Cybersecurity

Do you know how to protect yourself from email fraud?

Protect yourself from email fraud before it’s too late. Learn how with our top 5 tips.


Mark and his wife, Meghan, finished a backyard redesign, complete with an in-ground pool, pool house and all new landscaping. Done in time for the summer season, the couple were happy with how it all turned out—until they realized an email hack had created a financial headache for them.    

The general contractor, after completing the work, had emailed the couple final invoices: one for his services and another for the landscaping subcontractor. 

Mark made the two payments online. As he’d paid the general contractor 50% upfront, he’d saved the firm’s wire instructions: bank name, routing number and account number. He entered a new amount in his online bank account and hit send. But he’d never before done business with the landscaping subcontractor, so he entered the instructions he’d received in the general contractor’s email and hit send again.

Problem is the landscaping subcontractor never received this money. The instructions Mark had were incorrect. The landscaping subcontractor’s email had been hacked, and a spoofed email with a false invoice was sent to the general contractor, who passed it along to Mark.

In the end, Mark wound up paying the landscaping subcontractor’s rather expensive bill twice. 

This scenario is all too common. According to the FBI,1 overall fraud losses in 2018 were $2.7 billion, and of that, $1.3 billion was due to email compromise similar to the email spoofing and hack that Mark and his contractors experienced.

But such fraud may be prevented. The general contractor and Mark should have called the landscaping subcontractor to confirm the instructions. Meanwhile, the landscaping subcontractor needed to have stronger user IDs, passwords and anti-virus software. These are some of the good cyber habits that we all can adopt. 

What is an email hack?

Cybercriminals can get access to victims’ emails through malware, website breaches and phishing scams. Often it can be as simple as their guessing or stealing usernames and passwords to gain unauthorized access to the victims’ accounts. Once inside, they capture specific details on financial transactions to manipulate wire transfers of funds into their own accounts. When the opportunity arises, fraudsters send emails to commit payment fraud.

With Mark’s landscaping subcontractor, a fraudster had sat in the subcontractor’s email for weeks, reading correspondence and learning to emulate how the subcontractor’s firm interacted with clients and what its invoices looked like.

What is email spoofing?

Fraudsters mimic, or spoof, an email to trick individuals into believing the email received is from a known and trusted source. For example, @ipmorgan.com can appear similar to @jpmorgan.com, and johm.doe@jpmorgan.com can appear similar to john.doe@jpmorgan.com.

What you can do to help prevent email fraud:

1.       Protect yourself from an email hack.

  • Use strong user names and passwords.
  • Keep information in a secure place.
  • Install and use anti-virus software.

2.       Double-check your sources.

  • A request may seem genuine because the email seems to be coming from a known email address. But slow down and examine the email closely to ensure it truly is the correct email address.
  • Confirm the identity of the requester via an alternate method; for example, through verbal confirmation.  

3.       Learn how to spot fake emails.

  • Look for bad grammar, spelling errors and poor sentence structure.
  • Keep an eye out for changes to a sender’s format, font and salutation.
  • Note if the sender is trying to create a sense of urgency to pressure you to bypass controls (e.g., Payments must go out ASAP!).
  • Pay extra attention during the danger times: More fraud occurs late in the day on Fridays and before holidays.

4.       Verbally confirm financial details.

  • Check banking details with the beneficiary before initiating any payment. Tell the individual after an invoice has been paid. Request verbal confirmation of the payment.
  • Exercise additional caution when a person or business changes their standing wire instructions. Bank account numbers don’t change that often. 

5.       Beware of “callbacks.”

  • Think twice before complying even when individuals are requesting callbacks for seemingly legitimate reasons.
  • Avoid callbacks to unknown numbers.

We can help

If you believe that you or your business has been a victim of email fraud, contact your J.P. Morgan representative immediately. Also be sure to speak with your representative to learn more about our cybersecurity and fraud awareness programs, or to schedule an information session with our professionals.

 

1 Federal Bureau of Investigation Internet Crime Report 2018.


Check the background of Our Firm and Investment Professionals on FINRA's BrokerCheck

To learn more about J. P. Morgan’s investment business, including our accounts, products and services, as well as our relationship with you, please review our Guide to Investment Services and Brokerage Products.

This website is for informational purposes only, and not an offer, recommendation or solicitation of any product, strategy service or transaction. Any views, strategies or products discussed on this site may not be appropriate or suitable for all individuals and are subject to risks. Prior to making any investment or financial decisions, an investor should seek individualized advice from a personal financial, legal, tax and other professional advisors that take into account all of the particular facts and circumstances of an investor's own situation. 

This website provides information about the brokerage and investment advisory services provided by J.P. Morgan Securities LLC (“JPMS”). When JPMS acts as a broker-dealer, a client's relationship with us and our duties to the client will be different in some important ways than a client's relationship with us and our duties to the client when we are acting as an investment advisor. A client should carefully read the agreements and disclosures received (including our Form ADV disclosure brochure, if and when applicable) in connection with our provision of services for important information about the capacity in which we will be acting.

INVESTMENT AND INSURANCE PRODUCTS ARE: • NOT FDIC INSURED • NOT INSURED BY ANY FEDERAL GOVERNMENT AGENCY • NOT A DEPOSIT OR OTHER OBLIGATION OF, OR GUARANTEED BY, JPMORGAN CHASE BANK, N.A. OR ANY OF ITS AFFILIATES • SUBJECT TO INVESTMENT RISKS, INCLUDING POSSIBLE LOSS OF THE PRINCIPAL AMOUNT INVESTED
Equal Housing Opportunity logo

J.P. Morgan Chase Bank N.A., Member FDIC Not a commitment to lend. All extensions of credit are subject to credit approval 

“J.P. Morgan Securities” is a brand name for a wealth management business conducted by JPMorgan Chase & Co. (“JPMC”) and its subsidiaries worldwide. JPMorgan Chase Bank, N.A. and its affiliates (collectively “JPMCB”) offer investment products, which may include bank managed accounts and custody, as part of its trust and fiduciary services. Other investment products and services, such as brokerage and advisory accounts, are offered through J.P. Morgan Securities LLC (“JPMS”), a member of FINRA and SIPC. Annuities are made available through Chase Insurance Agency, Inc. (CIA), a licensed insurance agency, doing business as Chase Insurance Agency Services, Inc. in Florida. JPMCB, JPMS and CIA are affiliated companies under the common control of JPMorgan Chase & Co. Products not available in all states.

Please read additional Important Information in conjunction with these pages.