A Multivocal Literature Review on Growing Social Engineering Based Cyber-Attacks/Threats During the COVID-19 Pandemic: Challenges and Prospective Solutions

The novel coronavirus (COVID-19) pandemic has caused a considerable and long-lasting social and economic impact on the world. Along with other potential challenges across different domains, it has brought numerous cybersecurity challenges that must be tackled timely to protect victims and critical infrastructure. Social engineering–based cyber-attacks/threats are one of the major methods for creating turmoil, especially by targeting critical infrastructure, such as hospitals and healthcare services. Social engineering–based cyber-attacks are based on the use of psychological and systematic techniques to manipulate the target. The objective of this research study is to explore the state-of-the-art and state-of-the-practice social engineering–based techniques, attack methods, and platforms used for conducting such cybersecurity attacks and threats. We undertake a systematically directed Multivocal Literature Review (MLR) related to the recent upsurge in social engineering–based cyber-attacks/threats since the emergence of the COVID-19 pandemic. A total of 52 primary studies were selected from both formal and grey literature based on the established quality assessment criteria. As an outcome of this research study; we discovered that the major social engineering–based techniques used during the COVID-19 pandemic are phishing, scamming, spamming, smishing, and vishing, in combination with the most used socio-technical method: fake emails, websites, and mobile apps used as weapon platforms for conducting successful cyber-attacks. Three types of malicious software were frequently used for system and resource exploitation are; ransomware, trojans, and bots. We also emphasized the economic impact of cyber-attacks performed on different organizations and critical infrastructure in which hospitals and healthcare were on the top targeted infrastructures during the COVID-19 pandemic. Lastly, we identified the open challenges, general recommendations, and prospective solutions for future work from the researcher and practitioner communities by using the latest technology, such as artificial intelligence, blockchain, and big data analytics.


I. INTRODUCTION
Social engineering (SE) is a method frequently used by hackers and cybercriminals for building strategies to trick people into granting them access to a system by breaking security best practices and standards illegally or even without The associate editor coordinating the review of this manuscript and approving it for publication was Mamoun Alazab . breaking the law. SE tactics are used for a wide variety of malicious events enabled through human interactions. More explicitly, humans are the weakest links in cybersecurity [1]- [4]. SE attempts typically achieve success through one or more steps depending on the ability of the attackers to exploit the victim using psychological manipulations to trick users into making security mistakes, granting them access to sensitive information. The social engineer performs their role as a fraudster, and making an effort to get access to computer networks, sensitive data, and information [2]. Major social engineering cyber-attacks are accomplished through social media platforms such as Facebook, Twitter, Instagram, Snapchat, and YouTube [2], [4], [5].
In the current situation of the novel coronavirus (COVID- 19) pandemic, social engineering is one of the most significant security threats faced by different organizations in both the public and private sectors, as well as end-users [2], [4], [6]. According to a CyberEdge [7] report, ''the number of organizations hit with at least one successful social engineering attack per year is around 79%.'' Similarly, 99% of cyberthreats were observed and executed through human interactions and done with the assistance of social engineering approach [8]. COVID-19, also known as coronavirus pandemic, is a viral disease that first identified in December 2019 in Wuhan, China caused by the ''severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2; formerly called 2019-nCoV)'' [9]. COVID-19 spread with a rapid speed around the world, infecting millions of people in over 188 countries with a high death rate compared to other diseases, reaching over a million fatalities so far [10]. Perc et al. [105] proposed a method to determine the daily growth rates to reduce the risk of global spread of the COVID-19 pandemic. Similarly, Hâncean et al. [106] proposed human-to-human transmission networks and dispersion mechanism of the novel coronavirus. Hâncean et al. [106] shown the spread of novel coronavirus and they inspected the number of cases and deaths during the COVID-19 of the Brazilian cities' populations.
National and international association are essential for combating COVID-19 and other probable epidemics to be more organized for pandemics as early as possible [107]. Science and technology play a significant role in combating COVID-19. Technology assists the research and development by producing drugs, researching vaccines, and providing testing toolkits to overcome this severe pandemic using the emerging technologies such as artificial intelligence, 5G networking, cybersecurity, blockchain, and big data [11].
The motivation behind our research work is that there is no Multivocal Literature Review (MLR) relevant to the rise of social engineering-based cyber-attacks/threats during the COVID-19 pandemic. Also, to identify the main challenges and proposed prospective solutions for social engineering-based cyber-attacks/threats. We systematically conducted this review by following the well-known published standard guidelines [22] and carefully reviewed both formal and grey literature studies. This review will help different organizations and online working-based employees to carry on their work in a secure manner. The main objective of our research study is to detect the state-of-theart and state-of-the-practice social engineering-based techniques, attack methods, and platforms used for conducting cyber-attacks/threats with economic and societal impacts on various organizations. Similarly, we aim to identify the most targeted critical infrastructures and organizations that are This research work provides an MLR related to the rise of social engineering-based cyber-attacks/threats during the COVID-19 pandemic from its start until October 2020.
The proposed MLR study is structured as follows. Section 2 comprehensively explains the social engineering definitions, types, approach, and goals involved. The detailed research methodology is discussed in section 3. Sections 4 and 5 explain the results and discussions from the conducted MLR study. Section 6 explores the motivation behind social engineering cyber-attacks and threats. Finally, section 7 provides the limitations of the study and section 8 presents the conclusion and potential future work from the completed research study.

II. SOCIAL ENGINEERING: DEFINITION, APPROACH AND GOALS
Social engineering ''is the ultimate con-the bag of tricks employed by fraudsters who lie, cheat and steal their way past your organization's security controls. Their goals: theft, fraud or espionage [12].'' Social engineering circumvents all technologies, as well as firewalls. It appeals to hackers because people's lack of awareness often makes their efforts easier. The comprehensive structure of social engineering is shown in Figure 1, including its primary types, approaches, life cycle, and goals [1], [13].

A. TYPES
According to Krombholz et al. [2] and Koyun and Janabi [14], social engineering is mainly divided into four types as discussed below.

1) PHYSICAL
In this type of social engineering approach, the attackers perform some actions like searching for personal data, manuals, memos, and sensitive information in trash and dumpsters. The primary purpose of the attacker is to accumulate information about the victim from physical materials. VOLUME 9, 2021 2) SOCIAL This is the most widely used type of social engineering, in which the social engineers use psychological techniques to convince the target user with tactics like building a relationship, spear phishing, baiting, and reverse social engineering. The most commonly used social techniques for cyber-attacks are phishing, smishing, and vishing conducted via emails, texts, and phone calls.

3) TECHNICAL
The technical type is usually carried out over the internet, where social networking sites are esteemed sources of information. Social engineers frequently use search engines to collect relevant information about the victims. The hackers guess or attempt to crack passwords to collect critical information about the target user. Correspondingly, the hackers and cybercriminals use automated tools as well, such as Matego and Social-Engineer Toolkit (SET) for successful cyber-attacks.

4) SOCIO-TECHNICAL
Socio-technical techniques are the most powerful of social engineering, combining both the social and technical types. The social engineer considers certain factors like social culture of the victim, human behavior, technologies used, and building infrastructure, as well as goals and values [15]. The combination of both social and technical methods heightens the chances of successful social engineering cyber-attacks.

B. APPROACH 1) INFORMATION GATHERING
Information gathering is the most significant phase for social engineers, where they collect and combine every piece of relevant information about the victim. It is the most exhausting and time-consuming part of the attack approach in social engineering. Most social engineers use automated online tools for information gathering by accessing the location, mobile number, and address of the target victim. Attackers apply different methods for getting organizational and individual information, such as soft skills and technical skills, depending the targets. Dumpster diving is one general way of gathering information, including medical records, emails, personal photos, bank statements, resumes, account details, tech support logs, software details, websites visited, and social media handles [16].

2) THREAT MODELING
Threat modeling is a procedural process for discovering the weak points in a system's security. Social engineers try to find bugs or weaknesses in the system to take advantage of while attempting cyber-attacks. A threat model must include the current status of the system and its security, the possibility of new threats, and finally, a mitigation strategy for when the attackers deploy cyber threats. Most importantly, the threat modeling necessitates a rich understanding of objectives and the assets to be protected, along with other environmental factors [17].

3) VULNERABILITY ANALYSIS
Social engineers use a collection of strategies to exploit the vulnerabilities of an organization and individuals to take advantage of the system and gain access to sensitive information. Vulnerability analysis consists of four main steps: an initial assessment of the victim's personality, behaviors, a diagnosis of vulnerabilities in the system, a selection of relevant strategies for successful exploitation of the resources, and vulnerability detection. Then the attackers develop a personalized tactics for cyber-attacks [18]. Attackers often use vulnerability scanners to detect security issues in the target system.

4) EXPLOITATION
When an attacker achieves access due to security weaknesses in a system, then they start to exploit and misuse the resources by collecting sensitive information or disrupting the system availability by demanding money through the use of ransomware malware.

5) POST EXPLOITATION
This phase of social engineering methodology is once the attacker has compromised the system of the victim. At this point, the attacker deals with the collection of crucial relevant information and data. Furthermore, once the attacker knows the security measures of the communication channels, configuration settings, and system networks, the collected data of the target system can be used for continued, future access as per the attacker's desires. Finally, the attacker cleans the pathways they used and stays invisible by setting up backdoors and rootkits [19].

6) REPORTING
Reporting is the final phase, in which the social engineers stop the social engineering cyber-attacks and aggregate the results and documentation.

C. LIFE CYCLE 1) INVESTIGATION
The hackers and cyber criminals first investigate the initial background information like entry points and other weaknesses in the security protocols. In this phase of the SE life cycle, the attacker identifies the victim, gathers background information about the target user, and makes strategies for selecting the attack method.

2) HOOK
The attacker attempts to build a relationship of trust with the victim and tries to convince them of what the attacker needs them to believe. The attacker attempts to take control of the interaction as they engage the victim.

3) PLAY
After building trust with the victim, the attacker exploits the resources available to them and executes the attack on the targeted system to access the information in a timely manner. In this phase, the attacker may disrupt the business or system by siphoning data as well.

4) EXIT
The exit is the final stage of the SE life cycle, in which the attacker concludes the interaction without generating distrust. The attacker eliminates all traces of malicious software code and covers their tracks. Errors made by the authentic users who are targeted are much less obvious, making them tougher to recognize than a malware-based intrusion.

D. GOALS
The specific goals of the social engineers are money, ego, revenge, knowledge, and entertainment [20]. They manipulate people into acting differently than they typically do. They want to fool people into providing valuable data and bits of information. Usually, social engineers don't ever come directly to the victim first. They come to them after gathering information about them or their system, and then they access the target system by fraudulent means. Furthermore, they often establish an immediate connection with the target victim and utilize it as a foundation for building a relationship and an understanding. The attacker uses various approaches for getting relevant information from the victim. Other wellknown goals of a social engineer are service disruption, unauthorized access, and financial gain for themselves or another party that hired them [1].

III. METHODOLOGY
Systematic reviews are frequently used in the software engineering domain to summarize the existing literature studies. Garousi et al. [22] Table 1 which explicitly illustrate the strength and weaknesses of each systematic review study based on formal and grey literature.
MLR is more suitable over the other systematic reviews because it is a form of SLR which provides a robust evidence from both researchers (formal published literature; journal, conference and workshop) and practitioners perspective (grey literature; white papers, website, reports and blogs). MLR's are growing popularity due to bridging a gap between vocal of the industry practitioners and academic researchers. For our current research study, MLR is the most acceptable option because we need information from both formal and grey literature to concisely address our proposed research questions and to identify the current challenges, recommendations, and prospective solutions.
This research study conducted an MLR based on published guidelines and methods [21]- [24]. MLR is consists of three main phases such as; planning, conducting and reporting as shown in Figure 2.

A. RESEARCH QUESTIONS
Our proposed MLR research questions, with brief description, are shown in Table 1.

B. DATA COLLECTION
In this research, we surveyed MRL guidelines and chose those proposed by Garousi et al. [22], as shown in Figure 2. An MLR protocol was documented to delineate the complete strategy for the research study. A team of researchers conducted the MLR, and research studies from a time frame from the start of the COVID-19 pandemic until October 2020 were considered. All team members contributed in all phases of the MLR.

C. SEARCH STRATEGY
The search string was built by finding keywords and their corresponding alternative words from social engineering studies. Then the designated keywords and their alternative words were chained together with the Boolean operators ''AND'' and ''OR'' to express the search string as follows: '

'{Social engineering OR cyber-threats OR cyber-attack OR online attack OR social attack} AND {Method OR technique OR approach OR platform} AND {COVID-19 OR novel coronavirus OR corona OR coronavirus OR SARS-CoV-2 OR 2019-nCoV} AND {Organization OR sector OR place OR location}''
The search strategy of MLR necessitates searching both formal and grey literature. In the first stage, the search string was applied to well-known, source-rich digital libraries, such as Scopus and Google Scholar, to find primary studies from the formal literature. In the second stage, the search string was applied to the Google Search engine to find primary studies from the grey literature.

D. INCLUSION AND EXCLUSION CRITERIA
The following inclusion criteria were used to find related primary studies: • Studies with a focus on social engineering techniques and methods.
• Studies with a focus on cyber threats/attacks during the COVID-19.
• Studies based on empirical evaluation. The following exclusion criteria were used to screen out irrelevant primary studies: • Studies not relevant to the aims of the study. • Studies written in a language other than English.
• Duplicates and repeated studies.

E. QUALITY ASSESSMENT CRITERIA FOR FORMAL AND GREY LITERATURE
The quality assessment criteria for the formal literature were comprised of six questions, as shown in Table 2. Each question's score was calculated based on the Kitchenham et al. guidelines [24]. The final score was calculated by assigning a 1 for ''Yes'' and a 0 for ''No'' for every individual question, with a summation at the end.
For grey literature, we followed the guidelines for grey literature from Garousi et al. [22]. We presented six questions for the grey literature quality assessment criteria, as shown in Table 3. The first tier of grey literature consists of white papers, magazines, government reports, books, and theses. The score for the first tier is equal to 1, a high rank. The second tier of grey literature is comprised of news articles, videos, annual reports, presentations, and websites. The score for the second tier is equal to 0.5, a moderate rank. Finally, the third tier of grey literature contains tweets, blogs, and emails. The score for the third tier is equal to 0, a low rank.

F. STUDY SELECTION
The study selection was comprised of both formal and grey literature from Scopus, Google Scholar, and Google Search engine. Figure 3 shows the distribution of formal and grey literature studies from various sources. The complete MLR study selection procedure is shown in Figure 4.

1) FORMAL LITERATURE SELECTION
In the initial phase, we identified 532 results from Scopus and 1,890 from Google Scholar that were relevant to our proposed research topic. By analyzing the titles, abstracts, and keywords of the papers according to our inclusion and exclusion criteria and removing duplicate papers, the number of papers were reduced to 16 for Scopus and 29 for Google Scholar. By studying the full text of those papers, we finally selected a total of 13 papers from both Scopus and Google Scholar.

2) GREY LITERATURE SELECTION
We used the Google Search engine to locate grey literature. In the initial search, we found 4,590,000 results, as listed on the top results page. By limiting the search to only the first 15 pages [25], due to the collection of more information from Google Search engine. We applied the inclusion and exclusion criteria to the titles and keywords, the number of sources was reduced to 60. Further screening the full texts for relevancy to our topic, we finally selected 39 articles in the form of websites, blogs, reports, news reports, and white papers.

G. DATA EXTRACTION
To answer our research questions, we identified and extracted the relevant information and data by employing the VOLUME 9, 2021 predefined data extraction procedure of MLR guidelines. The collected data are stored in Microsoft Excel spreadsheets for evaluation by including the title, author name, SE technique, SE types, SE methods, SE platform used, type of malicious software used, targeted organizations and sectors, and the year of published articles. Appendix A and Appendix B shown the collected data, including their quality assessment scores for each research questions, along with study title, author name, and year.

H. DATA SYNTHESIS AND ANALYSIS
In the data synthesis phase of the study, the primary studies were carefully evaluated in order to describe the final results. The information and data were collected in the extraction phase, and they were further analyzed to address our research questions and help us draw the conclusions of the proposed study.

A. SOCIAL ENGINEERING TECHNIQUES USED DURING THE COVID-19 PANDEMIC (RQ1)
Numerous social engineering techniques were used by scammers, hackers, and cybercriminals for cyber-attacks with an objective to exploit the victim's systems.
According to our research regarding social engineering techniques, phishing is the most common techniques used by the threat actors at 35%. Email platforms were used as a weapon for leading phishing attacks by using various misleading email links and fake news. Spam is the second highest used social engineering technique, at 16%. Scams were the third most common technique at 14%. For example; scams include contents like; loan emails, COVID-19 tests news, bogus insurance invoices, employment news etc. Moreover, the attackers also used smishing and vishing techniques during the COVID-19 pandemic by sending text messages to and calling mobile numbers, WhatsApp users, and other social media accounts to trick victims, and both techniques combined account for nearly 22% of the overall weightage. Finally, the other techniques such as; spear-phishing, extortion, cyberbullying, cyber-stalking, pre-texting, and fearattacks were executed much less frequently. There are four types of methods used by threat actors for conducting cyber-attacks. In the COVID-19 pandemic cyberattack scenarios, they used the socio-technical method 44% of the time. The hackers also used the technical method  to forcibly attack the victims' systems to get the desired information in 29% of cases. The social method, such as texting or calling the victims and using fake identities to get relevant information about the victims, was also used a total of 23% of the time during the COVID-19 pandemic. Finally, the physical method was also used in a very small amount of cases, only 4%. The overall percentages for the four methods are shown in Figure 6.  Figure 7 shows the platforms used by the attackers for performing social engineering cyber-attacks/threats. Email is the most used platform by a wide margin and is discussed by 52 studies. This correlates exactly with RQ1, in which the top used technique was phishing done mainly via emails. The attackers and cybercriminals also developed fake websites related to the coronavirus with news and data intended to trick users, which is the second most used platform. Similarly, the attackers also developed various mobile applications for coronavirus updates to target the user for accessing and getting information.
The majority of mobile devices that were hacked during the COVID-19 pandemic were targeted with the use of fake applications from the threat actors. Due to the coronavirus, many organizations moved their activities online, and they mostly used platforms like Zoom and Microsoft Teams for online meetings and video conferencing, which have also been hacked many times during the COVID-19 pandemic. Furthermore, WhatsApp as a primary source of communications, was hacked several time times. Other well-known social media platforms were also hacked and used as weapons for conducting social engineering cyber-attacks, as shown in Figure 7.  Figure 8 shows the growth trends of social engineering cyber-attacks/threats using different malicious software. Ransomware is the most cited malicious software used for cyber-attacks on various public and private sector organizations during the COVID-19 pandemic. The generic ''Other Malware'' category is the second most cited, as shown in Figure 8, consisting of various malicious software and cyberattack methods, such as e-skimming, cryptominer software, BEC, DoS, brute-force attempt, DDoS, cyber-sabotage, and malicious URL attacks have also been conducted during the COVID-19 pandemic. Trojan malware was also used in significant amounts. Spyware, spoofing, impersonation, and bots were used at a moderate level, compared to the other topcited categories.
Three types of malicious software were the most commonly used, ransomware, trojans, and bots, as shown in Figure 9 with their specific deployments and families. By count of these unique family, ransomware was used the most with 30 families, trojans second with 19 families, and finally bots third with 7 families. The generic ''Other Malware Family'' includes 13 families, as presented in Figure 9.
The trojan families that were used the most during the COVID-19 Pandemic are; RAT, AZORult, Emotet, KPOT, Nanocore, and Sphinx.
Emotet was used mostly for banking and financial cyber-attacks. Similarly, Netwalker, MAZE, Stealer, Maillot, Covid-lock, Dopper-paymer, and Agent Tesla are ransomware family that was widely used as a threat for demanding money and financial benefits. Furthermore, from the bot family type, Loki-Bots was highly used, and Spider, Remcos, and Info-Stealer from the other malware family were regularly used during the COVID-19 pandemic for cyber-attacks/threats.

E. MOSTLY TARGETED ORGANIZATIONS AND SECTORS DURING COVID-19 CYBER-ATTACKS (RQ5)
Cybercriminals exploit various organizations and industries during the COVID-19 pandemic, such as healthcare, hospitals, private and public sectors, government institutions, banking, and finance. The top targeted organizations are healthcare companies and hospitals due to their weak security setups. The targeting of healthcare organizations carried out by the advanced cyber hackers and attackers.

F. THE ECONOMIC IMPACT OF SOCIAL ENGINEERING CYBER-ATTACKS DURING THE COVID-19 PANDEMIC (RQ6)
The economic impact of social engineering cyber-attacks is rising exponentially with the advancement and general use of new technologies. According to Accenture's annual security report, security breaches increased 67% in the past five years, and in the last year, companies spent $110 billion worldwide for protection against cyber-attacks [26].
During the COVID-19 pandemic, the University of California San Francisco School of Medicine was targeted by hackers with ransomware, and they paid $1.14 million to remove the ransomware [27]. Infosecurity Magazine mentioned that the UK's National Fraud and Cybercrime Reporting Center claimed that online scams had captured 16,352 victims through auction schemes and online shopping during the COVID-19 pandemic and lost approximately £17 million [28]. During the COVID-19 pandemic, two reports from Australia and the US stated that the Australian Competition and Consumer Commission's Scam Watch reports over 2,700 scams causing losses of $16,390,650 AUD and that the Federal Trade Commission of the US estimated that $12 million USD were lost in fraudulent activities [40]. During the COVID-19 pandemic, Wiggen [30] reported that Russian malware targeted Ukraine, encrypting crucial data from computer systems and making it useless; the cost of the damage was estimated more than $10 billion.
According to at least one prediction [31], the Global Cybersecurity Market will total $152 billion USD by 2025 because of the growing concern over cyber-attacks/threats and data breaches that are confronting organizations.

V. DISCUSSION
This review has described social engineering cyberattacks/threats on organizations and critical infrastructure during the COVID-19 pandemic. Throughout this review, we identified social engineering techniques; applied methods; platforms, malicious software, and attack methods used; and finally, the organizations targeted. Information on our proposed research questions is available more in grey literature sources than formal literature, demonstrating that practitioners are more active in providing social engineeringbased cyber solutions and solving security issues as shown in Figure 11. The types of malicious software that have been used was the research question most cited and mentioned because it involves a wide variety of malicious software, relevant software families, and attack methods. Therefore, more research and cyber solutions are needed to address cyber-attacks and threats that come in the form of malicious software. We must secure social media and other communications platforms as well, due to their usage as a weapon for different cyber-attacks. Platforms of cyber-attacks/threats are the second most cited research question in both formal and grey literature, as shown in Figure 11.
Similarly, we also explored the economic impacts of social engineering cyber-attacks with recent estimates and a future projection through 2025. Cyber solutions need to be robust and consistent because of the increasing numbers of cybercriminals, hacktivists, scammers, and extortion groups using different social engineering techniques to exploit critical assets and systems. Phishing attacks were used in different forms, such as spear-phishing, smishing, and vishing, via emails, calls, and text messages. These cyber-attacks can be reduced with awareness campaigns and by applying security email spam filters.
Consequently, solutions to social engineering-based cyber-attacks/threats require a high level of innovation, teamwork, collaboration, and performance. Cyber solutions need to be adaptive and generalizable to various organizations, especially for the healthcare industry and hospitals that are ripe targets for threat actors these days. Social engineering-based cyber solutions require significant research and development to produce outcomes capable of instant incidence response in the case of unexpected and surprising cyber events. Our review is based on the perspectives of both researchers and practitioners and will benefit both academia and industries in carrying out initial assessments for their own research and development.

VI. THE MOTIVATION BEHIND SOCIAL ENGINEERING CYBER-ATTACKS/THREATS A. CHALLENGES
The swift circulation of COVID-19 created potential cybersecurity challenges that need to be addressed to protect victims and critical infrastructure. Our MLR explored several cybersecurity challenges during the COVID-19 pandemic, and after the authors' careful observations and research, we divided these challenges into seven main categories, as shown in Figure 12.

1) REMOTE WORK AND DATA BREACHES
Remote working allows geographically spread out employees to work from various locations to fulfill their assigned tasks. The nature of office work has largely been transferred to remote working spaces due to the COVID-19 pandemic, and the majority of large organizations proceed with their work remotely from home via online platforms. However, the remote working present challenges and provides disclosures for a broad spectrum of social engineering cyber-attacks and cybersecurity issues through emails, file sharing, and access to networks via user devices [32]. In more than 12 countries, 3,000 employees were surveyed; 94% of them suffered from data breaches via cyberattacks, with an average number of 2.17 breaches each [33]. Home networks remain less secure compared to organizational internal networks, possibly posing greater dangers for employees already at a larger risk of cyber-attacks. Also, a large number of people are not trained to work remotely in a secure way. A report from the International Association of IT Asset Managers (IATAM) is cautioning that working from home during the COVID-19 pandemic is allowing for plentiful data breaches [34], [35].

2) SOCIAL SCAMS AND PHISHING
Phishing attacks and scams during the COVID-19 pandemic started in January 2020 and disseminated very quickly, even producing thousands of fake sites and scams every day. UK regulatory authorities noticed a surge in the registration of new webpages related to the COVID-19 pandemic which seems suspicious as threat vectors for exploitation and cyber-attacks [36].
Scams are more prevalent and costly due to the financial situation of most people during the COVID-19 pandemic, as those suffering from income loss and joblessness come under threat from scams. Similarly, scammers further target vulnerable people by posting fake advertisements and news regarding treatment of the coronavirus and vaccines [37]. In these efforts, fraudsters use software tools for scamming and phishing and use subcategories of these techniques, such as spear-phishing, smishing, and vishing. They use different platforms like emails, texts, social media posts, and robocalls, for impersonation schemes [38].

3) FAKE WEBSITES, DOMAINS, THEMES, AND MOBILE APPS
Attackers and cybercriminals continue to build fake websites and mobile apps to steal credentials relevant to financial assistance and personal identification. The threat actors develop themes and website templates that mimic the government and trusted non-governmental organizations, such as the World Health Organization, Internal Revenue Service, and Centers for Disease Control [39].
A statistical report from Palo Alto researchers [40] through the end of March 2020 showed that a total of 116,357 new domain titles and registrations related to COVID-19 were made during that time. They elaborated, ''Out of these, 2,022 are malicious and 40,261 are with high-risk.''

4) PRIVACY AND SECURITY
Numerous organizations and governments have worked on efforts to develop track-and-trace mobile and web applications to empower society to get back to normal and avoid the spread of the COVID-19. Similarly, the rise of digital world services originates at the cost of privacy. However, there is a need for the right balance between institutional response, user access, and information privacy. The use of drones during the COVID-19 pandemic may also violate privacy if the data is stored or transmitted in the form of images and videos. Similarly, cybersecurity-related issues, such as brute force attacks, injections, eavesdropping, replay attacks on the communication channels, and storage drain attacks, need to be addressed to protect end users from various cyberattacks. These privacy and security challenges are causing researchers and practitioners to re-think the application of digital transformation initiatives [62].

5) INFORMATION SECURITY GOVERNANCE
Organizations need to understand where their approaches to information security are truly symbolic. It is essential for organizations to adopt the ''Digital Security Governance'' for their existing security approaches. Digital Security Governance is the ''practitioners and decision makers by providing a deeper understanding of how organizations and their security approaches are actually affected by digitalization'' [42]. The sharing of information by organizations needs to be in accordance with the legal and regulatory authorities as well as digital laws because data can be critical when it is related to business, industry, and personal lives. Software tools should be developed for information mapping according to standard policy and supporting security measures. Research should be performed on where the information of an organization is accessed and by whom and what the existing platforms that generate, process and store information are. Is it in accordance with reasonable security standards or not?

6) SECURE COMMUNICATION CHANNELS
Effective and secure digital communication channels are needed, and they are even more critical during pandemic crisis management and onwards. The disseminated workforce needs secure communication channels to carry out their tasks in a consistent, accurate, and safe manner. Security standards are necessary for organizations to effectively communicate with their employees and to monitor these means of communication for potential security vulnerabilities. Cybersecurity efforts are essential for improving and securing digital devices and networks for promoting business continuity. It is crucial to establish device security because most wearable devices and the ''internet of things'' (IoT) are also vulnerable to cyber-attacks [43].

7) MALWARE AND RANSOMWARE CYBER-ATTACKS
Attackers use different malware and ransomware for resource and system exploitation, as shown in Figure 10, and target critical infrastructures, such as healthcare organizations, hospitals, and banks, for financial gain. Threat actors generally use phishing techniques for a ransomware attack to inject malware code into the victim's computer and network system in order to encrypt it and make the data inaccessible to the victim. The threat actor then tries to extort a monetary payment from the victim in exchange for the key required to decrypt the compromised information files and data. For example, a British research company that was preparing the COVID-19 vaccines to conduct trials was attacked with MAZE ransomware [65]. Cybersecurity experts and researchers need to develop robust software tools for penetration testing, guidelines, and security standards to detect and comprehend the threat landscape and potential cybersecurity vulnerabilities.

B. RECOMMENDATIONS
Social engineering-based cyber-attacks targeted a diversity of victims from secure and intricate organizations to single individuals. The main objective of our proposed recommendations is to protect victims from different kinds of cyberattacks at the initial level and how to mitigate them. These recommendations can be measured as the most minute level of defense for organizations and for end users as well. The following are the proposed recommendations: • Individuals must use strong password practices and apply multi-factor password authentication for accessing their own social media accounts as well as remote devices to limit cyber-attacks from exploiting data breaches and stealing information.
• Organizations must implement user access restrictions and control mechanisms for remote workers to protect them from accessing sensitive data and information and to provide them access only based on their job responsibilities. This will significantly reduce the influence of social engineering cyber-attacks.
• Back up all critical information and data in a consistent manner and keep it safe in an external system, external hard drive, or in a secure cloud storage providers.
• Be conscious of suspicious messages with spelling errors, suspect emails, pop-up advertisements with fake offers, news regarding corona vaccines and treatment, and private and public financial offers. The official authorities never use personal email addresses for sending such information. Always trust and rely on well-known governmental organizations and NGOs for information updates during a pandemic, such as the World Health Organization, the Centers for Disease Control, and the National Institutes of Health.
• Regarding fake websites, themes, domains, and mobile apps, double-check lookalike domains, spelling errors in website headings, and top content information. Authenticate the company's legal website before entering login credentials and other sensitive information.
• Be aware of the common social engineering cyberattacks and threats such as robocalls, phishing, smishing, and vishing and how hackers and cybercriminals target victims by triggering fears of losing access to private data and money.
• Always review the policies on privacy and security of different software's when using it in a remote work environment for conference meetings and telehealth.
• Avoid clicking on suspicious links received from unknown sources that may redirect you to the malicious software and suspicious files to download it on your device and computer systems in the form of coronavirus app, antivirus, etc. Keep your computer and devices security, firewall, and software's up to date.

C. PROSPECTIVE SOLUTIONS 1) TRAINING AND AWARENESS
Organizations' cybersecurity teams, whether their own or third-party hires, must stay focused on detection technologies for the stream of traffic initiating from remote employees. Similarly, the cybersecurity teams must provide an initial level of security awareness for all employees, such as the use of a strong password, secure sharing of data and information, software updates, cookies and session hijacking, detection of malicious URLs, home-based network and router security, protection security for the IoT and wearable devices, and other relevant educational awareness training. More specifically, to educate the remote employees on incident awareness and management to support their cybersecurity teams and improve response times during cyber-attacks/threats. This can be done via simulations of social engineering-based cyber-attacks with remote employees to teach them how to detect, respond, and recover in time.

2) ARTIFICIAL INTELLIGENCE
Artificial intelligence uses machine-learning algorithms on various datasets to perform statistical analysis, allowing for the making of assumptions about behavioral patterns. Algorithms adjust and perform functions according to their programmed purpose and learn from the applied data. According to future predictions, up to 70% of organizations will be adopting artificial intelligence in the domain of cybersecurity [67]. Artificial intelligence-based tools play a significant role in understanding and predicting cyberattacks/threats. A recent survey report from Webroot [44] included 800 respondents among information technology professionals with cybersecurity decision-making powers VOLUME 9, 2021 from Australia, New Zealand, Japan, the US, and the UK. They revealed that 96% of the survey respondents are using artificial intelligence and machine learning tools for cybersecurity. Artificial intelligence systems are currently used for traffic pattern and behavioral detection of zero-day cyberattacks and continue to progress through self-learning, and generating results more quickly and more precise than analysts [45], [46]. Artificial intelligence can improve security performance and predictions of cyber-attacks/threats, malware, trojans, and botnets [47].

3) BIG DATA ANALYTICS AND CYBER RESILIENCE
Cybersecurity attacks are increasing with the emergence of technology, and cybercriminals are using various social engineering and other sophisticated techniques to exploit victims. Various organizations and individuals are suffering cybersecurity attacks and security breaches on a massive scale, especially during the COVID-19 pandemic. Data analytics play a prominent role in leveraging cyber resilience and assist in mitigating and reducing cyber threats and crimes [48]. Big data analytics reviews an enormous amount of data from different historical cyberattacks and can help analysts assess and detect anomalies within computer systems and networks to protect the system from possible future cyberattacks/threats [49], [50]. Using big data analytics with different correlation algorithms for anomaly detection in combination with strong cybersecurity principles can assist organizations in enhancing their cyber resilience [51]. Big data analytics can be significant for accumulating all historical data from cyberattacks and threats related to the COVID-19 pandemic in order to forecast future cyber-threats.

4) BLOCKCHAIN AND THE INTERNET OF THINGS
Wearable and IoT devices are growing very quickly due to current advancements in technology. However, they are vulnerable to cyber-attacks as well, and these devices need  to be secured by protecting sensitive information and user's personal data. One way of protecting these devices is to implement the concept of blockchain technology. Blockchain is a distributed network used by millions around the globe.
In the blockchain, the data of these devices can be added but not copied or changed, and only managed through the use of a computers cluster which is not owned by any single person [52]. By applying the blockchain technology to healthcare IoT and other critical infrastructure, the recent growth in cyber-attacks/threats and theft of information in the age of the COVID-19 pandemic can be reduced. Blockchain technology is stepping up to overcome security apprehensions in the appearance of current cybersecurity breaches [53].

VII. LIMITATIONS OF THE STUDY
One of the limitations of the MLR might be the subjective decisions and search terms used for data extraction process from the grey and formal literature, particularly the use of the three core search engines of Google Search engine, Scopus, and Google Scholar, which may lead to missing some studies in the results. This effect was reduced by imposing the search term limitations and with the use of alternative keywords and repetitions of the search terms. Similarly, the subjectivity of our decisions was further decreased by the authors' detailed, repeated reviews. Grey literature sources signify the voice of practitioners in the real industrial environment. Another possible limitation specifically for the grey literature, however, is that few of the practitioners' recurring opinions overlap with those of other practitioners. To mitigate this effect, we drew our data from reputable reports, blogs, website, whitepapers, and magazines based on our defined quality assessment criteria.

VIII. CONCLUSION AND FUTURE WORK
To the best of our knowledge, no systematic MLR has focused on the emerging social engineering-based cyber-attacks/threats from both the researchers' and the practitioners' perspectives. The COVID-19 pandemic has caused a considerable and long-lasting social and economic impact on the world, and social engineering-based cyber-attacks/threats are one of the primary motives for the present insecurities. Social engineering-based cyber-attacks are based on psychological and systematic techniques to manipulate users that cannot be controlled solely through the use of technology.
The objective of this research study was to detect the stateof-the-art and state-of-the-practice social engineering-based techniques, attack methods, and platforms used for conducting successful cyber-attacks/threats with economic and social impacts on various organizations. This review highlighted the most targeted organizations and critical infrastructure that are exploited by cybercriminals during the COVID-19 pandemic. This research work provided an MLR related to the rise of social engineering-based cyber-attacks/threats since the emergence of the COVID-19 pandemic. In total, 52 primary studies were selected from both formal and grey literature based on published guidelines for conducting an MLR. The review revealed that some of the major social engineeringbased techniques used during the COVID-19 pandemic are phishing, scamming, spamming, smishing, and vishing in combination with the mostly used socio-technical methods of fake emails, websites, and mobile apps used as weaponized platforms for conducting cyber-attacks. Finally, the potential economic impacts of successfully conducted cyber-attacks on various organizations and critical infrastructure were also discussed. Most significantly, we explored open challenges, general recommendations, and prospective solutions by using the latest technology.
From the conducted MLR, several future works were identified that will support security practitioners and researchers in addressing the proposed challenges relevant to cybersecurity by applying their research and development skills to propose new tools, security standards, policies, and frameworks in combination with the use of emerging technologies, such as artificial intelligence, blockchain, and big data analytics. In the future, we intended to propose a framework for training and awareness aimed at the initial level of cybersecurity awareness for organizations and end-users.

APPENDIX A
See Table 5.

APPENDIX B
See Table 6.

MOHAMMAD HIJJI is currently an Assistant
Professor with the Faculty of Computers and Information Technology, University of Tabuk, Saudi Arabia. He is also the Chairman of the Computer Science Department. He works with a range of research centers and government sectors related to artificial intelligence and disaster and emergency management. He is also responsible for developing and teaching postgraduate programs with the Faculty of Computers and Information Technology, University of Tabuk. His research interests include artificial intelligence, cyber security, the Internet of Things (IoT), and disaster and emergency management.
GULZAR ALAM received the B.S. degree in software engineering from the University of Malakand, Pakistan, and the M.S. degree in software engineering from the King Fahd University of Petroleum and Minerals, Saudi Arabia. He has worked as a Software Engineer in various national and international organizations. He also worked as a Research Assistant in many research projects funded by the Deanship of Scientific Research, King Fahd University of Petroleum and Minerals. His research interests include artificial intelligence, software engineering, secure software development life cycles, cyber security, and the Internet of Things (IoT). VOLUME 9, 2021