Do not become a victim. Clients may receive e-mail that appears to be from J.P. Morgan, but is designed to trick you into revealing private information. This scam is called “phishing,” and the number of victims is on the rise. You do not have to be one of them.
It is not our practice to:
“Phishing” is a form of e-mail fraud. Criminals create e-mails and Web sites that closely resemble those of legitimate companies. Their goal is to entice you to provide them with personal information they can then use to gain access to your assets or other sensitive data.
One of the most common methods is to e-mail a link to a Web site that “spoofs” a legitimate company’s site. There, they hope to trick you into entering your login information. Once a criminal has successfully “phished” information from you and/or your account, he/she can use that information to steal your money and your identity.
Appearances are meant to be deceiving. If you didn’t know better, you could be fooled. The fraudulent e-mail can look convincingly like the e-mail we send to inform you of a new product launch. Some appear to show an exact replica of a J.P. Morgan Web page.
As you can see, it can be very difficult to recognize a fraudulent e-mail. Many of these e-mails use logos, formats and phrases that are identical to legitimate e-mails sent by J.P. Morgan. Some frauds are easy to spot because they contain misspellings, misused words, or even a copy of a Web page within the body of the e-mail. Others may provide more subtle clues, such as unfamiliar return e-mail addresses or links to Web sites that do not include a J.P. Morgan domain (jpmorganchase.com, jpmorgan.com, chase.com).
No matter how convincing an e-mail might look or how compelling its message, you can be sure of one thing. If it asks you to enter personal or company proprietary information, it did not come from J.P. Morgan You should never reply to, click on, or enter any information if you receive a suspicious e-mail. Keep the e-mail in your inbox and report it to your Security Administrator or to J.P. Morgan at firstname.lastname@example.org. We may ask you to forward it to us so we can investigate the matter. You can also report suspicious e-mail by calling your regional J.P. Morgan Help Desk at one of the following numbers:
To make certain you are viewing a legitimate Web site, you should open a new browser and type in the URL of the site you wish to visit. The majority of fraudulent e-mail messages will link to fake copies of a legitimate site. If you are suspicious, type the familiar URL such as "www.jpmorgan.com" into your browser to be certain you go to our site. When you arrive at our site you should see the URL address start with www.jpmorgan.com. If in doubt please contact us.
There are additional ways to protect oneself when working in an on-line environment:
Within your corporate environment, this is the responsibility of IT and corporate security. However, the same precautions should be taken with personal and home computer systems. Some suspicious e-mails can contain viruses or hidden programs that secretly track and report your Internet activity. Anti-virus software, firewall protection and software patches from your operating system provider (e.g., Microsoft) can help prevent criminals from monitoring your online activities. Also, be sure that you or your IT group maintains up-to-date security software by installing any vendor-issued security patches.
If you use wireless devices, such as a Blackberry, be sure Wireless Encryption Protocol (WEP) is enabled.
You should always log out of an online session anytime you step away from your computer. In most cases, your corporate security or IT department will provide guidelines to protect you and your company from “phishing” attacks and other rogue activity. It is important that you follow their instructions.
If you use a computer with public access, such as in a library or Internet cafe, please ensure that any user IDs and passwords you enter are not saved on that computer.
Criminals can obtain your e-mail address in many ways – searching Web sites and chat rooms, buying online address lists, etc. You can be prepared by having a separate company e-mail address and a separate personal e-mail address.
Also, avoid entering your e-mail address at unsecured sites if possible. Many Web sites do not require your e-mail address for registration or ordering purposes, but they ask for it so they can add you to mailing lists for newsletters, sales, etc. Criminals and spammers buy these mailing lists to use for “phishing” purposes.
How does J.P. Morgan ACCESS secure my information when I am logged in?
We use a variety of methods and technologies to keep your confidential information out of the hands of online criminals.