Cyber Circular Information Security Newsletter text over a digital circuit board background with a padlock symbol representing cybersecurity.

July 2025  |  10 minute read

The Information Security Team is excited to provide its monthly newsletter,
keeping the Fitch community informed and engaged in cybersecurity.

A digital representation of a world map formed by glowing blue dots interconnected by bright lines, indicating global network connections or data flow. Prominently displayed text in bold yellow letters on the right side reads: "The Largest Leak of Personal Data Ever." The background is dark, highlighting the vivid blue digital elements symbolizing cybersecurity and data leaks.
Fitchgroup breach advice d
Fitchgroup cyber bkgd 2

The Information Security and Security Operations teams have improved the process for reporting Fitch Group (including Fitch Ratings) data incidents.

Effective immediately, any potential or suspected data incident(s) should be promptly reported by emailing Security Operations at [email protected] to open a ticket.

Swift reporting ensures that risk is quickly mitigated and adherence to specific legal requirements for reporting data incidents.

Fitch Ratings employees: Please note that in the event of an incident or occurrence that is contrary to the requirements identified under any Fitch Ratings or Fitch Group Bulletin applicable to Fitch Ratings, you should submit a ticket in the Exceptions Management System (EMS).

Should you have any questions or need further clarification, please visit the Information Security FX page or contact the Information Security Awareness Team at [email protected].

Picture1

Meet the Information Security Team

July 1 1 fitch profile

Tell us about yourself?

Hi, my name is Ahmad Yusuf. I am always excited about anything technology related, love helping people out the best I can and drawn to community activities.

What are you studying at school?

I’m currently studying Information Systems and Technology at Worcester Polytechnic Institute.

Can you share a fun or surprising fact you’ve learned about cybersecurity during your internship?

Before interning at Fitch Group, I knew that information is a powerful resource that needs to be protected. One surprising fact I’ve learned during my internship is that cybersecurity issues are purely human-driven. It’s been eye opening to see how easily information can be stolen or weaponized, whether through simple data gathering techniques or the lack of security in IoT devices. I’ve also gotten to learn about Fitch Group’s information security hierarchy and the different technologies and methodologies that play a role in keeping data safe. These insights as given me a new mindset about systems, seeing them in a sustainable way that ensures they remain safe, efficient, and resilient against bad actors, not just focusing on how they help.

Have you worked on any interesting projects or tasks so far? What did you enjoy most about them?

One of the most interesting projects I’ve worked on is creating a PowerBI dashboard for tracking the key metrics of our human risk training programs aimed at reducing cybersecurity threats. This project really pushed me to refine my skills and gain confidence, and I enjoyed the process of asking questions and receiving feedback from my managers. It made me feel like I was truly contributing to raising awareness of cybersecurity issues and strengthening our overall security posture. Additionally, these experiences are helping better understand where I want to go in the IT world and are informing my future career decisions.

What’s something you enjoy doing outside of work or school? Any hobbies or interests you’d like to share?

Outside of work, I love going to the gym, listening to music, and going for runs. These hobbies help me unwind and stay balanced.

a blurred, frustrated-looking person sitting in front of an open laptop, surrounded by floating, glowing digital icons representing email envelopes and boxes labeled "Unsubscribe." Prominent text in bold yellow letters on the left side of the image says: "What’s better than clicking 'unsubscribe'?" The visual conveys frustration or overwhelm due to excessive unwanted emails, emphasizing themes related to email security or spam management.

The average person receives more than a dozen spam emails every day, most often using tactics like fake invoices, “password check required” alerts, or urgent account warnings to trick users into clicking.

While that tempting “unsubscribe” link might seem like the easiest way to stop these emails from coming, it can actually confirm your address is real. Even worse, it can take you to sophisticated scam websites.

The Wall Street Journal advises that instead of clicking links in the body of emails from unknown senders, you should use your email app’s built-in list-unsubscribe button, mark messages as spam, or set up filters.

Also, try creating a special email address for use when you’re signing up for newsletters, online promotions, and social media platforms. You’ll be shocked at how often that address gets shared with other companies.

Spam of the Week

This spam email is designed to raise your blood pressure.
Did you really send money to someone you don’t know for something you didn’t buy?

Most likely, no. But scammers are hoping you’ll get mad and respond.

Use your mouse to drag the red bar from right to left and spot the clues.

July 1 phish paypal left
July 1 phish paypal right
Before
After

Update Your Passwords Now

These organizations say they have been hacked recently. If you do business with any of these companies, change your account password and use two-factor authentication wherever possible.

a collection of logos from various companies arranged neatly in two rows: Top Row: Aflac: The logo has the word "Aflac" in blue letters, with the head of a white duck emerging from the letter "f". Erie Insurance: White text reading "Erie Insurance" beside a white icon depicting a stylized clock tower on a solid blue rectangle. Philadelphia Insurance Companies: A navy blue icon of the Liberty Bell beside blue text "Philadelphia Insurance Companies," all on a white background. Krispy Kreme Doughnuts: Text in red script saying "Krispy Kreme," set above a green rounded rectangle with the word "Doughnuts" in white. Bottom Row: McLaren Health Care: Stylized, abstract shapes in shades of blue and grey next to the bold navy-blue word "McLaren," with the words "HEALTH CARE" below in grey. Canva: A circular gradient logo transitioning from teal to purple, with the word "Canva" written in white script at the center. The North Face: Bold black text stacked vertically beside a quarter-circle graphic formed by three curved lines, symbolizing a simplified outline of a mountain face. The image presents these well-known brand logos clearly on a white background.

Want to learn more?

Visit us at the Information Security Team FX site for helpful resources

or contact us at information.securitygroup@thefitchgroup.com

to share interesting articles or suggestions for future newsletter topics.

Get smarter!

A conceptual digital illustration shows a large white smartphone lying flat on a white surface. Emerging vertically from the phone’s screen are several tall, white bookshelves arranged in a row. Each bookshelf is filled with colorful books and magazines, representing a vast digital library. The shelves appear three-dimensional and realistic, giving the impression that a physical library is coming to life from within the device. The phone’s details — including the home button, charging port, and side buttons — are visible, emphasizing the connection between modern technology and access to unlimited information. The image symbolizes e-libraries, digital learning, and the convenience of mobile access to knowledge.

You can now check out our previous newsletters here.

One more thing...

a simple cartoon sketch depicting a bearded, disheveled man standing on a tiny desert island beneath a single palm tree. He's holding a note that reads: "Our e-mail address is…," with the actual address unclear. Near his feet is an open bottle, presumably used for sending messages, emphasizing humorous irony about being isolated yet referencing digital communication. The drawing is minimalistic, outlined with loose pen strokes, and shaded lightly.

Answers to Your
Cybersecurity Questions

a close-up photograph showing someone's hands typing on a mechanical keyboard in front of a computer monitor. The monitor displays a colorful, cartoon-style illustration with playful objects on a table. In the center of the image, bold white text on a highlighted background reads: "SECRET SPOTIFY TRICK YOU SHOULD KNOW," suggesting the content relates to tips or hidden features of Spotify. The setting appears cozy and tech-oriented.

“I was scrolling TikTok and came across a video that showed me how to get Spotify for free. My Spidey sense told me this is a scam. Is it?”

It’s a scam, yes, and a sneaky one that is appearing quite often on TikTok feeds.

The video promises a “quick fix” to get free access to Microsoft Word, Spotify, CapCut, and other software. The video instructs you to “press Windows + R and run PowerShell commands.”

But what it really does is install malware on your computer. Ignore the instructions. Your Spidey sense is correct. 

TLDR’s cyber news service reminds us to download TikTok only from official app stores. A new, dangerous version of TikTok is being promoted on websites and social media that takes screenshots of your phone as you’re using it and transmits the images to scammers. 

a humorous image showing a man dramatically sticking his head out of a window, eyes wide open and mouth agape in exaggerated shock or surprise. The scene is set in a quiet residential neighborhood, with houses neatly aligned and trimmed hedges along a sidewalk. Overlaid text on the bottom-right corner of the image asks: "Is it legal for your neighbor to record you on their doorbell cam?" The words "legal," "your neighbor," and "record you" are emphasized with orange color, highlighting privacy concerns and neighborly surveillance themes.

“More and more homes and businesses have security floodlights, cameras, and ‘Ring’ doorbells. Should we assume we are always being recorded, and is our voice also being recorded for the property owner?”

Generally, yes, you’re being recorded a lot more than you might think. Ring doorbells, for example, record sound up to about 20 to 25 feet from the device. In many cases, both audio and video are saved to the owner’s account and can be reviewed by the property owner at any time.

In the U.S., laws vary by state. Video surveillance is more broadly allowed than audio in the United States. For example, recording inside someone else’s home, apartment hallway, or shared building spaces is often more restricted (you might expect some reasonable privacy in these places, even if you are someone else’s home – at least signage is expected) than front yard/street views. 

Wired reports that for audio recordings, some states require two-party consent to record conversations. However, if you’re speaking loudly near someone’s property, it may still be recorded and considered lawful.

In Europe, privacy laws are tougher. To avoid capturing your neighbor’s property or public areas beyond your boundary, it is recommended that you adjust the motion and audio zones on your device.

O ChatGPT disse: a portrait-style image showing a well-known figure wearing a dark suit jacket against a plain, neutral background. Overlaid text in bold white blocks reads: "BEWARE!! There's a video out there promoting some dental plan with an AI version of me. I have nothing to do with it. -Tom Hanks" The message emphasizes caution regarding misleading or unauthorized use of artificial intelligence-generated likenesses, raising awareness of potential misinformation or deepfake technology.

“How do videos that put words in a person’s mouth affect security? I’ve seen video posts where you hear the person say something; the words were not their own but actually AI-generated.”

These are called “deepfakes.” As AI-generated videos become increasingly convincing, cybercriminals are using deepfakes of executives, HR reps, or family members to trick people into transferring money, divulging credentials, or installing malware on their computers.

A deepfake can also depict public figures making offensive or illegal statements, thereby damaging their reputations, careers, or public trust.

It’s only going to get worse, and unfortunately, being skeptical will be your main line of defense.

Send us your cybersecurity question for possible use in a future newsletter.

Cyber cartoon © 2025 Cartoonstock | Original content © 2025 Aware Force LLC