The J.P. Morgan Privacy Policy explains some of what J.P. Morgan does to keep information about you private and secure. For more information see How we protect your online security.
J.P. Morgan Markets employs a sophisticated, multi-layer security system to authenticate users and help protect the privacy of data and transactions. J.P. Morgan has deployed a multi-factor user authentication security solution based on something a user knows (an ID and password) and something a user has (such as a SecurID). Full browser encryption is employed to help protect the communication of information between you and J.P. Morgan.
"Phishing" (pronounced "fishing") is when criminals use email to try to lure you to fake websites, where you are asked to disclose confidential financial and/or personal information, like passwords, account numbers or transaction information.
Contact your company's Security Administrator as soon as possible and then contact your J.P. Morgan Service Officer. You can also report phishing scams to the U.S. Federal Trade Commission.
Treat the situation very seriously, particularly if you responded.
You should never enter your user ID, password or account number in email.
They take many forms, but most are similar in tone - harsh, demanding and scary. See examples that customers have received.
Yes. We use the J.P. Morgan Markets website to communicate system changes or alert users to events on our website, but we will never request security information from you via email.
If you are suspicious, don't reply to, click on, or enter any information - simply delete the email. If it says it's from J.P. Morgan or Chase and you're suspicious, you can forward it to abuse@jpmorgan.com. We investigate these incidents and take steps to prevent further fraudulent email from being sent. If you entered information about one of your J.P. Morgan accounts, contact your company's Security Administrator as soon as possible and then contact your J.P. Morgan Service Officer. You may also want to report such activity to the U.S. Federal Trade Commission.
Treat the situation very seriously, particularly if you responded.
It can be the result of an elaborate type of scam called "spear phishing." Criminal groups collect data from multiple sources and combine it to create more convincing emails designed to persuade you to share confidential information.
It is NOT our practice to:
We can't share all the steps we take, but we are able to stop many scams. First, we try to shut down the server that's sending the emails. Then we work with domestic and international law enforcement to track and arrest the criminals responsible. Many, however, are based outside the United States, and disguise the emails' origins by sending them from hacked computers.
They might not know anything about you specifically, but they do know J.P. Morgan has many customers worldwide. Their idea is to cast a very broad net in hopes of catching unsuspecting customers.
We'll send an automated response to let you know we got the email.
Yes, we aggressively evaluate the messages, work with law enforcement to shut down phishing sites and provide resources to help users become more aware of security issues.
Criminals obtain email addresses through various means, including purchasing mailing lists from reputable companies. They typically have no idea where your organization holds accounts or what banking systems are used. They just know that large banks such as J.P. Morgan have many customers, and if they phish enough people, they'll eventually get lucky with someone revealing their security information.