100 due to rounding
Table 4
Table 5
Approximately how old is the device you use for most of your Internet activities? How old is Internet device?
Number
Percent
Less than 1 year
514
25.88
1-3 years
961
48.39
3-6 years
371
18.68
6-9 years
91
4.58
Older than 9 years
49
2.47
Total
1,986
100
Note: Percent may not total 100 due to rounding
What factors restrict your access to the Internet? Factors restricting Internet access
Number
Sharing bandwidth
465
Sharing devices
217
No home Internet
54
Unstable Internet connection
434
Broken computing device
105
Household rule on Internet use
93
Filtered access to Internet
85
Intermittent access from finances
137
Other access issues
623
Note: Respondents selected from all categories that applied
cyberflorida.org | 7
Access to the internet did not appear to be a problem with sampled participants. Over 77% had broadband internet access at home and another 10% had 4G mobile data. Only 1.16% reported not having internet at home. Any restrictions seen came from having to share bandwidth or device. Laptops and smartphones were the most common devices, confirming that most participants are mobile (78%). It is important to point out that because this survey was delivered online, all of the respondents had access to the Internet via computers or smart phones. Thus, the results are likely not representative of the state’s population, especially those without access to the Internet. The next series of questions asked participants how they handle safety and security while interacting online. We asked participants in which ways they learn about cyber security best practices. The leading response was “through news coverage” followed by “from friends and relatives”.
Figure 2 In what ways do you learn about cybersecurity practices? Reading
Newsletters
Friends and Relatives
School/Employer
Community Events
| 0 Percentage
| 25
| 50
l Never
| 75
l Rarely
l Sometimes
| 100
l Often
l Always
8 | Online Victimization during the Covid-19 Pandemic
We also asked participants their perception of how they are protected from cybercrime. The leading mechanisms were technical in nature, with 80% of participants feeling protected by antivirus software and 59% by the Operating System in their computers. In terms of entities, more participants felt better protected by their own knowledge (59%) than by third parties such as their school/employer, local or national law enforcement entities, their internet service providers or friends/ family. Notably, 43% of participants stated that they disagreed that the government protects them online, while 50% disagreed that law enforcement protects. Further 40% of participants answered that they trusted neither the government nor law enforcement to protect them, suggesting a significant – and potentially warranted – mistrust of the cybersecurity capabilities of the state.
Figure 3 The following protects me while online (strongly disagree to strongly agree) My own knowledge
Anti-virus software
Operating system
Internet provider
IT department school/work
Local law enforcement
Government
Family or friends
Cloud provider
| 100
l Strongly disagree
| 50
l Disagree
| Percentage
l Neither agree or disagree
| 50
l Agree
| 100
l Strongly agree
cyberflorida.org | 9
Cybercriminals often cast a wide net, counting on the most vulnerable to fall prey to their crimes. Users that practice common recommendations to keep their systems and themselves safe while online (a.k.a. good cyber hygiene), are less likely to become cyber victims. For example, someone who indiscriminately accepts friend requests from unknown people is more likely to become a victim than someone who does not. Reflecting on their own efforts to protect themselves online, participants reported using an array of different technologies and techniques to keep up their cyber hygiene. While most participants described a layered approach to their security and practices online, including complex passwords, antivirus/malware protection, and regular software updates. However, two concerning trends emerged from the data: many participants reported frequently reuse of passwords across accounts, and relatively few participants reported routinely verifying sources of information.
Figure 4
l Never
l Rarely
l Sometimes
l Often
l Always
Cyber hygiene practices among respondents Complex passwords Anti-virus software Accessed public WIFI Respond unrecognized email Shared geographic info Account info on social media Accept stranger friend requests Talked to strangers online Download from non-secure site Check for software update Shared password Reusing Password on Multiple Sites Update software Online meetings w/o security Verified sources for online info
| 100
| 50
| Percentage
| 50
Notes: The number of respondents varied across cyber hygiene categories, but the lowest number of respondents was 1,563. The percentages reported in the figure for each line are the total for never and rarely categories on the left, the sometimes category in the center, and often and always categories on the right).
| 100
10 | Online Victimization during the Covid-19 Pandemic
We asked participants how many times they had experienced different forms of cyber victimization since March 1, 2020. Considering cyber victimization events that respondents reported experiencing since March 1, the most common event was to encounter false or misleading information about Covid-19 online, which 26% of respondents experienced 3 times or more. Other types of cyber victimization events happening more than 3 times were only experienced by less than 10% of participants, except for receiving an unwanted pornographic picture or message (13%) and impostor solicitation of donations (also about 13% of participants).
Figure 5
l Never
l 1–2 times
l 3–5 times
l 6–9 times
l 10 or more times
Cybercrime victimization levels for respondents Stolen credit card info Harassed online Sent pornographic message Online purchase not delivered Zoom bombed on meeting False charity solicitation False political solicitation False broker solicitation Online data breach Personal info posted w/o permission
Denied online connection Cheating in online game False information about COVID-19
| 100
| 50
| Percentage
| 50
| 100
Notes: The number of respondents varied across cyber victimization events, but the lowest number of respondents was 1,551. The percentages reported in the figure for each line are the total for never and 1-2 times categories on the left, the 3-5 times category in the center, and 6-9 times and 10 or more categories on the right).
cyberflorida.org | 11
Additional Findings Then we asked how respondents had been approached by cybercriminals. While asking such questions can be problematic because a good scam would likely be undetected, the prevalence of suspected activity is relatable. When asked, “Have you experienced receiving an unexpected email that looked like it was coming from a legitimate source asking you to do something?” A majority, 67% of respondents, reported having received such emails. About 7% said that something negative had happened to them by responding to the email solicitation (they were scammed, got a computer virus, identity was stolen, etc.) Of those who had received such email solicitations, about 17% were COVID-19 related. Other ways like social media posts and video conference intrusions did not occur in statistically significant numbers. We further asked, “Have you come across an unexpected social media post that appeared to be from a legitimate source asking you for something unusual?” Only 17% of respondents said they had received such posts. Of those who said yes, about 29% said it was COVID-19 related (n=75). For the majority experiencing this situation (83%), there was no indication that something bad happened; however, 9% of respondents who received the post say their computer was infected or their accounts were hacked (n=23).
Social Media Fraud Vignettes Using two simulated fraudulent messages – based on real messages posted to Facebook – we asked participants how likely they were to engage with suspicious posts. One simulated scam was designed to appear as if it were from a government or non-profit organization, while the other claimed to offer a free Netflix subscription through the duration of the pandemic. The study found significant differences in the likelihood that participants would engage between the two posts.
12 | Online Victimization during the Covid-19 Pandemic
Posting 1: Stimulus Scam
This post used the following social engineering techniques: 1. Exploited the stimulus payment approved by congress, using the capitol building image to emphasize it, as well as the exact dollar amount approved. 2. Impostor component: pretending to be an organization that appears to be legitimately helping with the payments. Notice the “Workers Assistance Alliance” name and logo, as well as a realistic hyper link. 3. Urgency component: uses the word “URGENT” at the beginning of the message prompting readers to act immediately to get the $1,200 payment. 4. Credibility component: the post is shared by someone with an actual name, and shows a number of reactions, comments and shares. After displaying a picture of the posting, we asked respondents about their likelihood of interacting with it in various ways, such as sharing it or clicking on the ‘like’ button. The response choices were a scale of 0% no chance to 100% certainty. The percentages of respondents by likelihood of interacting are reported in Table 7. The implications are discussed at the end of this section.
cyberflorida.org | 13
Table 6 The likelihood of interacting with and view of stimulus social-media post scam Interaction behavior with the social media post
No Chance
Low
Medium
Very high
100% Certainty
Click on the post’s link
686 26.23%
397 15.18%
404 15.45%
280 10.71%
395 15.11%
453 17.32%
2,615 100%
Share or forward the post
1,086 41.53%
313 11.97%
360 13.77%
227 8.68%
260 9.94%
369 14.11%
2,615 100%
Comment on the post
1,288 49.25%
358 13.69%
369 14.11%
165 6.31%
212 8.11%
223 8.53%
2,615 100%
Click on like button
1,103 42.18%
290 11.09%
355 13.58%
216 8.26%
260 9.94%
391 14.95%
2,615 100%
How legitimate is post’s information?
754 467 28.83% 17.86%
677 25.89%
254 9.71%
262 10.02%
201 7.69%
2,615 100%
High
Row Totals
Note: The likelihood values are based on quartiles (e.g., the low category included respondents who indicated between 1% to 25% likelihood of responding to each behavior; medium between 26% to 50%; high between 51% to 75%; and very high 76% to 99%. The ‘no chance’ category option on the survey was 0% and the ‘100% certainty‘ was 100%. For each behavior, the first row is the number of respondents in each category; the second row is the percent with that behavior’s category. A majority of respondents, 85.51% (n=2260/2643), said they currently used Facebook
14 | Online Victimization during the Covid-19 Pandemic
Posting 2: Netflix Scam
This solicitation contained the following social engineering deceiving characteristics: 1. Credible offer from “Netflix”, with the always enticing “free stuff” offer. Note: the text used to describe the offer was taken verbatim from an actual scam that was conducted via text message1. 2. Impostor component: pretending to be “Netflix”. 3. Urgency component: uses the words “Run” and “will end quick”. 4. Credibility component: the post is shared by someone with an actual name, and shows a number of reactions, comments and shares. The likelihood that a respondent would interact with the Netflix scam posting in various ways on their Facebook page is reported in Table 6. For clicking a link listed in the posting, about half of the respondents said there would be no chance they would do so. About 19% of respondents, however, indicated a very high probability of clicking on the link (76% chance or greater). When we looked at the difference between male and female respondents, there was a statistically significant difference, especially in the ‘no change’
https://hotforsecurity.bitdefender.com/blog/free-netflix-pass-because-of-coronavirus-its-a-scam-22691.html
1
cyberflorida.org | 15
category: females at 57% and males at 42%, and the very high category with females at 6% and males at 11% likely to click. The pattern was similar for the other post-interaction behaviors: a slight majority indicated there was ‘no chance’ they would interact with the post; yet at least 10% (about 200 respondents) said indicated a very high chance they would. We were also interested in the impact of losing one’s job due to pandemic’s effect on the economy, hypothesizing that an increase in financial strain would affect judgment about getting free access to online streaming content. When asked about whether respondents lost their job (n=205) and then seeing its effect on interacting with the post, the two categories that were significantly different were at the extremes: those who lost their job were less likely to respond with ‘no chance’ on clicking the post (43% vs. 54%) and were more likely to respond with 100% certainty of clicking (15% vs. 8%).
Table 7 The likelihood of interacting with and view of Netflix social-media post scam. Interaction behavior with the social media post
No Chance
Low
Very high
100% Certainty
Click on the post’s link
1,016 51.08%
247 12.42%
221 11.11%
143 7.19%
162 8.14%
200 10.06%
1,989 100%
Share or forward the post
1,158 58.22%
203 10.21%
219 11.01%
113 5.68%
129 6.49%
167 8.40%
1,989 100%
Comment on the post
1,220 61.34%
232 11.66%
198 9.95%
88 4.42%
113 5.68%
138 6.94%
1,989 100%
Click on like button
1,202 60.43%
174 8.75%
194 9.75%
100 5.03%
136 6.84%
183 9.20%
1,989 100%
How legitimate is post’s information?
986 49.57%
301 15.13%
315 15.84%
121 6.08%
145 7.29%
121 6.08%
1,989 100%
Medium
High
Row Totals
Note: The likelihood values are based on quartiles (e.g., the low category included respondents who indicated between 1% to 25% likelihood of responding to each behavior; medium between 26% to 50%; high between 51% to 75%; and very high 76% to 99%. The ‘no chance’ category option on the survey was 0% and the ‘100% certainty‘ was 100%. For each behavior, the first row is the number of respondents in each category; the second row is the percent with that behavior’s category.
16 | Online Victimization during the Covid-19 Pandemic
Comparing the solicitation posts There is a noticeable difference in how respondents perceived the two solicitations. Where 51% of respondents reported they would absolutely not click on the Netflix post, the same number for the Stimulus post was only 26%. This difference is consistent across the entire table when we looked at the mean values in detail. In other words, the Stimulus vignette looked more credible to respondents than the Netflix vignette (23% more credible in average). We reason that the explanation for these results would be the higher quality and attention to detail (message, graphics, grammar, etc.) in the Stimulus solicitation. Therefore, we conclude that the quality of the deception does make a difference in terms of potential for victimization.
Conclusion While participants reported new exposure to COVID-related suspicious activities online, the state of cyber hygiene remains relatively strong, with users mobilizing a variety of techniques and tools to layer their defenses. This said, there are concerning signs that a significant proportion of the population is vulnerable to forms of online abuse – particularly during times marked by widespread financial strain. While further analysis is needed to confirm the result, these initial findings suggest that there is likely a connection between overall financial stress and the likelihood that any one person might become a victim of cybercrime. During times of crisis, such as the COVID-19 pandemic, strong social supports are needed to ensure that individuals and families are not made more vulnerable to online scams and attempts to harvest sensitive information. In short, it stands to reason that those worst effected by large-scale emergencies are also those most vulnerable to attacks that claim to offer help or support. Moments such as the pandemic provide an ideal opportunity for cyber criminals, potentially increasing the chances that a potential victim will drop their guard and click before they think. It is critical that the state and nation work to address the threat of mis- and disinformation via online social networks, particularly in instances where public health is at risk. With 1 out of 4 participants stating that they had been frequently exposed to misinformation about the pandemic, and nearly half reporting at least one incident with COVID falsehoods, it is clear that these campaigns have significant reach. Further, the study demonstrates a troubling willingness by a significant portion of participants to engage with potentially fraudulent posts – further amplifying their reach through likes and shares. Perhaps most concerning is the suggestion by the study findings that individuals are more easily persuaded by messages appearing to come from government or institutional authorities, rather than media companies or retailers. The COVID-19 pandemic has truly highlighted the very human cybersecurity weaknesses among both national and Floridian populations, demanding further efforts to strengthen our national security posture through educational programs and clear, verifiable channels for disseminating critical information.
cyberflorida.org | 17
...1 out of 4 participants stating that they had been frequently exposed to misinformation about the pandemic, and nearly half reporting at least one incident with COVID falsehoods...
...it is clear that these campaigns have significant reach.
C Y B E R F LO R I D A . O R G | 8 1 3 - 9 74 -2 6 0 4 | 4 2 0 2 E . F O W L E R AV E . , TA M PA , F L 3 3 6 2 0