Ileana van der Linde

Executive Director, Cybersecurity Awareness Global Program Lead

The generative AI tools now becoming publicly available are likely to be transformative.

These so-called chatbots use built-in algorithms and billions of data points gathered from across the internet to generate text, video and images. User interactions are via easy-to-use chat functions.

But before you dive in, it’s important to understand: Chatbots are dramatically different from the “one-way” search engines we all use. With a chatbot, every query you enter, any information included in your profile, the data gleaned from your computer equipment (IP address, etc.) is captured, stored and used for training.

Such is the nature of AI: The chatbots are constantly learning, constantly becoming smarter – which can make you, your family or your business more vulnerable to cybercrime.

Thus, it’s critical that you conscientiously limit the information you put into the system, starting with how you set up your chatbot account.

Here are some ways to help protect yourself.

First, understand how chatbots work

A new generation of artificial intelligence (AI) tools is creating global excitement and prompting wide investment. Companies worldwide are embracing these tools to bring efficiencies and potential products and services that promise to transform industries in ways we cannot yet imagine.

Indeed, you or your children may already be using ChatGPT, Bard, Jasper or another generative AI chatbot tool to help you draft a letter, essay or resume. Or you may be exploring ways to use one of these tools to become more efficient.

But be aware: Chatbots are smarter and collect more information than the search engines and apps you regularly use; for example, to check the weather, order food delivery or hail a ride. With chatbots:

  • Every interaction is recorded and saved (even if a chat or query is deleted, a copy exists in a de-identified state)1
  • Your user profile information is also captured – IP address, location, phone number, login data, device information (make, model), browser cookies, network activity, etc.2
  • Information about you is extracted and aggregated from social media pages, for example, and from other online sites and services3

Moreover, as tools designed for use by the public, the information the chatbots hold is widely accessible, unlike the proprietary AI tools many businesses use to gain efficiencies and bring new products and services to market.

With each chat and datapoint entered, a chatbot is better able to make well-informed assumptions, which may help you in the near term. But this may also be exploited by cybercriminals seeking to target you or your family members.

Also know: The chatbots now being released to the world are not currently subject to any government regulations.

Take care setting up an account

The conversational nature of generative AI tools often leads people to enter more information than they typically put into a search engine.

Before jumping in, follow these simple precautions:

Anonymize your profile

  • Create a new, dedicated email address when you sign up for a chatbot. Avoid using the email account you use for banking, work, social media or other personal services.
  • Be similarly cautious with the phone number you enter and the other identifiers you provide
  • Use a VPN to further anonymize your profile and connection with the chatbot so that your interactions are encrypted. This will also prevent the system from collecting your device’s IP address and location.

Choose a service with care

  • Use a reputable generative AI service, which can be found in the Apple App and Google stores or use a service directly from your browser. Be cautious about using experimental new AI tools.
  • Create a strong program password to stop others from gaining access to your chat history
  • Use two-factor authentication, if offered

Be discreet – and diligent

  • Do not disclose sensitive and personal information into the chatbot such as people’s names, birthdays, tax information, geographical addresses, etc. (If you wouldn’t want to see that information in a newspaper, don’t put it in a chatbot)
  • If you need help writing a resume, for example, give the system parameters to use – not personal information
  • Opt out of data collection – if you do not want your chats or conversations used for training purposes, go to chatbot Settings and check the appropriate boxes
  • Log off after each chat – as with an online banking transaction, protect your information by logging off when you finish each chat. This will prevent the system from continuing to learn about you and what else you are doing.
  • Regularly delete your account’s cookies and history so the chatbot cannot continue to collect information and learn more about you

Protect yourself from cybercriminals

Public AI tools give hackers and cybercriminals new ways to profile and target you and your family. For example, they can:

  • Write better code and malware to break into systems you regularly use
  • Generate phishing emails in various languages without telltale signs of forgery, such as bad grammar or misspellings
  • Create disinformation or “data-poison” existing tools

Responding to this heightened threat will require you to take extra steps to verify that any and all emails, phone calls and texts you receive are from a valid source. (Always validate the source via a separate channel. Don’t simply hit reply.)

It’s especially important to verify any request that attempts to change a bank account number or other critical information.

Also, make sure you have these basic cybersecurity protections in place:

Use multi-factor authentication wherever it’s offered

  • Protect your online banking, email, social media, shopping, airline miles and other accounts by making it significantly harder for someone to access your information and assets

Use strong and unique passwords

  • Consider using a reputable password manager with encryption to keep your passwords secure and up-to-date

Continuously run anti-virus software

  • Keep protective software running in the background on all your digital and mobile devices to ensure they remain free of malware

Keep device operating systems up-to-date

  • Promptly update system software whenever a new release is available to close any loopholes hackers may try to exploit

An emerging threat: Voice deepfakes

With AI, individuals’ voices can be easily captured on social media platforms, in webinars, zoom calls and replicated.

Cybercriminals combine so-called voice deepfakes with a target’s own profile and/or bank information in an ever-growing array of schemes.

In the “grandparent scam,” for example, fraudsters aim to dupe older family members into sending cash by playing a recording of a younger relative purportedly asking for help. One preventative measure is to establish a family safe word. It can help determine if an urgent phone request is in fact coming from a family member in distress. You can report such scams to the U.S. Federal Trade Commission.

Also know: J.P. Morgan has tools in place to detect synthetic voices as well as multiple processes and procedures to help mitigate scam attempts. Furthermore, J.P. Morgan uses multiple authentication measures to verify clients’ identities.

We can help

A J.P. Morgan advisor can provide resources on how to keep yourself, your family and your information cyber secure.



Open AI, “Data Controls FAQ.” (2023).


Open AI, “ChatGPT iOS App – Frequently Asked Questions.” (2023).


ChatBot, “Data Collection with Chatbots.” (2023). 

Connect with a Wealth Advisor

Our Wealth Advisors begin by getting to know you personally. To get started, tell us about your needs and we’ll reach out to you.

Connect now


All companies referenced are shown for illustrative purposes only, and are not intended as a recommendation or endorsement by J.P. Morgan in this context.

The information is provided for educational and informational purposes only and is not intended, nor should it be relied upon, to address every aspect of the subject discussed herein. The information provided is intended to help you protect yourself from cyber fraud. It does not provide a comprehensive list of all types of cyber fraud activities and it does not identify all types of cybersecurity best practices. You, your company or organization are responsible for determining how to best protect against cyber fraud activities and for selecting the cybersecurity best practices that are most appropriate to your needs.

This material is for informational purposes only, and may inform you of certain products and services offered by J.P. Morgan’s wealth management businesses, part of JPMorgan Chase & Co. (“JPM”). Products and services described, as well as associated fees, charges and interest rates, are subject to change in accordance with the applicable account agreements and may differ among geographic locations. Not all products and services are offered at all locations. If you are a person with a disability and need additional support accessing this material, please contact your J.P. Morgan team or email us at for assistance. Please read all Important Information.

Any views, strategies or products discussed in this material may not be appropriate for all individuals and are subject to risks. Investors may get back less than they invested, and past performance is not a reliable indicator of future results. Asset allocation/diversification does not guarantee a profit or protect against loss. Nothing in this material should be relied upon in isolation for the purpose of making an investment decision. You are urged to consider carefully whether the services, products, asset classes (e.g. equities, fixed income, alternative investments, commodities, etc.) or strategies discussed are suitable to your needs. You must also consider the objectives, risks, charges, and expenses associated with an investment service, product or strategy prior to making an investment decision. For this and more complete information, including discussion of your goals/situation, contact your J.P. Morgan representative.

NON-RELIANCECertain information contained in this material is believed to be reliable; however, JPM does not represent or warrant its accuracy, reliability or completeness, or accept any liability for any loss or damage (whether direct or indirect) arising out of the use of all or any part of this material. No representation or warranty should be made with regard to any computations, graphs, tables, diagrams or commentary in this material, which are provided for illustration/reference purposes only. The views, opinions, estimates and strategies expressed in this material constitute our judgment based on current market conditions and are subject to change without notice. JPM assumes no duty to update any information in this material in the event that such information changes. Views, opinions, estimates and strategies expressed herein may differ from those expressed by other areas of JPM, views expressed for other purposes or in other contexts, and this material should not be regarded as a research report. Any projected results and risks are based solely on hypothetical examples cited, and actual results and risks will vary depending on specific circumstances. Forward-looking statements should not be considered as guarantees or predictions of future events.

Nothing in this document shall be construed as giving rise to any duty of care owed to, or advisory relationship with, you or any third party. Nothing in this document shall be regarded as an offer, solicitation, recommendation or advice (whether financial, accounting, legal, tax or other) given by J.P. Morgan and/or its officers or employees, irrespective of whether or not such communication was given at your request. J.P. Morgan and its affiliates and employees do not provide tax, legal or accounting advice. You should consult your own tax, legal and accounting advisors before engaging in any financial transactions.

Legal Entity and Regulatory Information.

J.P. Morgan Wealth Management is a business of JPMorgan Chase & Co., which offers investment products and services through J.P. Morgan Securities LLC (JPMS), a registered broker-dealer and investment adviser, member FINRA and SIPC. Insurance products are made available through Chase Insurance Agency, Inc. (CIA), a licensed insurance agency, doing business as Chase Insurance Agency Services, Inc. in Florida. Certain custody and other services are provided by JPMorgan Chase Bank, N.A. (JPMCB). JPMS, CIA and JPMCB are affiliated companies under the common control of JPMorgan Chase & Co. Products not available in all states.

Bank deposit accounts and related services, such as checking, savings and bank lending, are offered by JPMorgan Chase Bank, N.A. Member FDIC.

This document may provide information about the brokerage and investment advisory services provided by J.P. Morgan Securities LLC (“JPMS”). The agreements entered into with JPMS, and corresponding disclosures provided with respect to the different products and services provided by JPMS (including our Form ADV disclosure brochure, if and when applicable), contain important information about the capacity in which we will be acting. You should read them all carefully. We encourage clients to speak to their JPMS representative regarding the nature of the products and services and to ask any questions they may have about the difference between brokerage and investment advisory services, including the obligation to disclose conflicts of interests and to act in the best interests of our clients.

J.P. Morgan may hold a position for itself or our other clients which may not be consistent with the information, opinions, estimates, investment strategies or views expressed in this document.  JPMorgan Chase & Co. or its affiliates may hold a position or act as market maker in the financial instruments of any issuer discussed herein or act as an underwriter, placement agent, advisor or lender to such issuer.