Internet Fraud & Identity Theft

Do not become a victim. Clients may receive e-mail that appears to be from J.P. Morgan, but is designed to trick you into revealing private information. This scam is called “phishing,” and the number of victims is on the rise. You do not have to be one of them.

It is not our practice to:

“Phishing” is a form of e-mail fraud. Criminals create e-mails and Web sites that closely resemble those of legitimate companies. Their goal is to entice you to provide them with personal information they can then use to gain access to your assets or other sensitive data.

One of the most common methods is to e-mail a link to a Web site that “spoofs” a legitimate company’s site. There, they hope to trick you into entering your login information. Once a criminal has successfully “phished” information from you and/or your account, he/she can use that information to steal your money and your identity.

Appearances are meant to be deceiving. If you didn’t know better, you could be fooled. The fraudulent e-mail can look convincingly like the e-mail we send to inform you of a new product launch. Some appear to show an exact replica of a J.P. Morgan Web page.

View examples of recent “phishing” e-mail.

As you can see, it can be very difficult to recognize a fraudulent e-mail. Many of these e-mails use logos, formats and phrases that are identical to legitimate e-mails sent by J.P. Morgan. Some frauds are easy to spot because they contain misspellings, misused words, or even a copy of a Web page within the body of the e-mail. Others may provide more subtle clues, such as unfamiliar return e-mail addresses or links to Web sites that do not include a J.P. Morgan domain (,,

No matter how convincing an e-mail might look or how compelling its message, you can be sure of one thing. If it asks you to enter personal or company proprietary information, it did not come from J.P. Morgan You should never reply to, click on, or enter any information if you receive a suspicious e-mail. Keep the e-mail in your inbox and report it to your Security Administrator or to J.P. Morgan at We may ask you to forward it to us so we can investigate the matter. You can also report suspicious e-mail by calling your regional J.P. Morgan Help Desk at one of the following numbers:

To make certain you are viewing a legitimate Web site, you should open a new browser and type in the URL of the site you wish to visit. The majority of fraudulent e-mail messages will link to fake copies of a legitimate site. If you are suspicious, type the familiar URL such as "" into your browser to be certain you go to our site. When you arrive at our site you should see the URL address start with If in doubt please contact us.

There are additional ways to protect oneself when working in an on-line environment:

How does J.P. Morgan ACCESS secure my information when I am logged in?

We use a variety of methods and technologies to keep your confidential information out of the hands of online criminals.

  1. We use Secure Socket Layer (SSL) technology to encrypt your personal information such as User IDs, passwords and account information over the Internet. Any information provided to you is scrambled en route and decoded once it reaches your browser.
  2. We replace your password with asterisks when you login so no one can see it.
  3. We have procedures in place so that we can verify identity when a client contacts our Help Desks.

Copyright © 2015 JPMorgan Chase & Co. All rights reserved.