“Not viewing your email marketing as content is a mistake.” – Chris Baggott

Our digital marketing news roundup will deliver the most essential updates and changes straight to your inbox.

In this digital marketing news roundup, we’ll cover MailChimp’s data breach; Symantec’s new offering to reduce the risk of BEC attacks; a new phishing attack which bypasses Microsoft Office 365 malicious file filters; a replica of Facebook’s single sign-on login screen which snaps users’ passwords; GSC’s alerts for traffic drops and big ranking; a trick web developers are exploiting to detect if users are visiting websites in Chrome’s Incognito Mode; Google opening up .dev domain name registry to everyone; a popular WordPress plugin that leaked access tokens capable of hijacking Twitter accounts; and, a 14-year-old vulnerability in WinRar.

In this article, we’ll cover the most recent digital marketing news on the following topics:

  1. Email: MailChimp’s data breach and, a free guide to protecting O365 emails.
  2. Social Media: Facebook’s new security feature and YouTube’s update on “strikes”.
  3. Search Engines and SEO: Google’s white-paper on “fake news”.
  4. PPC and Advertising: New features for responsive display ads.
  5. Other stuff we found interesting: Hijacked Twitter accounts and a 14-year-old vulnerability in WinRar.

Let’s dig in!


“Existing customers’ email experience should be just as good as prospective customers’ experience. ” – Martin McKenna


Earlier this month we reported that MailChimp’s Mandrill app went bang and now, just a few weeks later, online retailer Master of Malt has been spotted warning some of its customers of a potential breach to their MailChimp account.  The managing director Tim McGuinness reassured “no other personal data of any sort has been compromised”; as if, gaining access to customers’ names and email addresses is a small breach. Nonetheless, McGuinness confirmed the company suspended its access to MailChimp as soon as it noticed the potential breach. Later on, based on the retailer’s discoveries, it was established that two types of spam have been sent; one posing as emails from MailChimp requesting billing details to be updated, and another purporting to be from the UK government regarding tax refunds. 

Digital Marketing News: What Caught Our Attention This Month | EmailOut - the free email marketing software
Digital Marketing News: What Caught Our Attention This Month | EmailOut - the free email marketing software
Digital Marketing News: What Caught Our Attention This Month | EmailOut - the free email marketing software
Digital Marketing News: What Caught Our Attention This Month | EmailOut - the free email marketing software
Digital Marketing News: What Caught Our Attention This Month | EmailOut - the free email marketing software
At the beginning of February, the ICO was informed of yet another personal data breach involving MailChimp. As far as warnings go, customers have been advised not to click on any links in the emails they’ve received; but, we think – with so many breaches and issues – it might be time for MailChimp users to consider an alternative email marketing company, one that offers better value too. Wouldn’t you agree?

Digital Marketing News: What Caught Our Attention This Month | EmailOut - the free email marketing software

Symantec – a cybersecurity software company – is looking into reducing the risk of business email compromise (BEC) attacks with a new offering – Email Fraud Protection; the offering will make it easier to implement and manage Domain-based Message Authentication, Reporting and Conformance (DMARC) for email authenticity. If you are using Symantec products you should know the new offering works together with other services already available in the product portfolio. If you are not, maybe you should start.

Microsoft Office 365

Cybersecurity firm – Avanan – have identified a new phishing attack which is able to bypass Microsoft Office 365 malicious file filters. The attack, dubbed NoRelationship, uses a link parsing weakness in email scanning products to hide malicious links. NoRelationship is able to bypass Microsoft’s Exchange Online Protection (EOP) URL filters, which scan Office documents including .docx, .xlsx and .pptx to warn users when malicious content is detected. The phishing attack includes a .docx attachment containing a malicious link; the link leads to credential harvesting login pages. This, once more, proves we should be careful when clicking on links or downloading files. After all, this is a very common technique used by scammers.

TitanHQ’s Free Guide

Furthermore, as more businesses adopt Microsoft Office 365 cloud-based subscription service the more it turns the service into a profitable prey for persistent hackers; especially those familiar with how O365 works. Hence, TitanHQ decided to take proactive steps and help businesses “hack-proof” their Office 365 environments. How? By publishing a free 2019 Guide to Protecting Office 365 Email from Malicious Malware Attacks. A few of the things the guide examines are targeted attacks on O365; how to strengthen your O365 security against Spam and Malware; advanced phishing protection; O365 offered email protection; data leak prevention; and, increasing profit margins for MSPs.


“If you get bored with social media, it’s because you are trying to get more value than you create.” – Fast Company

It’s been a tough time for Facebook; especially after UK lawmakers compared Mark Zuckerberg and other execs to “digital gangsters”. Conveniently, days after the Digital, Culture, Media and Sport Committee damning report dropped, Facebook released a new security feature. Now, Android users will have more granular control over location data collection. Apple already offers iPhone users three options to choose from; refusing to share location info, always sharing it and only sharing it when the app is in use. However, Android sadly doesn’t give its users those options. They’re either sharing all of the time or not sharing at all. Well, now they don’t have to worry, do they?

Moreover, as if Facebook hasn’t suffered enough drama, it seems phishers are deploying what appears to be a clever new trick to snap people’s Facebook password. How? By presenting convincing replicas of single sign-on login windows on malicious sites. The forgery is so convincing it can dupe even the most vigilant of users. Our advice, always use multi-factor authentication. It might make you look paranoid but better safe than sorry, right?

YouTube is updating the way they give strikes to users who violate their Community Guidelines. Strikes could result in penalties or even removal of accounts. But first, YouTube will give users a one-time warning before handing out further strikes. There’s no penalty involved with receiving a warning; aside from the content which triggered the warning being removed.


“Good SEO work only gets better over time. It’s only search engine tricks that need to keep changing when the ranking algorithms change.” – Jill Whalen

Google Search Console

It seems like Google is now sending alerts and notifications from Google Search Console (GSC) when it detects big ranking and traffic drops. It appears Google is comparing your site clicks and query clicks as reported in the GSC’s performance report. If it notices huge fluctuation, Google may send the notification to those that have verified access to that property in Search Console. Why should you care? Simple. These alerts and notifications help you find issues – sooner rather than later – and address them before they significantly impact your business. Seems like a pretty good reason to care, right?

Google Chrome

Google is about to close a loophole which many companies used to track how people were browsing their website in Chrome. According to 9to5Google, the company is aware of a trick web developers have been exploiting that enables them to detect if a user is visiting a website in Chrome’s Incognito mode. The loophole, allows websites to block visitors from accessing the site’s content, forcing them to switch out of Incognito mode if they want to view the page. By the looks of it, the workaround seems fairly simple. Chrome disables the File System API – which stores application files – when Incognito mode is being used. So, websites looking to block private browsing in Chrome can simply check for this API when a browser loads the page. According to The Verge, the company is set to close this loophole via an opt-in feature with Chrome 74; expected to arrive in April.

Google and “Fake News”

We’ve all heard about “fake news”, right? Nevertheless, everyone has a different perspective on what is considered disinformation or “fake news”. Moreover, providing useful and trusted information at the scale that the Internet has reached is enormously complex and an important responsibility. Hence, Google decided to publish a 30-page white paper which gives more details on how the company will tackle the international spread of disinformation across Google Search, Google News, YouTube and their advertising systems.


“When writing PPC ads, first ask yourself – why should anyone click it?” – Dana DiTomaso

Oh boy, do we have some exciting news for you. We heard Google is rolling out three new features for responsive display ads which are designed to improve functionality and reporting capabilities. Wondering what those features are? No need. We’re here to tell you.

First comes the video assets which allow advertisers to expand their reach to new inventory and improve performance with sight, sound and motion all while scaling ad creation, testing and optimisation.

Secondly, we have the combinations report which provides insight into the performance of different creative asset combinations. This new report shows the top performing asset combinations that are being generated in your responsive display ads. Also, there are separate sections dedicated to combinations based on images, text, dynamic feeds and videos.

Thirdly, Google introduces the new ad strength scorecard which will help advertisers measure how well their responsive display ads are set up before they go live. Google Ads will check for the optimal number of unique headlines, images and descriptions.

Furthermore, Google is upgrading call-only ads adding the option to add up to two 30-character headlines and more text in the description.

Last, but certainly not least, Google Ads has changed the way it calculates mobile speed score on the Landing Pages tab. After all, slow mobile pages can slow down your business and, according to Google, 53% of visits to a mobile site are abandoned if it takes more than three seconds to load. Hence, the company updated the mobile speed score algorithm to require fewer ad clicks in order to calculate a score.


“Marketing’s job is never done. It’s about perpetual motion. We must continue to innovate every day.” – Beth Comstock

Have you ever tried to register your chosen/preferred domain name, only to find out it’s not available? For the first time ever, Google Registry is letting anyone register a domain using the .dev extension, a brand new top-level domain (TLD) dedicated to developers and technology. Google has owned the .dev gTLD since 2015 and when they acquired it, it was intended to be private and reserved for Google’s use only.

A popular WordPress plugin – installed on thousands of websites to help users share content on social media platforms – left linked Twitter accounts exposed to compromise. The plugin, Social Network Tabs, was storing account access tokens in the source code of the WordPress website. Hence, anyone who viewed the source code could see the linked Twitter handle and the access token. According to TechCrunch, among the vulnerable accounts, there were a couple of verified Twitter users, several accounts with tens of thousands of followers, a Florida sheriff’s office, a casino in Oklahoma and more. So, if you’re using the plugin, our advice is – remove it immediately, change your Twitter password and ensure that the app is removed from Twitter’s connected apps to invalidate the token.

If you’re one of the 500 million WinRAR users, we’ve got some disturbing news for you. It appears that the Windows file compression program has just recently fixed more than a 14-year-old code-execution bug which made it possible for attackers to execute malicious code when targets opened a booby-trapped file. According to ArsTechnica, the vulnerability was the result of an absolute path traversal flaw that resided in UNACEV2.DLL; a third-party code library that hasn’t been updated since 2005.  


Let us know what digital marketing news topics and areas you would like us to look out for in the future. Write your requests below, we’ll keep an eye out (or two) so you don’t have to – and all for FREE, of course.

In the meantime, you can take a look at our blog for more digital marketing news, social media marketing, business growth tips and tricks plus, of course, all things email marketing.

Professional Email Marketing | Powered by EmailOut.com

Open your free email marketing account now and we’ll give you 12,500 sends each and every month free, forever.  For up to 2,500 email contacts you’ll never pay us a penny.
If you have more than 2,500 contacts check out our professional email marketing pricing.

Adi Angelova

Author Adi Angelova

More posts by Adi Angelova

Leave a Reply

[YouTube Music Video]
[YouTube Music Video]