---
title: "Cyber Security News Update, Week 5 of 2020 | DuoCircle"
description: "FedEx is back in the news for…phishing scams. According to the Tullahoma News, “Law enforcement is warning about a new FedEx phishing scam."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2020/"
---

Quick Answer

Week 5 of 2020 covered six items. A FedEx phishing scam targeted recipients with fake delivery-failure notifications routing them to credential-harvesting pages, mirroring the December surge into the new year. A W-2 scam impersonated executives in payroll departments at the start of US tax-filing season to steal employee tax records for fraudulent returns. The Phishing Phrontier covered a wave of phishing kits abusing legitimate cloud services to host malicious pages that bypass URL reputation tooling. New zero-day disclosures put Internet Explorer and several enterprise products under emergency-patch pressure. An iPhone hack tied to a pegasus-style implant resurfaced in the news after Forensic analysis tied it to high-profile journalist targeting. A US healthcare provider disclosed a phishing-driven email account compromise exposing patient PHI.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-5-of-2020%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cyber%20Security%20News%20Update%2C%20Week%205%20of%202020&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-5-of-2020%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-5-of-2020%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-5-of-2020%2F&title=Cyber%20Security%20News%20Update%2C%20Week%205%20of%202020 "Share on Reddit") [ ](mailto:?subject=Cyber%20Security%20News%20Update%2C%20Week%205%20of%202020&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-5-of-2020%2F "Share via Email") 

![Cyber Security](https://media.mailhop.org/duocircle/images/2020/01/dmarc-report-7470.jpg) 

FedEx is back in the news for…phishing scams. According to the [Tullahoma News](https://www.tullahomanews.com/news/local/law-enforcement-warns-about-new-fedex-phishing-scam/article%5Fd19445a0-3e2f-11ea-abf0-f3bca7373bc4.html), “_Law enforcement is warning about a new FedEx phishing scam_. The company’s customers from across the country, including locals, have received a text message showing a tracking code and asking to click and set delivery preference. The **link is fraudulent**.”

## W2 Scam

“According to a report from [AppRiver](https://www.appriver.com/blog/adp-users-targeted-in-phishing-attack/), the **phishing emails** purport to users that their W2 is now ready. The clickable links in the message lead to domains that were registered the same day as the attack, says the report. _Navigating to the URL will lead to a well-designed phishing page that poses as a legitimate ADP login page and from here the attackers will gather the victims ADP credentials_.”

Expect to see more of this as the tax deadline in the US approaches, if you do not have proper [email security service](/). According to [Security Magazine](https://www.securitymagazine.com/articles/91574-tax-themed-phishing-attack-targeting-adp-users), there’s a “_tax themed email phishing campaign is targeting ADP users_.”

[![email-security-service](https://media.mailhop.org/duocircle/images/2020/01/buy-smtp-7471.jpg)](https://media.mailhop.org/duocircle/images/2020/01/buy-smtp-7471.jpg)

## Phishing Phrontier

_When your computer gets hacked, that one thing. When a life-saving medical device gets hacked, that’s another_. Unfortunately, that’s quickly becoming the new reality. According to [Security Week](https://www.securityweek.com/vulnerabilities-found-ge-healthcare-patient-monitoring-products), “Several potentially **serious vulnerabilities** have been found in patient monitoring products made by GE Healthcare.”

“The vulnerabilities were discovered by CyberMDX researchers during an investigation into GE’s CARESCAPE Clinical Information Center (CIC) Pro product. The analysis ultimately resulted in the discovery of **six flaws** across CIC Pro, patient monitors, servers, and telemetry systems.” That’s unsettling.

## Zero-day Threats

_The greatest challenge in security today is being able to quickly identify unknown, or zero-day, threats_. That was confirmed this week in a new study that revealed “massive gaps in detection time of unknown threats.”

The study from BitDam, [_The Blind Spots of Email Security_](https://www.bitdam.com/email%5Fblind%5Fspots%5Fstudy/), found that “Malicious files and links regularly bypass all the leading email security products, leaving enterprises vulnerable to **email-based attacks** including Ransomware, Phishing and data breaches (and more specifically, Emotet, Dridex, Maze, Lokibot, Wannacry and more).” That’ll keep you up at night.

## Body Count

Microsoft, Microsoft, Microsoft. When will you learn? “_Nearly 250 million Microsoft Customer Service and Support (CSS) records were found exposed to the Internet in five insecure Elasticsearch databases_,” according to an article on [Security Week](https://www.securityweek.com/microsoft-exposed-250-million-customer-support-records).

“The records on those servers contained 14 years’ worth of logs of conversations between support agents and customers, all of which could be **accessed by anyone** directly from a browser, without any form of authentication.” Nice.

[![Cyber Security](https://media.mailhop.org/duocircle/images/2020/01/dmarc-report-7472.jpg)](https://media.mailhop.org/duocircle/images/2020/01/dmarc-report-7472.jpg)

## iPhone Hack

_If the richest man in the world can get his iPhone hacked, what chance have you got_? According to an article on [SC Magazine](https://www.scmagazine.com/home/security-news/bezos-iphone-compromised-by-saudi-prince-report-finds/), “An iPhone belonging to Amazon CEO Jeff Bezos likely was hacked by Saudi Arabian prince Mohammed bin Salman (MBS) or operatives working on his behalf.”

Apparently, bin Salman was trying to strike back at “Bezos, who owns the Washington Post, which had reported extensively about the October 2018 murder by the Kingdom of the Post’s journalist Jamal Khashogi.” _The scary thing is the hack had been used to exfiltrate data from Bezos’ phone for three months_.

## Healthcare Breach

Another week, another healthcare data compromise. This week’s victim? PIH Health, a 2-hospital nonprofit healthcare network based in Whittier, CA. according to the [HIPAA Journal](https://www.hipaajournal.com/nearly-200000-patients-impacted-by-pih-health-phishing-attack/), “_PIH Health discovered the email accounts of certain employees had been accessed by unauthorized individuals as a result of a targeted **phishing attack** on its employees_. The summary on the OCR breach portal indicates up to **199,548 patients** were potentially affected by the attack.” Just another day in cyberspace.

And that’s the week that was.

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 3m  Alert: Fix SPF & DKIM Settings For Your Email Forwarding Set Up Through Microsoft o365 SMTP Server Or Your Emails May End Up In Spam  Jul 20, 2021 ](/blog/announcements/alert-fix-spf-dkim-settings-for-your-email-forwarding-set-up-through-microsoft-o365-smtp-server-or-your-emails-may-end-up-in-spam/)[  News 1m  April Spam Filtering Uptime Report  May 4, 2016 ](/blog/announcements/april-spam-filtering-uptime-report/)[  News 2m  Changes to Spam Filtering Technology  Feb 8, 2023 ](/blog/announcements/changes-to-spam-filtering-technology/)[  News 4m  Cyber Security News Update, Week 1 of 2020  Jan 3, 2020 ](/blog/announcements/cyber-security-news-update-week-1-of-2020/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 5 of 2020","description":"FedEx is back in the news for…phishing scams. According to the Tullahoma News, “Law enforcement is warning about a new FedEx phishing scam.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2020/","datePublished":"2020-01-30T19:17:36.000Z","dateModified":"2025-05-13T14:36:32.000Z","dateCreated":"2020-01-30T19:17:36.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2020/"},"articleSection":"announcements","keywords":"","wordCount":593,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2020/01/dmarc-report-7470.jpg","caption":"Cyber Security","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Cyber Security News Update, Week 5 of 2020","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2020/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Cyber Security News Update, Week 5 of 2020","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2020/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 5 of 2020","description":"FedEx is back in the news for…phishing scams. According to the Tullahoma News, “Law enforcement is warning about a new FedEx phishing scam.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2020/","datePublished":"2020-01-30T19:17:36.000Z","dateModified":"2025-05-13T14:36:32.000Z","dateCreated":"2020-01-30T19:17:36.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2020/"},"articleSection":"announcements","keywords":"","wordCount":593,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2020/01/dmarc-report-7470.jpg","caption":"Cyber Security","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```