Skip navigation.
Go to The Principal Trust Company home page
Principal Trust CompanySM
 
Secure  Partner Login

Access Client Services


Privacy and Security
Quicklinks

Help Protect Yourself

Conducting financial transactions over the Internet can be risky. You can reduce this risk by taking some precautions. These precautions include properly maintaining your operating system and Internet browser and using certain hardware and/or software to protect you and your family from disreputable parties.

Secure Your Home Computer and Surf Safely

There are several things you can do to improve the security of your home computer, so your personal information is protected while you are online. The following suggestions provide information about some of the things that can help to prevent problems. Some of these items may require a certain level of technical expertise. If you're not sure about what to do, or if you have questions, contact your internet service provider or other computer professional for assistance.

  • Make Sure You Use the Correct Web site URL Address. Do not send sensitive personal or financial information from your computer unless it is encrypted on a secure Web site (look for "HTTPS" at the beginning of the URL or the lock icon in the corner of your browser). Look for the correct URL for the Web site that you are logging onto. Make sure it is the exact URL address that you expect and not a look-alike.

  • Update Your Operating System. Newer operating system versions (those less than five years old) provide a higher level of protection than older versions (such as Windows 95, Windows 98, Mac OS 7, etc.). Operating system manufacturers frequently issue security updates that help to make the system more secure. Some manufacturers can notify you through email when updates are available, or the updates can be installed on your computer through your Internet connection. If you use Microsoft Windows™ or a Mac, you can check the companies' Web sites for more information:
  • Use a Personal Firewall. Your computer's operating system may have a software firewall in place, but a third party hardware or software firewall is recommended as they provide more protection. Hardware firewalls are generally included in routers that you may use with your broadband connection (Cable/DSL). All Internet users regardless of how they connect to the Internet should use software firewalls. There are free versions available for consumers.

  • Use Anti-Virus Software. Anti-virus software works by identifying potentially harmful computer viruses before they can infect your computer. Most anti-virus software manufacturers frequently update their software in response to new threats. You should update your anti-virus software frequently or have the program automatically update itself.

  • Scan Your Computer for Spyware. Spyware (or adware) programs can record your Web viewing activity and can relay that information to another party. There are free spyware removal programs available; try searching on the terms "spyware" or "adware". Be sure to confirm that a program is from a legitimate source before you download and install it. Some anti-spyware providers may select to "allow" certain spyware to be installed on your computer, so be careful which anti-spyware program you select. Most anti-spyware software can be configured so it does not block or remove wanted items.

  • Don't Download Software from Questionable or Unknown Sources. Some software programs you may find online might contain spyware, viruses, or other malicious applications. These can cause damage to your computer, or expose your personal information. Be sure you know and trust the Web site that is distributing the software before you download and install it.

  • Use a Current Web Browser and Keep It up to Date. The most common Web browsers all have had updates in the recent past. These updates are needed to protect you from vulnerabilities that exist on the Internet. Principal Financial Group and its affiliates will only allow communications through Internet browsers that use the Secure Sockets Layer (SSL) communication protocol on our secure sites. SSL is a set of rules that tell computers the steps to take to improve the security level of communications. These rules are designed for the following:
    • Encryption. Transmitted data is scrambled with an encryption scheme that guards against eavesdropping. An intermediary who somehow "listens in" on SSL communications cannot tell what is being communicated...it looks like gibberish.
    • Data Integrity. SSL uses a Message Authentication Code to verify data sent has not been altered in transit.
    • Authentication. This guards against impersonation. Internet server sites that employ SSL have unique digital signatures that cannot be forged, thus proving there is no hacker between the customer and Principal Financial Group's computer systems. A certificate is used to validate this authentication. You can view our certificate on our secure sites at any time by double-clicking the padlock icon in the bottom-right hand corner of your browser. When you view our certificate you should see the details tab. In that tab, the Issuer should be VeriSign Class 3 Secure Server CA.

  • Block Pop-up Windows. Some Web browsers can be configured to block pop-up windows from displaying. There are also free, publicly available programs existing that will block all pop-up windows while you are online. You can find these programs by searching online for the phrase "pop-up blocker". Some search engines and Internet Service Providers may also provide pop-up blockers. Be sure to confirm that a program is from a legitimate source before you download and install it. Some blockers can be configured to allow pop-ups on certain sites that you choose. Others allow you to allow pop-ups on a one-time basis by holding down a specific key (like "Control"). Check the pop-up blocker's documentation for specifics.

  • Shop and Conduct Business on Secure Web Sites. Secure Web sites offer encryption of your data. Generally there will be a lock symbol in the lower right-hand corner of the browser window. The URL of the page may also begin with "https://...". The "s" stands for "secured" and means the Web page uses encryption.

  • Don't Stay Connected When You Don't Need To. Dedicated Internet connections such as DSL or cable provide a constant connection between your computer and the Internet. When you aren't going to be online, disconnect from the internet to avoid unwanted access to the information on your computer. This step can help provide additional protection over and above that provided by your firewall.
Return to top

What is Phishing?

Online fraud occurs when someone poses as a reputable company to obtain sensitive personal data and illegally performs transactions on your existing accounts or uses your information for other sorts of fraud. Often called "phishing" or "spoofing," the most recent methods of online fraud include fake emails, Web sites, Trojan horses and pop-up windows or any combination of these.

Phishing is a fraudulent e-mail scam that is used in an attempt to get consumers to disclose or verify their account numbers, personal identification numbers (PIN), social security numbers, passwords, or other sensitive information. This e-mail typically resembles correspondence from a familiar company and may have a similar Internet address to that company in the text; however, it will usually have a couple of letters transposed. Some phishing attacks look very authentic. Be very cautious and don't provide sensitive information if you didn't initiate the request.

Principal Trust Company has a policy of never sending e-mail requiring customers to send personal information to us via e-mail or pop-up windows. Principal Trust emails may provide an Internet address for you to use within our communication but we will ask you to type it in yourself so that you have assurance that it is a valid site. Look for information on that communication that only you and Principal Trust would know (e.g., the last four digits of your Social Security Number, part of your account number, etc.) Any unexpected request for Principal Trust Company account information you receive through e-mails, Web sites, or pop-up windows should be considered fraudulent and reported immediately. If you have any questions about any email that you receive from us, please call (800) 209-9010.

Examples of Phishing Scams

  1. Pop-up Windows
    A pop-up window is a small window or ad that suddenly appears over or under the window you are viewing. Pop-up windows can be a type of on-line fraud used to obtain personal information.
  2. Trojan Horses and Viruses
    A Trojan horse is another form of fake e-mail that may contain a virus (an undesirable computer program) that can record your keystrokes. The virus can live in the attachment or be accessed via a link available within the email. Some Trojan horses have been reported to work even if the user views their email through the preview pane in Microsoft Outlook. Experts recommend not viewing email through the preview pane method for this reason.

How to Recognize a Phishing E-mail

  • Many times there is a feeling of urgency in the e-mail. For example: The e-mail may say that your account will be closed or suspended from use.
  • There are often obvious spelling and grammatical errors, although several recent e-mails look very professional.
  • The e-mail will appear to be from a legitimate source. Links within the e-mail may take you to phishing sites where you may be asked to enter, update or verify personal information. The phishing sites may look very similar to the actual sites, but the URL, certificate, and other information may not be the same.
  • A pop-up window may appear that asks for personal information.
Return to top

Tell Us about Phishing or other Fraudulent E=mails

If you suspect you have received a fraudulent e-mail from Principal Trust Company, please contact us. If you believe you are a victim of identity theft because of this fraudulent e-mail, please call (866) 858-4433 immediately or report unethical or fraudulent activity online.

Return to top

What is Pharming?

Pharming is a more complex development of the Phishing scam and is best restricted by securing your home computer.

Pharming attacks hide behind the scenes in a network-connected computer and redirect the users' regular Web surfing activities. Users requesting a bona fide Web site are unknowingly sent to a fake Web site that mirrors a legitimate site. Once the pharming scheme is planted, malicious activity can be launched against a wide number of sites that the user may visit on a regular basis totally unknown to that user.

How to Spot a Pharming Web Site:

  1. Log-in process, verification, or information on the Web site will not look exactly as it does on the legitimate site.
  2. The site will most likely ask for additional verification or personal information that is not normally required.
  3. Legitimate Web site sessions will be encrypted but phishing sites may be as well. Look for the padlock icon at the bottom of your browser and click on it to verify it is secure by verifying the SSL certificate's issuer.
  4. Look at your URL site address. A legitimate secure Web site will have https:// in the address.
  5. A spoofed SSL certificate should cause your browser to display a security alert message. Watch for these messages and take this as an obvious sign of a fraudulent Web site.
  6. If you attempt to authenticate to a Web site and it fails and you know that you provided the right information, it could be pharming.
Return to top
   

About Principal Trust | Careers | Contact Us | Customer Support | Directions | Site Map

Copyright © , Principal Trust CompanySM
Privacy and Security