Contributors

Ileana van der Linde

Head of Cyber Advisory

Easy-to-use artificial intelligence tools are changing our work and school lives. However, they come with a host of new privacy threats. Here are some ways to help protect yourself.

Generative AI tools and apps are becoming integral to our daily routines, offering creative solutions, entertainment and significant productivity gains. While these tools are rapidly evolving and improving, their use also raises critical questions: What are these tools learning about us and is it too much?

The generative AI tools now available to the public are likely to be transformative in ways we cannot yet fully comprehend. Generating letters, business plans, images and videos can be greatly accelerated if you know how to use these tools effectively, but we are just in the early stages of how these tools may be woven into our daily lives. These AI tools, such as chatbots, use sophisticated algorithms and vast amounts of data points from across the internet to generate text, videos and images. User interactions are via often easy-to-use chat functions, which may already have been integrated into our browsers and social media.

But as you engage with these tools, it’s crucial to understand that these AI tools are not just helping you, they are “learning” from every interaction with you. Unlike traditional search engines, chatbots capture and store every query or prompt you enter, along with information from your profile and the data gleaned from your computer equipment, such as your IP address. This data is used to train and improve the AI, making it smarter, but also potentially exposing you, your family or your business to cybercrime. Thus, it’s critical for you to be aware of what it’s collecting, and that you conscientiously limit the information you put into the system, starting with how you set up your account and your interactions.

How to protect yourself

Understand how generative AI tools work

The excitement around the future of AI tools has prompted global investment and adoption. Companies are leveraging these tools to enhance efficiencies and develop new products and services. You or your children may already be using generative AI to draft letters, essays, resumes, check homework or plan trips. 

Know that these tools are smarter and collect more information than traditional search engines. Every interaction is recorded and saved, even if a chat or query is deleted.

  • Your user profile information is also captured – IP address, location, phone number, logon data, device information (make, model), browser cookies, network activity, etc.1
  • Information about you is also extracted and aggregated from social media pages, for example, and from other online services.

Publicly available tools capture, share and build on information, making it potentially accessible by those with malintent. Many of these generative AI tools, apps and chatbots are currently not subject to any government regulations, ethics rules and governance structures, no matter how sophisticated these tools might seem. This makes it possible for those trying to compromise you to use this information to target you or your family members.

Take care setting up an account

The conversational nature of generative AI tools often leads people to enter more information than they typically put into a search engine.

Before jumping in, follow these simple precautions: 

Anonymize your profile

  • Create a new, dedicated email address when you sign up for a chatbot. Avoid using the email account you use for banking, work, social media or other personal services.
  • Be similarly cautious with the phone number you enter and the other identifiers you provide.
  • Use a VPN to further anonymize your profile and connection with the chatbot so that your interactions are encrypted. This will also prevent the system from collecting your device’s IP address and location.

Choose a service with care

  • Use a reputable generative AI service, which can be found in the Apple App and Google stores. Be cautious about using experimental new AI tools, and disable “model learning/” You do not need to be part of the data collection process.
  • Create a strong program password to stop others from gaining access to your chat history
  • Use two-factor authentication, if offered.

Be discreet – and diligent

  • Do not disclose sensitive and personal information into the chatbot such as people’s names, birthdays, tax information, geographical addresses, etc. (If you wouldn’t want to see that information in a newspaper, don’t put it in a chatbot).
  • Provide parameters, not specifics. For example, when writing a resume, avoid putting in your personal information. Find a way to ask what you need without the tool identifying you.
  • Opt out of data collection and model learning in the tool’s settings. Your chats, images and conversations should remain yours – the appropriate settings boxes to maintain more privacy
  • Log off after each chat session to prevent the system from continuing to learn about you and what you are doing.
  • Regularly delete your account’s cookies and history to limit data collection.

Protect yourself from cybercriminals

Public AI tools give hackers and cybercriminals new ways to profile and target you and your family. For example, they can use AI to:

  • Write sophisticated malware to break into systems you regularly use.
  • Generate convincing phishing emails in various languages without telltale signs of forgery,  bad grammar or misspellings.
  • Create disinformation or “data-poison” existing tools.

To counter these threats, always verify the sources of emails, phone calls, texts and even video calls via a separate channel. Be  especially cautious with requests to that attempts to change payment information, provide sensitive information or other critical information.

In the face of AI tools increasingly being integrated into our daily lives, make sure you have basic but important cybersecurity protections.

Basic cybersecurity protections

  • Use multi-factor authentication wherever offered for online banking, email, social media, shopping, airline miles and other accounts by making it significantly harder for someone to access your information and assets.
  • Use strong and unique passwords, and consider using a reputable password manager.
  • Run anti-virus software continuously on all devises.
  • Keep device operating systems up-to-date to close security loopholes.

An emerging threat: Voice deepfakes

The generative AI tools can easily capture and replicate voices from social media, webinars, and calls. Cybercriminals combine so-called voice deepfakes with a target’s own profile and/or bank information in an ever-growing array of schemes.

The generative AI tools can easily capture and replicate voices from social media, webinars and calls. Cybercriminals can create these voice “deepfakes” combined with personal information for potential scams. With fraud attempts and scams on the rise, it’s important to validate the person and conduct “human authentication.” Is it really your business partner asking you to transfer money? Or your grandchild asking for a loan? Always verify the identity of the person making the request, especially if it involves financial transaction. For families, establishing a family safe word to confirm an urgent request is a way to eliminate doubt.

We can help

Your J.P. Morgan advisor can provide practice guidance and resources on how to you, your family and your information cyber secure.

References

1.

U.S. Public Interest Research Group, “Your ChatGPT privacy questions answered.” (August 2024)

Connect with a Wealth Advisor

Reach out to your Wealth Advisor to discuss any considerations for your current portfolio. If you don’t have a Wealth Advisor, click here to tell us about your needs and we’ll reach out to you.

Connect now

IMPORTANT INFORMATION

All companies referenced are shown for illustrative purposes only, and are not intended as a recommendation or endorsement by J.P. Morgan in this context.

This material is for informational purposes only, and may inform you of certain products and services offered by J.P. Morgan’s wealth management businesses, part of JPMorgan Chase & Co. (“JPM”). Products and services described, as well as associated fees, charges and interest rates, are subject to change in accordance with the applicable account agreements and may differ among geographic locations. Not all products and services are offered at all locations. If you are a person with a disability and need additional support accessing this material, please contact your J.P. Morgan team or email us at accessibility.support@jpmorgan.com for assistance. Please read all Important Information.


GENERAL RISKS & CONSIDERATIONS
Any views, strategies or products discussed in this material may not be appropriate for all individuals and are subject to risks. Investors may get back less than they invested, and past performance is not a reliable indicator of future results. Asset allocation/diversification does not guarantee a profit or protect against loss. Nothing in this material should be relied upon in isolation for the purpose of making an investment decision. You are urged to consider carefully whether the services, products, asset classes (e.g. equities, fixed income, alternative investments, commodities, etc.) or strategies discussed are suitable to your needs. You must also consider the objectives, risks, charges, and expenses associated with an investment service, product or strategy prior to making an investment decision. For this and more complete information, including discussion of your goals/situation, contact your J.P. Morgan representative.

NON-RELIANCECertain information contained in this material is believed to be reliable; however, JPM does not represent or warrant its accuracy, reliability or completeness, or accept any liability for any loss or damage (whether direct or indirect) arising out of the use of all or any part of this material. No representation or warranty should be made with regard to any computations, graphs, tables, diagrams or commentary in this material, which are provided for illustration/reference purposes only. The views, opinions, estimates and strategies expressed in this material constitute our judgment based on current market conditions and are subject to change without notice. JPM assumes no duty to update any information in this material in the event that such information changes. Views, opinions, estimates and strategies expressed herein may differ from those expressed by other areas of JPM, views expressed for other purposes or in other contexts, and this material should not be regarded as a research report. Any projected results and risks are based solely on hypothetical examples cited, and actual results and risks will vary depending on specific circumstances. Forward-looking statements should not be considered as guarantees or predictions of future events.

Nothing in this document shall be construed as giving rise to any duty of care owed to, or advisory relationship with, you or any third party. Nothing in this document shall be regarded as an offer, solicitation, recommendation or advice (whether financial, accounting, legal, tax or other) given by J.P. Morgan and/or its officers or employees, irrespective of whether or not such communication was given at your request. J.P. Morgan and its affiliates and employees do not provide tax, legal or accounting advice. You should consult your own tax, legal and accounting advisors before engaging in any financial transactions.

Legal Entity and Regulatory Information.

J.P. Morgan Wealth Management is a business of JPMorgan Chase & Co., which offers investment products and services through J.P. Morgan Securities LLC (JPMS), a registered broker-dealer and investment adviser, member FINRA and SIPC. Insurance products are made available through Chase Insurance Agency, Inc. (CIA), a licensed insurance agency, doing business as Chase Insurance Agency Services, Inc. in Florida. Certain custody and other services are provided by JPMorgan Chase Bank, N.A. (JPMCB). JPMS, CIA and JPMCB are affiliated companies under the common control of JPMorgan Chase & Co. Products not available in all states.

Bank deposit accounts and related services, such as checking, savings and bank lending, are offered by JPMorgan Chase Bank, N.A. Member FDIC.

This document may provide information about the brokerage and investment advisory services provided by J.P. Morgan Securities LLC (“JPMS”). The agreements entered into with JPMS, and corresponding disclosures provided with respect to the different products and services provided by JPMS (including our Form ADV disclosure brochure, if and when applicable), contain important information about the capacity in which we will be acting. You should read them all carefully. We encourage clients to speak to their JPMS representative regarding the nature of the products and services and to ask any questions they may have about the difference between brokerage and investment advisory services, including the obligation to disclose conflicts of interests and to act in the best interests of our clients.

J.P. Morgan may hold a position for itself or our other clients which may not be consistent with the information, opinions, estimates, investment strategies or views expressed in this document.  JPMorgan Chase & Co. or its affiliates may hold a position or act as market maker in the financial instruments of any issuer discussed herein or act as an underwriter, placement agent, advisor or lender to such issuer.