The COVID-19 pandemic will be remembered as a uniquely disruptive period that
altered the lives of billions of citizens globally, resulting in new-normal for
the way people live and work. With the coronavirus pandemic, everyone had to
adapt to the "work or study from home" operating model that has transformed our
online lives and exponentially increased the use of cyberspace. Concurrently,
there has been a huge spike in social media platforms such as Facebook and
Twitter during the COVID-19 lockdown periods. These lockdown periods have
resulted in a set of new cybercrimes, thereby allowing attackers to victimise
users of social media platforms in times of fear, uncertainty, and doubt. The
threats range from running phishing campaigns and malicious domains to
extracting private information about victims for malicious purposes. This
research paper performs a large-scale study to investigate the impact of
lockdown periods during the COVID-19 pandemic on the security and privacy of
social media users. We analyse 10.6 Million COVID-related tweets from 533 days
of data crawling and investigate users' security and privacy behaviour in three
different periods (i.e., before, during, and after lockdown). Our study shows
that users unintentionally share more personal identifiable information when
writing about the pandemic situation in their tweets. The privacy risk reaches
100% if a user posts three or more sensitive tweets about the pandemic. We
investigate the number of suspicious domains shared in social media during
different pandemic phases. Our analysis reveals an increase in suspicious
domains during the lockdown compared to other lockdown phases. We observe that
IT, Search Engines, and Businesses are the top three categories that contain
suspicious domains. Our analysis reveals that adversaries' strategies to
instigate malicious activities change with the country's pandemic situation