Goldman Sachs Asset management (GSAM) makes every effort to provide optimal security of your data and of all transactions; for us protecting our clients is just good business. However hard we work there are risks online, and you can take some action to protect yourself. Here we provide some information to help you.

• Latest key security issues
• GSAM's standard practices
• Verifying websites
• Protecting Yourself
• Contact Information

Latest Key Security Issues
From time to time we will provide information on security related news items that we feel you should be aware of. These security updates will be presented on this page.

Phishing
A phishing attack is an online fraud technique which involves sending official-looking email messages with return addresses, links and branding that all appear to come from legitimate banks, retailers, credit card companies, etc. Such emails typically contain a hyperlink to a spoof website and mislead account holders to enter customer names and security details on the pretence that security details must be updated or changed. Once you give them your information it can be used on legitimate sites to take your money.

Phishing can also be used by criminals to distribute links to Goldman Sachs Asset Management websites (GSAM), which includes a hidden link to malicious websites which will infect your computer with malware (malicious software), such as viruses, spyware and Trojans designed to steal personal information. The best way to defend yourself against such attack is to go to the FitVermogen website directly by typing in the URL address www.fitvermogen.com in your web browser and press enter. This will ensure you are visiting the actual FitVermogen website.

It is important that you are suspicious of emails asking for your information; see more on GSAM's standard email practices below. If you receive a suspicious email, do not click on any links or reply to it.

Simply delete it or report it to us by forwarding the email or information to info@nnip.com. You may also use this same email address to contact us about the validity of any email, links, or communications from GSAM.

Imitation of GSAM websites
GSAM monitors the internet to find imitation websites which are often the first step made by phishers. We then work with the appropriate international authority to get the websites closed down as quickly as possible sometimes on the same day we find the website. To report phishing attacks please email our security team.

Advanced Fee Fraud
You may already have heard of advanced fee fraud, where emails offering large sums of money are sent to thousands of email addresses, but a modest fee was required in order to cover legal fees, open an account or pay customs charges. Sometimes the money offered is as a result of a lottery for which you have never bought a ticket. Sometimes the money is held in an account overseas but the account owner cannot access it, they promise a percentage of the money in return for your help. In both cases various fees have to be paid.

Do not respond to these emails. They are part of a fraud and you will not receive any of the promised money.

We place this warning here because we are aware that the criminals carrying out these frauds do on occasion use the name of GSAM or an GSAM subsidiary as part of this scam.

GSAM's standard practices
GSAM may communicate with clients by mail on occasion, so how can you tell which mails are from us, and which are fraudulent?

• GSAM will address you by name in any emails.
• GSAM will not embed hyperlinks in emails that take you to sites where you must enter your security information.
• GSAM will never ask for you to confirm your details by email
• GSAM will use state of the art encryption and authentication mechanisms to secure the transactions; these will vary by bank so check with your bank about the processes used.

If clients have any doubt about any email they have received purporting to be from FitVermogen they should contact the Fitvermogen Servicedesk.

Verifying Websites
Clients must be sure that the site they are entering really belongs to GSAM, and is a secure site;

Check that your website is secure,
The URL will begin with https://
OR
The application window will specify that SSL (Secure Sockets Layer) Library.

Click on the padlock icon to see the details of the security certificate. The certificate shows who owns the site; it should be your bank. Check that the details and validity are correct.
We work with well known certification authorities such as Verisign, Global Sign and Thawte. GSAM also provides certificates from its own GSAM Corporate PKI. If customers have any doubts about a website they should contact their bank.

Protect Yourself
Take care of your personal information
Your account numbers, customer Number, PIN (password), memorable date and customer identification number are the keys to your account. Never write them down, give them to anyone else or include them in an e-mail. Destroy documents containing personal information securely, and be very cautious in posting personal details to social networking sites on the internet, as criminals can use this information to commit fraud. Remember that protecting your Customer Number, PIN, passwords and security details is your responsibility.

Take care of your computer
Update your computer by installing the latest software and patches, to prevent hackers or viruses exploiting any known weaknesses in your computer Install and update virus protection, to protect against viruses corrupting your computer and to prevent hackers installing Trojan viruses on your computer.

• Install and update anti-spyware tools
• Install and update personal firewalls
• Use only programmes from a known, trusted supplier
• Beware of Spam Emails
• Use a spam filter to avoid even seeing these messages

Never respond to a spam message, your email address is then recorded as live and the spam will increase. Should you read a spam message remember: if it sounds too good to be true, it probably is too good to be true.

More info
The US Federal Trade Commission provides information here on how to avoid phishing scams. The Anti-Phishing Working Group provides statistics on phishing attacks and advice for individuals and companies.