Amanda Lott

Head of Wealth Planning Strategy, Advice Lab

Ileana van der Linde

Executive Director, Cybersecurity Awareness Global Program Lead


Statistics confirm what we all can readily observe: Children and young adults today live their lives with mobile devices in their hands. Notably, people aged 16 to 29 spend three hours a day on social networking platforms – the most of any age group, and roughly twice the amount of time spent by adults between the ages of 45 and 54.1

Given this almost constant access to the internet and social media, it can be hard for teens to resist sharing family news with friends. Unfortunately, in the wrong hands, information about an upcoming vacation or family gathering, a new home or other major purchase, etc., can put your family’s financial resources, privacy and/or physical security at risk.

Yet, trying to impose guidelines or limits on a young adult’s online activities more often leads to frustration – for parents and their children alike! – rather than to improved security.

Instead of lecturing, try providing your teenagers with a meaningful context for your concerns. Clients who take the time to fully explain the potential risks of posting personal information online report their children are more ready and willing to limit what they reveal online.

These two real life examples can help you illustrate your concerns:

Vacation plans go awry

Planning a vacation for themselves and their three teenage children, Miranda and Dan decided to charter a jet and fly the family directly to a long overdue beach vacation rather than struggle through multiple connecting flights during a pandemic.  

So when the charter jet company emailed a bill for the membership and the details for the upcoming trip, Miranda and Dan readily sent the $100,000 payment.

What the family didn’t know was that the private jet company’s email system had already been hacked, giving cybercriminals direct access to the firm’s client list, which included many wealthy individuals and families. The criminals then researched the names on the client list – focusing on the social media accounts of those clients’ children – for information about upcoming trips.

Sure enough, this family’s teenagers had shared the upcoming vacation details on social media, including their destination and planned activities. This provided enough details for the cybercriminals to craft a personalized email to the parents that appeared credible.

What they should have done

Before paying that bill, Miranda or Dan should have contacted the jet company by phone (i.e., not by replying to the email they received) to verify that both the payment request and the account number were legitimate. Further, the parents should have reminded their teenagers not to post information about the family’s upcoming plans. In this case, a single post became a cyber-safety lapse that left the family vulnerable to the cybercriminals’ scam. Indeed, children of all ages should be reminded not to post on social media their/the family’s intended travel plans or provide location updates during the trip. 

A business is made vulnerable

Seeing himself as a social media influencer in training, 14-year-old Ben posted – and boasted – online about an upcoming trip with his grandfather. “Off to Paris for two weeks! See ya!,” he told his social media friends, sharing pictures of the plane, his grandfather and key details of their itinerary.  

What Ben didn’t know was that cybercriminals had been monitoring his social media accounts as well as those of various other family members. With the information Ben unwittingly provided, fraudsters were able to launch a successful social engineering campaign aimed at the grandfather’s business, using phishing or vishing to facilitate a false wire transfer – eventually costing the firm thousands of dollars during the two weeks Ben and his grandfather were on vacation.

What they should have done

First and foremost, Ben should have been made to understand that sharing personal information online poses potential risks for his entire family. Additionally, the grandfather should have trained his office staff to recognize the warning signs of phishing attempts, including: poor grammar and spelling, urgent language, hyperlinks or attachments, fake logos, a vague email address and missing/vague contact information. Further, the office team should have been instructed not to assume that all incoming requests are genuine, even if the requester has plenty of information about the business or owner. Before making payments, the accounting team should have confirmed the legitimacy of the request via an alternate, verified method. 

Involve teens in your family’s cyber defenses

Given the amount of time children spend each day on social media, online games and other internet sites, it’s critical for them to understand how their words and actions can have inadvertent, and serious, consequences. In addition to those noted above, here are some protective steps to take:

Cultivate your teens’ cybersecurity awareness

Start talking to your children at an early age about online safety precautions, computer security and the family’s need for privacy – the same way you talk to them about other dangers they might encounter in their daily lives: 

  • Deepen the conversation about the risks and potential consequences as your children mature.
  • Explain how cybercriminals cast a wide net to gather information about an individual or family, steadily adding to the overall picture and enhancing the odds of a cyberattack (or home break-in) being successful.
  • Point out that cybercriminals/hackers often pose as representatives of legitimate organizations (schools, banks, charities) or businesses (retailers, vendors, contractors). Moreover, these scammers use email, phone calls, texts and social media to persuade their targets to provide sensitive data/information, such as passwords and account numbers. To defend themselves, your children should use strong passwords and system controls. However, their best protection is exercising an abundance of caution.

Emphasize the importance of the family’s privacy and security

Talk about the danger inherent in your children revealing upcoming vacation plans/family gatherings, checking into locations online, or posting real-time photos of themselves/others regardless of where they are.

Encourage all family members to:

  • Create strong and complex passwords, change them frequently and never share them.
  • Update operating systems and anti-virus software on computers and mobile devices to the latest versions, as soon as they become available.
  • Advise caution when clicking on links or attachments sent to them in emails: Mobile device users are more likely to click on phishing emails and embedded links. 
  • Encrypt sensitive information, such as account numbers, tax information and other personal information, before emailing it.
  • Confirm the identity of a requester via an alternate, verified method, and check the email address: Scammers often use spoofed email addresses to send what seem to be legitimate requests.
  • Report such scams to the U.S. Federal Trade Commission.

Helping your children fully understand the need for being cautious on social media – and on the internet more broadly – will help them become active members of your family’s cyber and security defense team.

We can help

For more information about how to enhance your family’s cybersecurity controls, speak with your J.P. Morgan advisor. 



“Spout Social, "Social media demographics to inform your brand’s strategy in 2023." (March 9, 2021).

Connect with a Wealth Advisor

Our Wealth Advisors begin by getting to know you personally. To get started, tell us about your needs and we’ll reach out to you.

Connect now



This material is for informational purposes only, and may inform you of certain products and services offered by J.P. Morgan’s wealth management businesses, part of JPMorgan Chase & Co. (“JPM”). Products and services described, as well as associated fees, charges and interest rates, are subject to change in accordance with the applicable account agreements and may differ among geographic locations. Not all products and services are offered at all locations. If you are a person with a disability and need additional support accessing this material, please contact your J.P. Morgan team or email us at accessibility.support@jpmorgan.com for assistance. Please read all Important Information.

Any views, strategies or products discussed in this material may not be appropriate for all individuals and are subject to risks. Investors may get back less than they invested, and past performance is not a reliable indicator of future results. Asset allocation/diversification does not guarantee a profit or protect against loss. Nothing in this material should be relied upon in isolation for the purpose of making an investment decision. You are urged to consider carefully whether the services, products, asset classes (e.g. equities, fixed income, alternative investments, commodities, etc.) or strategies discussed are suitable to your needs. You must also consider the objectives, risks, charges, and expenses associated with an investment service, product or strategy prior to making an investment decision. For this and more complete information, including discussion of your goals/situation, contact your J.P. Morgan representative.

NON-RELIANCECertain information contained in this material is believed to be reliable; however, JPM does not represent or warrant its accuracy, reliability or completeness, or accept any liability for any loss or damage (whether direct or indirect) arising out of the use of all or any part of this material. No representation or warranty should be made with regard to any computations, graphs, tables, diagrams or commentary in this material, which are provided for illustration/reference purposes only. The views, opinions, estimates and strategies expressed in this material constitute our judgment based on current market conditions and are subject to change without notice. JPM assumes no duty to update any information in this material in the event that such information changes. Views, opinions, estimates and strategies expressed herein may differ from those expressed by other areas of JPM, views expressed for other purposes or in other contexts, and this material should not be regarded as a research report. Any projected results and risks are based solely on hypothetical examples cited, and actual results and risks will vary depending on specific circumstances. Forward-looking statements should not be considered as guarantees or predictions of future events.

Nothing in this document shall be construed as giving rise to any duty of care owed to, or advisory relationship with, you or any third party. Nothing in this document shall be regarded as an offer, solicitation, recommendation or advice (whether financial, accounting, legal, tax or other) given by J.P. Morgan and/or its officers or employees, irrespective of whether or not such communication was given at your request. J.P. Morgan and its affiliates and employees do not provide tax, legal or accounting advice. You should consult your own tax, legal and accounting advisors before engaging in any financial transactions.

Legal Entity and Regulatory Information.

J.P. Morgan Wealth Management is a business of JPMorgan Chase & Co., which offers investment products and services through J.P. Morgan Securities LLC (JPMS), a registered broker-dealer and investment adviser, member FINRA and SIPC. Insurance products are made available through Chase Insurance Agency, Inc. (CIA), a licensed insurance agency, doing business as Chase Insurance Agency Services, Inc. in Florida. Certain custody and other services are provided by JPMorgan Chase Bank, N.A. (JPMCB). JPMS, CIA and JPMCB are affiliated companies under the common control of JPMorgan Chase & Co. Products not available in all states.

Bank deposit accounts and related services, such as checking, savings and bank lending, are offered by JPMorgan Chase Bank, N.A. Member FDIC.

This document may provide information about the brokerage and investment advisory services provided by J.P. Morgan Securities LLC (“JPMS”). The agreements entered into with JPMS, and corresponding disclosures provided with respect to the different products and services provided by JPMS (including our Form ADV disclosure brochure, if and when applicable), contain important information about the capacity in which we will be acting. You should read them all carefully. We encourage clients to speak to their JPMS representative regarding the nature of the products and services and to ask any questions they may have about the difference between brokerage and investment advisory services, including the obligation to disclose conflicts of interests and to act in the best interests of our clients.

J.P. Morgan may hold a position for itself or our other clients which may not be consistent with the information, opinions, estimates, investment strategies or views expressed in this document.  JPMorgan Chase & Co. or its affiliates may hold a position or act as market maker in the financial instruments of any issuer discussed herein or act as an underwriter, placement agent, advisor or lender to such issuer.