Security and Fraud Awareness

Cedar Innovations Inc. and its affiliates and subsidiaries (collectively, “Cedar”) is a high growth start-up solving home affordability for Americans. Cedar is committed to delivering unique insight, partnership, and investment solutions to sophisticated global institutional investors. Cedar has recently become aware of an increase in fraudulent schemes in which unauthorized third parties (often operating through fraudulent websites, social-media accounts, unsolicited email or social media messages, text messages, telephone calls, or other communication platforms) misrepresent themselves as employees, agents, or affiliates of Cedar. These bad actors may attempt to obtain confidential personal information, solicit investments (including cryptocurrency investments), offer investment advice, induce the transfer of funds under false pretenses, or target job seekers purporting to offer employment opportunities with Cedar.

Such fraudulent activity is often sophisticated and constantly evolving, frequently mimicking the appearance and style of genuine Cedar communications, and may incorporate Cedar logos, executive names, marketing materials, or references to Cedar’s official website. Cedar issues this notice to alert clients, counterparties, vendors, job applicants, and the general public to these unlawful practices. The actions of these unauthorized persons are in no way authorized, endorsed, or associated with Cedar.

Official Cedar Communications

Cedar communicates solely through the following official channels:

• Official website: www.getcedar.com and www.getcedar.ca
• Official email domains: @getcedar.com and @getcedar.ca only
• Authorized social media accounts: LinkedIn, X.com, Reddit.com, and Meta (Facebook and Instagram)

Cedar does not conduct business, solicit investments, provide investment advice, or hire personnel through:

• Personal email addresses or free email services (e.g., Gmail, Yahoo, Hotmail)
• Social media direct messaging services or messaging platforms, including WhatsApp, Telegram, WeChat, Signal, or similar
• Public chat forums, encrypted messaging apps, or other third-party platforms

Cedar does not request any form of monetary payment in connection with employment, internships, or recruiting activities. Cedar does not conduct interviews solely via text messages, social media messaging, or other remote messaging platforms.

If you receive a communication purporting to be from Cedar and are uncertain of its authenticity, please contact Cedar’s Legal Team at Legal@getcedar.com.

Common Fraud Tactics and Cybersecurity Threats

Malicious Emails and Phishing Websites

Fraudsters may attempt to steal sensitive personal or financial information by sending emails that appear to originate from Cedar or by creating fraudulent websites that mimic Cedar’s official website. These communications may request login credentials, personal information, financial information, or induce the recipient to download malicious software.

Malware and Ransomware

Malware is software intentionally designed to damage or access your devices without authorization. Ransomware is a form of malware that encrypts your files and demands payment for restoration. Any individual or organization can be targeted. Fraudsters often use social engineering, email attachments, or links to install such malicious software.

Credential-Based Attacks

Reusing usernames and passwords across multiple platforms increases vulnerability to credential-stuffing attacks. Stolen credentials may be used to access multiple accounts, often without immediate detection.

Social Media Impersonation

Unauthorized parties may create fake social media accounts impersonating Cedar, its employees, or its executives to engage in phishing, solicit funds, or damage Cedar’s reputation. Cedar does not solicit investments or provide advice via social media messaging, nor does it hire personnel through these channels.

Recruitment Scams

External parties may pose as Cedar recruiters, often using free email accounts or messaging platforms, and in some instances, request monetary payments or other sensitive information. Cedar never requests payment during the hiring process and only communicates through official channels listed above.

Warning Signs of Fraud

Red flags that may indicate a scam include:

1. Emails or websites that appear visually similar to Cedar’s official communications but originate from unauthorized domains.
2. Messages urging immediate financial transactions or time-sensitive investment opportunities.
3. Requests for personal, financial, or authentication information via non-official channels.
4. Unsolicited recruitment offers requiring payment or unusual verification procedures.
5. Fraudulent mobile applications purporting to represent Cedar.

Protective Measures

Cedar recommends the following measures to protect yourself from cybercrime and financial fraud:

1. Email Security: Do not click on links or open attachments from unknown or suspicious sources. Verify wiring instructions by telephone or in person.
2. Strong Password Practices: Use unique, complex, and lengthy passwords for each account. Consider using a reputable password manager (e.g., LastPass, 1Password).
3. Two-Factor Authentication (2FA): Enable 2FA on all email, financial, cloud storage, and social media accounts. Use hardware tokens or authentication apps where possible.
4. Device Security: Encrypt devices, use secure passcodes, and keep software updated. Enable automatic updates where possible.
5. Social Media Hygiene: Limit visibility of personal information and monitor account activity.
6. Reduce Public Exposure: Remove unnecessary online accounts, obfuscate personal data, and minimize shared sensitive information.
7. Secure Networks: Avoid public Wi-Fi without a VPN, and segregate guest networks from personal devices.
8. Credit Monitoring and Freezes: Consider placing freezes on credit files with major bureaus and enrolling in identity protection services.
9. Data Backup: Maintain encrypted backups of sensitive information offline or in secure cloud storage.

Financial Fraud Awareness

Investment Scams

Fraudsters may offer investment opportunities that appear low-risk or unusually profitable. Warning signs include:

• Emails from domains other than @getcedar.com or @getcedar.ca
• Cold calls or unsolicited emails promising guaranteed returns
• Pressure to act quickly or transfer funds immediately
• Requests for identification or proof of address via unsecure channels

Identity Theft

Fraudsters may use stolen information to open accounts, obtain credit, or commit other forms of fraud. Limit sharing of personal information and safely dispose of sensitive documents.

Business Email Compromise (BEC)

Cybercriminals may compromise legitimate email threads to redirect funds or intercept sensitive communication. Always confirm payment instructions verbally with the recipient through a known and secure communication channel.

Reporting Suspicious Activity

If you receive any communication that appears fraudulent or suspicious:

• Forward emails to Legal@getcedar.com
• If a client, notify your Cedar contact or account representative
• Report cybercrime or financial fraud to local law enforcement or relevant national authorities

Cedar encourages vigilance in all digital communications and transactions. The firm maintains ongoing programs, technical controls, and policies to protect client information and ensure cybersecurity.

Additional Resources

For further information on protecting yourself from scams, identity theft, and fraud, the following U.S. government resources provide guidance:

• Federal Trade Commission – Identity Theft
• Federal Bureau of Investigation – Scams and Safety
• United States Secret Service – Protecting Yourself
• United States Government – Scams and Frauds

Canada:

• Canadian Anti-Fraud Centre
• Canada Revenue Agency (CRA) – Scams and Fraud