Your Security

The security of your information is important to us at Pennaluna. We work hard to safeguard your accounts, using the latest technology and security methods. But, we can't do it alone. Only you can protect your personal computer from identity theft. Below are key steps you can take to cut your online risks.

Safeguard Passwords

Make your passwords as obscure or abstract as possible. Avoid obvious numbers and words, such as a maiden name, birth date, or an anniversary, which would be easy to guess. Never give your passwords to anyone, including family or friends.

Protect Yourself from Phishing Scams

Phishing is the mass e-mailing of messages that falsely claim to come from a legitimate business. These messages often provide links to phony Web sites, where you are asked to supply personal information such as passwords, credit card numbers, Social Security numbers, or bank account numbers. Never enter personal information unless you are sure the website is legitimate. You should also be sure the site is encrypted. Look for the letter "s" at the end of "https" at the beginning of the URL address. An example of such a URL address is "https://secure.penntrade.com." This ensures that the site is running in secure mode. Finally, know that PennTrade will never e-mail you requesting that you confirm your personal information or password.

How to Spot Phishing E-Mail

Phishing messages evolve constantly, and they are often difficult to recognize. Sometimes they incorporate realistic company logos and graphics, provide links to the real company's privacy policies, and even include legal disclaimer language at the bottom. To help decide if an e-mail is part of a phishing scam, ask yourself the following: Do I have a relationship with this company? Would I expect this company to contact me this way? Would I expect this company to make this request? If you are uncertain, contact the company by phone. Regarding any e-mail message from PennTrade, you can always contact us at 1-800-953-2860 for verification.

Don't E-Mail Sensitive Data

Most e-mail is not secure or encrypted and should not be trusted to send personal or financial information.

How to Report a Phishing Scam

If you suspect you have received a fraudulent e-mail from PennTrade or Pennaluna, please call 1-800-953-2860 immediately. Additional information about phishing can be found at www.antiphishing.org or www.consumer.gov/idtheft/.

Don't Be a Victim of Session Stealing

Online fraud can happen without ever being noticed by the victim. Cross-Site Request Forgery (CSRF) occurs when you are logged into a website and move to another website without first explicitly logging out of the previous site. It is recommended that you take the following action to help protect your account: Always remember to terminate your PennTrade session by clicking Log Out. If you fail to log out or close your browser, your current session may remain active and your account might be targeted for theft. If you want to go to another website while you are logged in, you should open a different type of browser-not just a new window-to navigate to that site.

Install Up-to-Date Anti-Virus Software

Up-to-date anti-virus software protects your computer against current virus threats. Most commercially available virus protection programs offer automatic weekly and emergency downloads of the latest updates. Scan all your files for viruses at least once per month; more often is better. For the best protection, set up your anti-virus software to scan every file you open.

Install Up-to-Date Anti-Spyware Software

Spyware runs on your computer and can gather private information such as passwords and credit card numbers, deliver unwanted advertising, and monitor your browsing patterns. Spyware is typically hidden in an otherwise harmless program, often in freeware or shareware you download. Before downloading any free software, make sure you know and trust the provider. Some Internet Service Providers (ISPs) offer assistance in finding and removing spyware. The maker of your anti-virus software may also offer anti-spyware protection. Make sure you are protected against this growing threat.

Have a Personal Firewall

Firewalls serve as protective barriers between your computer and the Internet. They prevent unauthorized access to your computer when you're online. Be sure to set up a firewall around your computer. Some ISPs offer firewall software to their customers, and you can buy firewall software or hardware at many computer stores.

Get Security Updates Regularly

Most major software companies regularly release updates or patches to their operating systems to repair security problems. Some websites, such as Microsoft and Apple, offer the ability to scan your computer for missing updates. Check your computer for missing updates at least monthly. For the best protection, set up your computer to receive updates automatically whenever possible.

Protect Your Wireless Home Network

The default configuration of most wireless home networks is not secure. Contact your wireless software vendor for specific information about enabling encryption and strengthening the overall security of your wireless home network.

Be Careful with Wireless Hotspots

The safest action is to avoid using public wireless hotspots. However, if you need to use one, taking a few simple precautions can help protect your computer:

• Install a firewall on all network computers
• Disable wireless connectivity when not in use
• Use reputable encryption software
• Disable wireless ad hoc mode. This will allow only wireless networks that you created to use your wireless software.
• If you are unsure of the security of a wireless hotspot, don't use it for conducting confidential business, such as accessing your work e-mail or financial information.
• Wireless technologies are continuously changing. Consult the manufacturer of your network hardware to ensure you have the most up-to-date security technology.

Safeguard Your Personal Information

A few simple steps can boost protection. For example, shred sensitive documents instead of simply throwing them away. Also, be absolutely sure you know who you're dealing with before giving any personal or financial information. OnGuard Online, a site created by the U.S. Federal Trade Commission (FTC), offers additional information on preventing identity theft.

Avoid Using Your Social Security Number

Ask companies and government agencies you do business with if you can create an alternate customer identifier.

Carefully Review Your Financial Statements

Promptly read any account or credit card statements or correspondence when they arrive. Make sure there are no changes or transactions you did not initiate. If a bill arrives unusually late or not at all, call the company.

Also, be sure to monitor your credit for inaccuracies. As of September 1, 2005, all US residents are entitled to receive one free credit report every 12 months from each of the three nationwide consumer credit reporting agencies: Equifax, Experian and TransUnion. You can request your report at AnnualCreditReport.com.

Learn the Warning Signs of Identity Theft

Identity theft warning signs include:

• Seeing unauthorized charges or withdrawals
• Not receiving renewed credit cards, bills, or other mail
• Receiving credit cards for which you did not apply
• Notices for changes you did not initiate
• Denial of credit for no apparent reason
• Calls or letters about items or services you didn't buy
• Although it could be a simple error, never assume a mistake has been made that will automatically be corrected. Follow up with the business or institution.
• Act Quickly If You Suspect Identity Theft

If you suspect that your personal information has been used wrongfully, immediately:

• Review your credit reports
• Place a fraud alert on your accounts
• Close any accounts opened or used fraudulently
• File a report with the police
• File a complaint with the Federal Trade Commission

Learn More About Online Security

• To read suggestions about this from FINRA click here.