---
title: "Cyber Security News Update, Week 1 of 2020 | DuoCircle"
description: "Hackers are at it again using PayPal to dupe unsuspecting users into stealing their data."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-1-of-2020/"
---

Quick Answer

Week 1 of 2020 covered: a PayPal phishing campaign using fake unusual-activity alerts to steal credentials, with attackers limiting accounts until victims confirm identity through a phishing link; Cyware's recap of 2019's top phishing scams (Amazon Prime impersonation, fake YouTube and Instagram money offers, free iPhone giveaways, website feedback form spam, and payment system impersonation); a phishing campaign targeting US college students' federal financial aid refunds; a data breach at wealth management firm Moss Adams via a compromised employee email account exposing names and Social Security numbers; a Wyze Labs database leak exposing data on 2.4 million users; and a ransomware attack at telemarketer The Heritage Company that shut operations even after ransom was paid.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-1-of-2020%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cyber%20Security%20News%20Update%2C%20Week%201%20of%202020&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-1-of-2020%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-1-of-2020%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-1-of-2020%2F&title=Cyber%20Security%20News%20Update%2C%20Week%201%20of%202020 "Share on Reddit") [ ](mailto:?subject=Cyber%20Security%20News%20Update%2C%20Week%201%20of%202020&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-1-of-2020%2F "Share via Email") 

![Cyber Security](https://media.mailhop.org/duocircle/images/2020/01/spf-permerror-7312.jpg) 

Hackers are at it again using PayPal to dupe unsuspecting users into stealing their data. According to [The Payers](https://thepaypers.com/digital-identity-security-online-fraud/a-new-paypal-phishing-attack-steals-data-by-promising-to-secure-accounts--1240082), “_researchers have spotted an ongoing phishing campaign targeting PayPal customers, where hackers are trying to gain access to customers’ credentials to the payment service_.”

The article went on to say, “Targeted customers receive emails camouflaged as ‘unusual activity’ alerts warning them of suspicious logins from unknown devices, with the hidden **purpose of stealing** all their credentials and financial info. To make sure that the potential victims are willing to click on the link embedded within the phishing message, the attackers say that their accounts are limited until they are secured by confirming their identity.”

To help mitigate this, consider using [text to speech](https://murf.ai/text-to-speech) technology to verify the authenticity of messages, as it can read the content aloud and highlight suspicious links or unfamiliar terms that might indicate a phishing attempt.

## Scams of the Year

According to [Cyware](https://cyware.com/news/heres-a-list-of-prominent-attack-vectors-that-made-way-for-new-scams-and-phishing-in-the-third-quarter-of-2019-632ec0e4), here are the top five phishing-related scams in 2019:

1. **Targeting Amazon Prime users**: most of these scams were carried out via phishing emails which included a link to a fake Amazon login page in order to lure users.
2. **YouTube/Instagram channels to capture personal data**: fake ads that promised to offer a lot of quick and easy money.
3. **Apple iPhone giveaway**: numerous fake websites designed to trick users into ‘free iPhone giveaway scams.’
4. **Spam through website feedback forms**: scammers targeted company mailboxes linked to feedback forms to send spam to people on the outside.
5. **Payment systems used to steal data**: the phishing emails appeared to come from payment systems or banks and asked users to confirm their identity.

[![ email security services](https://media.mailhop.org/duocircle/images/2020/01/spf-record-generator-7313.jpg)](https://media.mailhop.org/duocircle/images/2020/01/spf-record-generator-7313.jpg)

## Phishing Phrontier

Sometimes hackers can be really heartless, going after the most vulnerable victims who do not have proper [email security services](/), like students who need financial aid. But, that’s exactly what has happened according to [OddCrimes.com](http://oddcrimes.com/static/2018/09/15/Education-Department-warns-that-students-on-financial-aid-are-being-targeted-in-phishing-attacks.php).

“_Malicious attackers have recently tried to gain access to students’ financial aid refunds at multiple colleges in a scheme that involves sending fraudulent emails to students_. The target is **federal student aid refunds**, money distributed to students after tuition and other education costs are paid.” Heartless.

## Body Count

_It must be scary to keep you money with a wealth management fund only to find out that they were the victim of a data breach_. That’s exactly what happened to the customers of Moss Adams this week.

According to an article on SC [Magazine,](https://www.scmagazine.com/home/security-news/data-breach/names-social-security-numbers-exposed-in-moss-adams-breach/) “_The accounting, consulting and wealth management firm Moss Adams has posted a cybersecurity incident notice centred on an employee email account that was accessed by an unauthorized person compromising PII_. Some of the information contained in the breached account included names and Social Security numbers of an undisclosed number of customers or employees.” Scary.

## Wyze Labs Breach

This time a lab that experienced a data breach wasn’t actually a healthcare company. [Wyze Labs](https://www.scmagazine.com/home/security-news/data-breach/wyze-labs-data-breach-exposes-2-4-million-includes-phi/), a manufacturer of security cameras and smart devices, “has _confirmed a data breach that left exposed a database containing information on reportedly **2.4 million** of its users_. The exposed database contained a large amount of personal, product and some medical information.” Ah, there’s the medical breach.

_It’s ironic when a company dedicated to security fails to properly secure their customers’ information_. “The company is in the process of information those affected but did not say when the notifications would be sent.”

[![phishing protection](https://media.mailhop.org/duocircle/images/2020/01/smtp-service-7314.jpg)](https://media.mailhop.org/duocircle/images/2020/01/smtp-service-7314.jpg)

## Heritage Phishing Attack

It’s a shame when a phishing attack impacts employees’ ability to make a living where there is no [phishing protection](/email/phishing-protection) software but that’s [exactly what happened](https://www.scmagazine.com/home/security-news/ransomware/ransomware-shuts-down-the-heritage-company/) at telemarketing firm, The Heritage Company, who became the “_latest ransomware victim to shut down, at least temporarily, its operations even after making a ransom payment to its attackers_.”

“What we hope is just a **temporary setback** is an opportunity for IT to continue their work to bring our systems back and for leadership to restructure different areas in the company in an attempt to recoup our losses which have been hundreds of thousands of dollars,” wrote the CEO.

And that’s the week that was.

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 3m  Alert: Fix SPF & DKIM Settings For Your Email Forwarding Set Up Through Microsoft o365 SMTP Server Or Your Emails May End Up In Spam  Jul 20, 2021 ](/blog/announcements/alert-fix-spf-dkim-settings-for-your-email-forwarding-set-up-through-microsoft-o365-smtp-server-or-your-emails-may-end-up-in-spam/)[  News 1m  April Spam Filtering Uptime Report  May 4, 2016 ](/blog/announcements/april-spam-filtering-uptime-report/)[  News 2m  Changes to Spam Filtering Technology  Feb 8, 2023 ](/blog/announcements/changes-to-spam-filtering-technology/)[  News 5m  Cyber Security News Update, Week 1 of 2021  Jan 2, 2021 ](/blog/announcements/cyber-security-news-update-week-1-of-2021/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 1 of 2020","description":"Hackers are at it again using PayPal to dupe unsuspecting users into stealing their data.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-1-of-2020/","datePublished":"2020-01-03T16:04:45.000Z","dateModified":"2025-04-10T14:01:37.000Z","dateCreated":"2020-01-03T16:04:45.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-1-of-2020/"},"articleSection":"announcements","keywords":"","wordCount":671,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2020/01/spf-permerror-7312.jpg","caption":"Cyber Security","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Cyber Security News Update, Week 1 of 2020","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-1-of-2020/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Cyber Security News Update, Week 1 of 2020","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-1-of-2020/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 1 of 2020","description":"Hackers are at it again using PayPal to dupe unsuspecting users into stealing their data.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-1-of-2020/","datePublished":"2020-01-03T16:04:45.000Z","dateModified":"2025-04-10T14:01:37.000Z","dateCreated":"2020-01-03T16:04:45.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-1-of-2020/"},"articleSection":"announcements","keywords":"","wordCount":671,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2020/01/spf-permerror-7312.jpg","caption":"Cyber Security","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```