---
title: "Cyber Security News Update, Week 3 of 2020 | DuoCircle"
description: "If it’s in the news, it will probably be used in a scam shortly thereafter, and such was the case this week."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-3-of-2020/"
---

Quick Answer

Phishing kits are exploiting fear of Iranian retaliation to harvest Microsoft 365 credentials with fake security-alert emails. PayPal users are being targeted with fake account-limitation notices that redirect to credential-stealing pages. Banking trojans are hiding inside repackaged Android utility apps on third-party stores, abusing accessibility services to read SMS-based 2FA codes. Verizon's 2019 DBIR remains the cited trend baseline: 71% of breaches financially motivated, 32% involving phishing. The Manor Independent School District in Texas lost $2.3 million to a BEC attack involving fake vendor wire-transfer instructions. And the FTC reminded scam victims to file at IdentityTheft.gov for a recovery plan.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-3-of-2020%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cyber%20Security%20News%20Update%2C%20Week%203%20of%202020&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-3-of-2020%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-3-of-2020%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-3-of-2020%2F&title=Cyber%20Security%20News%20Update%2C%20Week%203%20of%202020 "Share on Reddit") [ ](mailto:?subject=Cyber%20Security%20News%20Update%2C%20Week%203%20of%202020&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-3-of-2020%2F "Share via Email") 

![Cyber Security](https://media.mailhop.org/duocircle/images/2020/01/SPF-record-checker-6824.jpg) 

_If it’s in the news, it will probably be used in a scam shortly thereafter, and such was the case this week_. According to an article on [Bleeping Computer](https://www.bleepingcomputer.com/news/security/microsoft-phishing-scam-exploits-iran-cyberattack-scare/), “An attacker is attempting to take advantage of the recent warnings about possible Iranian cyberattacks by using it as a theme for a **phishing attack** that tries to collect Microsoft login credentials.”

“The phishing email goes on to say that in response to this attack, Microsoft was forced to protect their user by locking their email and data on Microsoft’s servers. _To gain full access again to this locked data, the phishing email says that the recipient must log in again_.” You have been warned.

## PayPal Scam

[![IT Governance](https://media.mailhop.org/duocircle/images/2020/01/spf-record-6824.jpg)](https://media.mailhop.org/duocircle/images/2020/01/spf-record-6824.jpg)

Does it ever surprise us when PayPal re-appears in the list of scams? Nope. Such was the case this week when it was reported by [IT Governance](https://www.itgovernance.co.uk/blog/catches-of-the-month-phishing-scams-for-january-2020) that the **“**_Latest PayPal phishing scam goes for more than just your login details_.” According to the article, “It begins with a **standard phishing email**, but victims end up handing over financial and personal details in addition to their login credentials. The scammers’ bait is an email supposedly from PayPal informing recipients that someone has attempted to log in to their account from an unknown device.”

## Phishing Phrontier

_You know you’re in trouble when the ransomware that threatens you is called Snake_. According to [SC Magazine](https://www.scmagazine.com/home/security-news/ransomware/snake-ransomware-tries-to-slither-its-way-into-enterprise-networks/), there is “another **malicious encryption program** that targets large enterprise networks in hopes of scoring big financial payoffs. The latest such threat is called Snake, _a ransomware program written in the Go programming language, with an unusually high level of obfuscation_.”

This is pretty sophisticated malware. “As Snake encrypts each network file, it reportedly appends a random five-character string to the extension, and then within each file it appends the file marker “EKANS” (SNAKE spelled backwards). Before the encryption begins, _it removes shadow copies to thwart recovery efforts_, and kills numerous process related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software and more. _The ransom note, named Fix-Your-Files.txt and found in the desktop folder, provides the victim with an email address to contact for payment instructions._”

## Smartphone Apps Hack

_You have to hand it to hackers. They’re always coming up with new ways to avoid detection_. A report this week from [Phish Labs](https://info.phishlabs.com/blog/threat-actor-abuses-mobile-sensor-evade-detection) said that their “Security Operations Center discovered a new and unique evasion technique. It abuses an experimental feature available in select web browsers: **device motion and orientation events**. More specifically, the phishing attack abuses the gyroscope and accelerometers that have been built into smartphones for more than a decade. The most common uses of these sensors can be seen in those 3D images you see on Facebook, augmented reality street view on Google Maps, or even on Pokémon Go.” Gyroscopes and accelerometers? Go figure.

## Body Count

_No matter how many data breaches at medical facilities we read about in the news, they never seem to stop_. So, either these organizations don’t follow the news or they just don’t care. This week’s victim is the Minnesota-based hospital operator Alomere Health. According to [SC Magazine](https://www.scmagazine.com/home/security-news/data-breach/breach-of-email-accounts-impacts-50000-patients-of-minnesota-hospital/), “Alomere Health this month began notifying patients of a data breach **affecting 49,351 individuals**, after a malicious actor gained access to two employee email accounts. Compromised data includes names, addresses, dates of birth, medical record numbers, health insurance information and diagnosis and treatment details information.”

Perhaps most frustrating of all, is that the hospital said in response to the attack, that it has “put in place additional **security measures** for all of Alomere Health employee email accounts.” _Why is it they had to have a data breach to do that?_

## Manor ISD Phishing

A lot of school districts have been hit by phishing scams lately, but none of them worse than Manor Independent School District (in Austin, TX). According to [CBS Austin](https://cbsaustin.com/news/local/fbi-investigating-after-manor-isd-loses-23m-in-phishing-email-scam), “Manor ISD is facing a **loss of $2.3 million** after police say the district fell victim to an email phishing scam. _Police have not specified how it happened and it’s not clear if the district will get the money back_.”

[![phishing protection software](https://media.mailhop.org/duocircle/images/2020/01/spf-record-check-6852.jpg)](https://media.mailhop.org/duocircle/images/2020/01/spf-record-check-6852.jpg)

The one thing everyone seems to agree on is that scams of this magnitude are pretty rare. They could be extinct if these school districts would invest in [phishing protection software](/email/phishing-protection), but that’s for another time.

## Recovered from the Scam

Every now and then, in the world of phishing scams and ransomware, something good happens and that’s precisely what happened this week. According to [Eyewitness News NY](https://abc7ny.com/5834546/), “_Nassau County **recovers $710,000** sent in phishing scam_.” That’s right, the county that actually fell for a phishing scam, got their money back.

Apparently, “The money ended up in Seattle, where there was an elderly woman. It dropped into her account. She was also set up and was a victim of this scam. The money then moved to several different accounts. _The county was able to recover the money.” Whew!_

And that’s the week that was.

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 3m  Alert: Fix SPF & DKIM Settings For Your Email Forwarding Set Up Through Microsoft o365 SMTP Server Or Your Emails May End Up In Spam  Jul 20, 2021 ](/blog/announcements/alert-fix-spf-dkim-settings-for-your-email-forwarding-set-up-through-microsoft-o365-smtp-server-or-your-emails-may-end-up-in-spam/)[  News 1m  April Spam Filtering Uptime Report  May 4, 2016 ](/blog/announcements/april-spam-filtering-uptime-report/)[  News 2m  Changes to Spam Filtering Technology  Feb 8, 2023 ](/blog/announcements/changes-to-spam-filtering-technology/)[  News 4m  Cyber Security News Update, Week 1 of 2020  Jan 3, 2020 ](/blog/announcements/cyber-security-news-update-week-1-of-2020/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 3 of 2020","description":"If it’s in the news, it will probably be used in a scam shortly thereafter, and such was the case this week.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-3-of-2020/","datePublished":"2020-01-16T19:35:43.000Z","dateModified":"2025-05-20T12:09:24.000Z","dateCreated":"2020-01-16T19:35:43.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-3-of-2020/"},"articleSection":"announcements","keywords":"","wordCount":826,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2020/01/SPF-record-checker-6824.jpg","caption":"Cyber Security","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Cyber Security News Update, Week 3 of 2020","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-3-of-2020/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Cyber Security News Update, Week 3 of 2020","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-3-of-2020/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 3 of 2020","description":"If it’s in the news, it will probably be used in a scam shortly thereafter, and such was the case this week.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-3-of-2020/","datePublished":"2020-01-16T19:35:43.000Z","dateModified":"2025-05-20T12:09:24.000Z","dateCreated":"2020-01-16T19:35:43.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-3-of-2020/"},"articleSection":"announcements","keywords":"","wordCount":826,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2020/01/SPF-record-checker-6824.jpg","caption":"Cyber Security","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```
