---
title: "Cyber Security News Update, Week 19 of 2020 | DuoCircle"
description: "First in a series of three ways hackers are using the COVID-19 pandemic to launch phishing scams. First, small business loans."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-19-of-2020/"
---

Quick Answer

Cybersecurity stories from the week of May 7, 2020: COVID-19-themed scams continued, including financial-aid lures targeting small businesses applying for loans, and unemployment-themed phishing aimed at workers who had lost jobs. Attackers placed malicious ads in the Google Play Store that redirected users to credential-harvesting and subscription-fraud pages. A new wave of phishing campaigns abused pandemic anxiety to push fake guidance and refund offers. And education company Chegg disclosed details of a data breach exposing roughly 40 million accounts, including hashed passwords and personal details, underscoring how older breaches keep fueling credential-stuffing attacks against current services.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-19-of-2020%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cyber%20Security%20News%20Update%2C%20Week%2019%20of%202020&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-19-of-2020%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-19-of-2020%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-19-of-2020%2F&title=Cyber%20Security%20News%20Update%2C%20Week%2019%20of%202020 "Share on Reddit") [ ](mailto:?subject=Cyber%20Security%20News%20Update%2C%20Week%2019%20of%202020&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-19-of-2020%2F "Share via Email") 

![Cyber Security](https://media.mailhop.org/duocircle/images/2020/05/smtp-service-2441.jpg) 

First in a series of three ways hackers are using the COVID-19 pandemic to launch phishing scams. First, small business loans. From [ABC7 in Chicago](https://abc7chicago.com/small-businesses-loan-scam-sba-phishing-scams/6136170/), “More help is on the way for _small businesses struggling because of the pandemic_. Nearly 500,000 loans, **totalling $52 billion**, have already been approved. It’s the second round of help for businesses, but along with waiting for money, owners are also facing scammers.”

## Financial Scam

Second, financial relief for individuals. From [KnowBe4](https://blog.knowbe4.com/the-need-for-pandemic-financial-relief-spurs-a-phishing-attack-impersonating-the-u.s.-federal-reserve), “_Scammers use realistic-looking emails and a well-designed website under the guise of the Paycheck Protection Program_ to trick victims into providing banking credentials. One campaign included such a **realistic user experience** that they even were complimentary about its execution.”

## Job Loss Scam

Finally, fear of job loss. From [Forbes](https://www.forbes.com/sites/leemathews/2020/04/28/new-phishing-attacks-prey-on-job-loss-fears-with-fake-zoom-meeting-invites/#669052b14602), “_The Coronavirus pandemic has caused unemployment rates to skyrocket_. Uncertainty is everywhere. Cybercriminals are combining workers’ fear of being laid off with the ubiquity of Zoom meetings to **steal passwords**.” You’ve got to hand it to the hackers. They’re trying every angle imaginable.

[![Phishing](https://media.mailhop.org/duocircle/images/2020/05/smtp-service-2242.jpg)](https://media.mailhop.org/duocircle/images/2020/05/smtp-service-2242.jpg)

## Phishing Phrontier

We’ve seen them go after money. We’ve seen them go after credentials. But we’ve never seen them go after water…until today. From [SC Magazine](https://www.scmagazine.com/home/security-news/cyberattack/israeli-cyber-defenders-warn-of-attacks-on-water-supply/?utm%5Fsource=newsletter&utm%5Fmedium=email&utm%5Fcampaign=SCUS%5FNewswire%5F%7b%7b%27now%27%7Cdate:%27%25Y%25m%25d%27%7d%7d&hmSubId=%7b%7bcontact.cms%5Fid%5Fencrypted%7d%7d&email%5Fhash=%7b%7bcontact.email%7Cmd5%7d%7d&oly%5Fenc%5Fid=1461F5098634C5F), “_Israel’s National Cyber Array issued a notification that cyberattacks have been launched against a variety of water control critical infrastructure targets_. The Cyber Array report noted it was informed on April 23 that attacks had been launched on control and control systems of wastewater treatment plants, pumping stations and sewers.”

This isn’t the first time a thing like this has happened. “The United States suffered a similar attack in 2013.” Can you imagine no sewers and no wastewater treatment plants? We don’t want to.

## Play Store App Ad Scam

Ever click on an ad on your Android phone? May want to stop the next time before you click because that ad may not be what you think. From [eHacking News](https://www.ehackingnews.com/2020/05/hackers-exploit-ad-networks-to-launch.html), “_hackers are exploiting mobile ad networks that take the android users to malicious websites_. The Google play store has **more than 400 apps** that come with ads as a means to generate money for app developers. But recently, _the hackers are exploiting these ad networks with the help of an SDK_ (Software Development Kit). The SDKs help app developers earn money, and the hackers are inserting code to attack the ad network.” Now you know.

## Body Count

_This is not a good time to be a top executive if you want to avoid a phishing attack_. According to [The Hacker News](https://thehackernews.com/2020/04/targeted-phishing-attacks-successfully.html?utm%5Fsource=feedburner&utm%5Fmedium=feed&utm%5Fcampaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29), “In the last few months, multiple groups of attackers successfully compromised corporate email accounts of at least **156 high-ranking officers** at various firms based in Germany, the UK, Netherlands, Hong Kong, and Singapore. Dubbed ‘PerSwaysion,’ _the newly spotted cyberattack campaign leveraged Microsoft file-sharing services_, including Sway, SharePoint, and OneNote, to launch highly **targeted phishing attacks**.”

Like we’ve been [warning](/phishing-protection/microsoft-office-365-a-phishing-attack-waiting-to-happen/#more-13649), Office 365 native [email security service](/) is not good. Think these top executives wished they had listened?

## Rise in Phishing

Quiz: how many cyberattacks have been detected since the beginning of the COVID-19 outbreak? How about **445 million**. According to [Help Net Security](https://www.helpnetsecurity.com/2020/04/29/2020-attack-rate/), “In the first quarter of 2020, the Arkose Labs network recorded the highest attack rate ever seen. **26.5% of all transactions** were fraud and abuse attempts, which is a 20% increase over the previous quarter.”

“_The report revealed that the United States emerged as the top originator of cyberattacks_, with attack levels increasing 20% since the previous quarter. There was a sharp **increase in attacks** originating from other well-established economies, such as the United Kingdom, Germany and Canada.” Apparently COVID-19 isn’t the only virus spreading quickly.

[![Data Hack](https://media.mailhop.org/duocircle/images/2020/05/smtp-service-2243.jpg)](https://media.mailhop.org/duocircle/images/2020/05/smtp-service-2243.jpg)

## Chegg Data Hack

_The education industry was hit recently with a data breach._ From [Security Week](https://www.securityweek.com/chegg-informs-employees-data-breach), “American education technology company Chegg this week sent notifications to its employees to inform them of a **data breach** that occurred earlier this month. An outside hacker may have _illegally obtained employee information for approximately 700 current and former U.S. Chegg employees_. Chegg says the intruders were able to access personally identifiable information (PII) such as employee names and social security numbers.”

It’s a little surprising that an education company isn’t educated on **how to protect** itself from a data breach.

And that’s the week that was.

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 3m  Alert: Fix SPF & DKIM Settings For Your Email Forwarding Set Up Through Microsoft o365 SMTP Server Or Your Emails May End Up In Spam  Jul 20, 2021 ](/blog/announcements/alert-fix-spf-dkim-settings-for-your-email-forwarding-set-up-through-microsoft-o365-smtp-server-or-your-emails-may-end-up-in-spam/)[  News 1m  April Spam Filtering Uptime Report  May 4, 2016 ](/blog/announcements/april-spam-filtering-uptime-report/)[  News 2m  Changes to Spam Filtering Technology  Feb 8, 2023 ](/blog/announcements/changes-to-spam-filtering-technology/)[  News 4m  Cyber Security News Update, Week 1 of 2020  Jan 3, 2020 ](/blog/announcements/cyber-security-news-update-week-1-of-2020/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 19 of 2020","description":"First in a series of three ways hackers are using the COVID-19 pandemic to launch phishing scams. First, small business loans.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-19-of-2020/","datePublished":"2020-05-07T13:11:21.000Z","dateModified":"2025-05-29T13:49:03.000Z","dateCreated":"2020-05-07T13:11:21.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-19-of-2020/"},"articleSection":"announcements","keywords":"","wordCount":705,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2020/05/smtp-service-2441.jpg","caption":"Cyber Security","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Cyber Security News Update, Week 19 of 2020","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-19-of-2020/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Cyber Security News Update, Week 19 of 2020","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-19-of-2020/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 19 of 2020","description":"First in a series of three ways hackers are using the COVID-19 pandemic to launch phishing scams. First, small business loans.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-19-of-2020/","datePublished":"2020-05-07T13:11:21.000Z","dateModified":"2025-05-29T13:49:03.000Z","dateCreated":"2020-05-07T13:11:21.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-19-of-2020/"},"articleSection":"announcements","keywords":"","wordCount":705,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2020/05/smtp-service-2441.jpg","caption":"Cyber Security","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```
