March 2025 | 10 minute read
The Information Security Team is excited to provide its monthly newsletter,
keeping the Fitch community informed and engaged in cybersecurity.
The Information Security team is excited to welcome Allison Miller to discuss Deepfakes and what to look out for. Allison Miller is the Founder and CEO of Cartomancy Labs, an advisory firm that guides teams in innovating and solving problems anywhere people, money, and technology connect. Prior to establishing Cartomancy Labs, Allison was the CISO and VP of Trust at Reddit, where she led the cybersecurity, privacy, risk, and safety teams.
Go here to learn more about Allison and mark your calendars. Have a question about Deepfakes? Email [email protected] and we’ll bring it up during our interactive session.
Over the past few months, the AI chatbot DeepSeek has exploded in popularity, becoming one of the most downloaded apps on Apple’s App Store in February. However, this app does not come without risks. Hackers have already found ways to exploit DeepSeek, causing major data breaches and impacting its availability with a distributed denial-of-service (DDoS) attack. Millions of log entries have been exposed, containing sensitive user information, including chat histories and other backend details.
This situation highlights a common industry challenge: Companies often prioritize getting products to market quickly, sometimes at the expense of security and scalability. As these products gain popularity, they attract attention from security researchers and malicious actors, exposing vulnerabilities in the process.
Access Restriction of DeepSeek on Corporate Devices
To protect our company data, DeepSeek will be blocked on all company-issued mobile devices starting April 2, 2025. If you have DeepSeek installed on our company-issued mobile device, please delete it before April 2, 2025, or you will lose access to Fitch data and applications on that device. Also, please note that DeepSeek should not be utilized through any Internet Browsers (i.e. Chrome, Edge, etc.) on corporate devices.
Guidance on DeepSeek Usage on Personal Devices
Given the numerous issues with DeepSeek, we strongly encourage you to delete the DeepSeek application on your personal device if you have it installed there. We have also observed an uptick in malicious links to DeepSeek-related content on social media. The safer way to utilize DeepSeek on your personal devices is to access the offline DeepSeek models via a model provider such as Azure AI Studio.
If you have questions about DeepSeek, please contact us at [email protected].
Helpful Resources
Did you catch last month’s phishing email? In February, all US-based employees received a phishing campaign masquerading as a tax return notification, urging recipients to open a pdf containing a copy of their tax information. This scam exploited a sense of urgency that sensitive information has been incorrectly provided to you.
Read on to discover how to spot this tactic in the future:
Quick Stats
Approximately 2100 Fitch employees were part of the February phishing simulation. Of this population, 45% reported the phish and 1% failed the simulation (i.e. clicked on the link).
This was one of Fitch’s highest-reported phishing simulations on record. Thank you for your vigilance!
Ready to brush up on your phish detecting skills?
Phish Tank is your essential resource for exploring phishing examples from Fitch’s simulation program. These simulations, based on real attacks, enhance your ability to recognize and deflect phishing attempts, helping you better protect against cyber threats. Explore now.
Did you receive an email that looks suspicious?
If you spot a sketchy email in your inbox, use the phishing button in Outlook. It’s a quick and easy way to keep our digital space safe and sound. By flagging these suspicious messages, you’re playing a vital role in protecting our data and avoiding harm to the company.
It’s a quick and easy way to keep our digital space safe and sound. By flagging these suspicious messages, you’re playing a vital role in protecting our data and avoiding harm to the company.
Want to learn more?
Visit us at the Information Security Team FX site for helpful resources
or contact us at information.securitygroup@
to share interesting articles or suggestions for future newsletter topics.
One more thing...
Answers to Your
Cybersecurity Questions
“I got a notification that an old email was found on the dark web with my password. I have long since closed that account and do not use that password for anything else. Is it okay to disregard the notice, or should I be worried? What about old phone numbers that we no longer have?”
— Tammy
Good for you for closing the account — not just deleting it from your computer. You’re in good shape. One thing: make sure the password you used on that old account wasn’t reused on other another account. If it is reused, log in and change it.
Which password manager program do you recommend?
— Carolyn B.
We are careful not to recommend specific products because what’s the best choice for one person might not be for someone else. The New York Times and CNET like 1Password and Bitwarden. TechRadar likes NordPass and Dashlane. They’re all secure. Some cost more than others and offer a range of features like VPNs and multi-factor authentication management.
My husband and I own our home outright. Can someone commit title fraud if our house is in a trust?
— Angela W.
Title fraud, where someone illegally transfers the ownership of a home to themselves and tries to sell or refinance it, occurs in less than 1% of all mortgage applications. Fraudsters typically target homes owned by individuals, as forging a single homeowner’s signature is easier than altering trust documents. A trust significantly reduces the risk of title fraud, but monitoring property records is still good. Keep your mortgage documents in a secure location and consider using a title lock service, which helps protect homeowners from title fraud by keeping an eye on property records.
Cyber cartoon © 2025 Cartoonstock | Original content © 2025 Aware Force LLC