Security Center

Fraud & Security FAQs

What does J.P. Morgan do to keep my information private and secure?

The J.P. Morgan Privacy Policy explains some of what J.P. Morgan does to keep information about you private and secure. For more information see How we protect your online security.

Is my communication with the J.P. Morgan Markets site secure?

J.P. Morgan Markets employs a sophisticated, multi-layer security system to authenticate users and help protect the privacy of data and transactions. J.P. Morgan has deployed a multi-factor user authentication security solution based on something a user knows (an ID and password) and something a user has (such as a SecurID). Full browser encryption is employed to help protect the communication of information between you and J.P. Morgan.

What is phishing?

"Phishing" (pronounced "fishing") is when criminals use email to try to lure you to fake websites, where you are asked to disclose confidential financial and/or personal information, like passwords, account numbers or transaction information.

What protection do I have if I responded to a phishing attempt?

Contact your company's Security Administrator as soon as possible and then contact your J.P. Morgan Service Officer. You can also report phishing scams to the U.S. Federal Trade Commission.


Treat the situation very seriously, particularly if you responded.

Should I provide my user ID or password in email?

You should never enter your user ID, password or account number in email.

What do fraudulent emails look like?

They take many forms, but most are similar in tone - harsh, demanding and scary. See examples that customers have received.

Does J.P. Morgan send out marketing emails?

Yes. We use the J.P. Morgan Markets website to communicate system changes or alert users to events on our website, but we will never request security information from you via email.

What should I do if I'm suspicious of emails bearing the J.P. Morgan or Chase logo?

If you are suspicious, don't reply to, click on, or enter any information - simply delete the email. If it says it's from J.P. Morgan or Chase and you're suspicious, you can forward it to abuse@jpmorgan.com. We investigate these incidents and take steps to prevent further fraudulent email from being sent. If you entered information about one of your J.P. Morgan accounts, contact your company's Security Administrator as soon as possible and then contact your J.P. Morgan Service Officer. You may also want to report such activity to the U.S. Federal Trade Commission.


Treat the situation very seriously, particularly if you responded.

How can an email be fake when it says it's from J.P. Morgan, addresses me by name, has my correct email address or contains other relevant information?

It can be the result of an elaborate type of scam called "spear phishing." Criminal groups collect data from multiple sources and combine it to create more convincing emails designed to persuade you to share confidential information.

It is NOT our practice to:

  • Send emails that require you to enter personal security information directly into the email
  • Send emails threatening to close your account if you do not take the immediate action of providing personal or business information
  • Send emails asking you to reply by sending personal or business information
  • Share your name with any contacts outside our firm in a manner inconsistent with our Privacy Policy

I receive several emails a week that claim to be from J.P. Morgan or Chase. Why can't you stop them? Why don't you prosecute the people responsible?

We can't share all the steps we take, but we are able to stop many scams. First, we try to shut down the server that's sending the emails. Then we work with domestic and international law enforcement to track and arrest the criminals responsible. Many, however, are based outside the United States, and disguise the emails' origins by sending them from hacked computers.

How do the criminals doing the phishing know I have an account with J.P. Morgan?

They might not know anything about you specifically, but they do know J.P. Morgan has many customers worldwide. Their idea is to cast a very broad net in hopes of catching unsuspecting customers.

If I send an email to jpmm.abuse@jpmorgan.com, how do I know J.P. Morgan received it?

We'll send an automated response to let you know we got the email.

Is J.P. Morgan proactively working to stop phishing?

Yes, we aggressively evaluate the messages, work with law enforcement to shut down phishing sites and provide resources to help users become more aware of security issues.

How do other people get my email address?

Criminals obtain email addresses through various means, including purchasing mailing lists from reputable companies. They typically have no idea where your organization holds accounts or what banking systems are used. They just know that large banks such as J.P. Morgan have many customers, and if they phish enough people, they'll eventually get lucky with someone revealing their security information.