Security Center

Types of online fraud: phishing

 

“Phishing” (pronounced “fishing”) is when criminals use email to try to lure you to fake websites, where you are asked to disclose confidential financial and/or personal information, like passwords, account numbers or transaction information.
How to recognize common phishing tactics:

  • You do not recognize the “From” email address as valid
  • The email requests you to verify your account/personal information (account number, user ID, password, etc.)
  • A hyperlink within the email address does not display the actual address
  • The email conveys a sense of urgency or threatens some dire consequence if you do not respond

You should never respond or reply to email that:

  • Requires you to click a link, open an attachment, confirm, verify or refresh account information
  • Requires you to enter organizational or personal information directly into the email or submit that information some other way
  • Threatens to close or suspend your account if you do not take immediate action by providing specific information about you or your company
  • Solicits your participation in a survey where you are asked to enter personal information
  • Solicits your user credentials, passwords, PIN or token codes
  • Emails from senior members of your own organization directing you to execute wire transfers
  • States that your account has been compromised or that there has been third-party activity on your account and requests you to enter or confirm your account information
  • States that there are unauthorized transactions on your account(s) and requests your account information
  • Asks you to enter your user ID, password or account numbers into an email or non-secure webpage
  • Asks you to confirm, verify, or refresh your account information
  • Directs you to a screen that asks you to provide additional data beyond your normal login information
  • Asks you to validate account information for banking systems you do not use

Phishing scams now have a phone connection

First, it was “phishing,” where criminals send email by the thousands in hopes of tricking unsuspecting users into sharing confidential information.

Now, there’s “vishing.” In this latest twist, fraudsters use a telephone number in the phishing email instead. If you call, a person or an automated response system will ask for your personal and/or account information. You can report both phishing and vishing to the U.S. Federal Trade Commission.

When you call J.P. Morgan, only call standard Help Desk or Service Officer phone numbers.

Reminder: J.P. Morgan will never ask you for your password.