ClickCease

Platform Security

How do I use Moonfare Platform Safely?

Steer clear of social engineering and phishing

We never initiate contact with our customers with requests for information about your account. You should avoid responding to unsolicited direct messages and emails. Be vigilant with any requests for information.

If you think a scammer/fraudster has messaged you or if you are not sure if a contact from Moonfare is legitimate, message our Customer Support immediately.

Keep private information to yourself

  • Always keep your account login details private. 
  • DO NOT share your Moonfare password or password for your primary email address associated with Moonfare with anyone. 
  • Reach out to our customer support if you need help in logging in.

Access to the Moonfare platform is restricted via a 2 factor authentication system to protect our website and investors and via the use of strong passwords. If you are having trouble logging in, please contact us via the contact details set out on our homepage and on the platform. 

Use strong authentication

  • We recommend a password length of 12 characters with a mix of letters, capital letters, numbers, and symbols.
  • We strongly recommend all our customers to set up 2-factor authentication to access the platform. This drastically increases the security of your Moonfare account.

Basic Web Safety

Visit right website

Our website is protected with SSL/TLS to provide a strong encryption layer so you can access Moonfare securely. To mitigate the risk of visiting fake websites that are designed to look like the Moonfare site, also known as “website spoofing”, please always check that you are visiting https://www.moonfare.com

Beware of Email Spoofing

Email spoofing is commonly used by scammers to make it look like phishing attempts are coming from a trustworthy source. Moonfare will only ever contact you using email domains ending with @moonfare.com. 

Always exercise caution and pay close attention to email domains to avoid interacting with suspicious senders, especially those asking for your private information.

What Security measures Moonfare has taken?

Platform Security

  • DDoS & Web Application Security: Moonfare uses industry leading Web application firewall (WAF) and Distributed Denial of Service (DDoS) measures to thwart any attacks against our public servers and platform. Our security team continuously tunes these prevention capabilities to block emerging and on-going threats.
  • Penetration Testing: Moonfare regularly performs internal and external/3rd party ethical hacking/penetration testing exercises on our platform to identify and fix security issues, before hackers do.
  • Bug Bounty Program: Moonfare runs a private bug bounty program where we invite Security researchers from across the globe to test and responsibly disclose vulnerabilities to the Moonfare Security team.
  • Vulnerability Management Program: Moonfare adheres to a vulnerability management program internally to prioritize any security issues and their fixes with defined SLAs.
  • Data Encryption: Moonfare encrypts all data at rest and in transit. Moonfare’s platform encrypts data at rest using AES-256 for Disks and Databases. In-transit data to and from Moonfare platform is encrypted using TLS v1.2.

Internal Security Measures

  • Workstation Security: Moonfare employs industry leading endpoint protection & anti-malware tools to protect Moonfare employee devices
  • Network Security: Moonfare employs several standard network security measures including segmentation, allow/block lists, traffic flow analysis etc. to protect our networks and systems
  • Continuous Assessment & Hardening: Moonfare uses industry benchmarks to assess and harden our employee systems, servers and infrastructure
  • Single Sign On: Moonfare employees use company-provided SSO with enforced MFA to use internal applications. Moreover, we employ the least-privilege-principle while providing access internally
  • SOC: Moonfare Security team comprises a 24/7 Security Operations Center(SOC) that continuously monitors the security of our employee systems, infrastructure, platform and other digital assets in order to proactively identify and respond to cyber threats, intrusion attempts and any malicious activity.
  • Backups & Recovery: Moonfare systems are continuously backed up across multiple sites to retain recovery capabilities in case of disasters or disruption.
  • Dedicated Security Specialists: Moonfare has a dedicated Information & Cyber Security Team comprising of the following functional units:
    ○ Offensive Security Team organizes offensive security operations and performs internal assessments against our networks, applications and cloud assets.
    ○ Detection & Response Team comprises of the 24/7 SOC team and Incident Response specialists

Responsible Vulnerability Disclosure

Moonfare runs a vulnerability disclosure program to respond to reports from security researchers. If you believe you have found an issue, please report it through this form through our provider HackerOne.

Contact Moonfare Security

If you have found a potential security issue, please use the form above to contact us. We can also be reached out via email to [email protected]

Anti Money Laundering and Fraud measures

Moonfare has a Compliance department which is responsible for the effectiveness of controls, policies and procedures designed for the prevention of money laundering and terrorist financing. Effective measures also are implemented to cover the scope of anti-bribery and corruption. 

Know Your Customer 

Moonfare has developed and put in place risk-based systems and controls to comply with its AML/CTF obligations. Moonfare protects its website and its customers from money laundering by requiring all prospective investors to undergo KYC verification checks after signing up on the platform. We do not accept as a customer any person listed on the Consolidated List of targets to whom financial sanctions apply. Any suspicious cases are reported to Compliance, who investigates them conscientiously and consistently.

Fraud Controls

We are an active participant in international efforts to combat fraud, corruption and the funding of terrorist and criminal activities. Our commitment is ongoing through the maintenance of ongoing controls to detect and prevent any such illegal practices.      

Risk Management

Moonfare is continuously improving its risk management policy, strategy and supporting framework. Moonfare recognises that risk is an integral and unavoidable component of business and is committed to managing risk in a proactive and effective manner. Moonfare seeks to promote a strong risk culture throughout our organization and communicates the importance of a strong risk culture across the organization. 

Disclaimer

Moonfare will never send you unsolicited messages and we will never ask for your credentials!

About Moonfare

Moonfare is leading a new era of private equity investing by opening the door to higher returns for more people. We are building the world's most engaged investor community to inspire investments that drive the world forward.

Sign upSign upLoginLoginTo my dashboardTo my dashboard

Follow us

Invest

How it worksDirect fundsPortfolio fundsSecondary marketFAQ

Learn

PE MasterclassBlogWebinarsWhite papersNewsletter

Company

About usTeamPressCareersContact us
ImprintPrivacy NoticeTerms of servicePlatform securityImportant disclaimersWebsite data collectionSFDR statementPlatform Security
Important information

Moonfare does not make investment recommendations and no communication, through this website or otherwise should be construed as a recommendation of any security. Alternative investments in private placements are highly illiquid, speculative, and involve a high degree of risk. Past performance is not indicative of future results. Investors may not get back their money originally invested and those who cannot afford to lose their entire investment should not invest. Prior to investing, carefully consider the respective fund documentation for details about potential risks, charges, and expenses. The value of an investment may go down as well as up. An investment in a private equity ("PE") fund or investment vehicle is not the same as a deposit with a banking institution. Investors receive illiquid and/or restricted membership interests that may be subject to holding period requirements and/or liquidity concerns. Investors who cannot hold an investment for the long term (at least 10 years) should not invest. In the most sensible investment strategy for PE investing, PE should only be part of your overall investment portfolio. The PE portion of your portfolio may include a balanced portfolio of different PE funds. For additional information, including Moonfare's affiliates, please see here.