Payments Fraud Resource Center

What is "Phishing"?

Some of our customers have received e-mail that appears to be from J.P. Morgan, but is actually designed to trick them into revealing private information. This scam is called "phishing," and the number of victims is on the rise. You do not have to be one of them.

It is not our practice to:

  • Send e-mail that requires you to enter personal information directly into the e-mail
  • Send e-mail threatening to close your account if you do not take the immediate action of providing personal information
  • Send e-mail asking you to enter your user ID, password, account numbers into an e-mail or a non-secure Web page

“Phishing” is a form of e-mail fraud. Criminals create e-mails and Web sites that closely resemble those of legitimate companies. Their goal is to entice you to provide them with personal information they can then use to gain access to your assets or other sensitive data.

One of the most common methods is to e-mail a link to a Web site that “spoofs” a legitimate company's site. There, they hope to trick you into entering your login information. Once a criminal has successfully “phished” information from you and/or your account, he/she can use that information to steal your money and your identity.

Appearances are meant to be deceiving. If you didn't know better, you could be fooled. The fraudulent e-mail can look convincingly like the e-mail we send to inform you of a new product launch. Some appear to show an exact replica of a J.P. Morgan Web page.

View examples of recent "phishing" e-mail .

As you can see, it can be very difficult to recognize a fraudulent e-mail. Many of these e-mails use logos, formats and phrases that are identical to legitimate e-mails sent by J.P. Morgan. Some frauds are easy to spot because they contain misspellings, misused words, or even a copy of a Web page within the body of the e-mail. Others may provide more subtle clues, such as unfamiliar return e-mail addresses or links to Web sites that do not include a J.P. Morgan domain. (,,

No matter how convincing an e-mail might look or how compelling its message, you can be sure of one thing. If it asks you to enter personal or company proprietary information, it did not come from J.P. Morgan. You should never reply to, click on, or enter any information if you receive a suspicious e-mail. Keep the e-mail in your inbox and report it to your Security Administrator or to J.P. Morgan at We may ask you to forward it to us so we can investigate the matter.

To make certain you are viewing a legitimate Web site, you should open a new browser and type in the URL of the site you wish to visit. The majority of fraudulent e-mail messages will link to fake copies of a legitimate site. If you are suspicious, type the familiar URL such as “” into your browser to be certain you go to our site.

There are additional ways to protect oneself when working in an on-line environment:

  • Ensure your browser and security software information are updated. Within your corporate environment, this is the responsibility of IT and corporate security. However, the same precautions should be taken with personal and home computer systems. Some suspicious e-mails can contain viruses or hidden programs that secretly track and report your Internet activity. Anti-virus software, firewall protection and software patches from your operating system provider (e.g., Microsoft) can help prevent criminals from monitoring your online activities. Also, be sure that you or your IT group maintains up-to-date security software by installing any vendor-issued security patches.

    If you use wireless devices, such as a Blackberry, be sure Wireless Encryption Protocol (WEP) is enabled.
  • Safeguard your online activity.
    You should always log out of an online session anytime you step away from your computer. In most cases, your corporate security or IT department will provide guidelines to protect you and your company from “phishing” attacks and other rogue activity. It is important that you follow their instructions.

    If you use a computer with public access, such as in a library or Internet cafe©, please ensure that any user IDs and passwords you enter are not saved on that computer.
  • Protect your online identity.
    Criminals can obtain your e-mail address in many ways — searching Web sites and chat rooms, buying online address lists, etc. You can be prepared by having a separate company e-mail address and a separate personal e-mail address.

    Also, avoid entering your e-mail address at unsecured sites if possible. Many Web sites do not require your e-mail address for registration or ordering purposes, but they ask for it so they can add you to mailing lists for newsletters, sales, etc. Criminals and spammers buy these mailing lists to use for “phishing” purposes.

How does J.P. Morgan ACCESS secure my information when I am logged in?

We use a variety of methods and technologies to keep your confidential information out of the hands of online criminals.

  1. We use Secure Socket Layer (SSL) technology to encrypt your personal information such as User IDs, passwords and account information over the Internet. Any information provided to you is scrambled en route and decoded once it reaches your browser.
  2. We replace your password with asterisks when you login so no one can see it.
  3. We have procedures in place so that we can verify identity when a customer contacts our Help Desks.

Note: In order to view and print Adobe PDF files you must have Adobe® Acrobat® Reader®  4.0 or higher installed on your computer.


Important News

Copyright © 2014 JPMorgan Chase & Co. All rights reserved.