How to stay a step ahead of fraudsters

Take these simple steps to help protect you and your family, friends, coworkers and employees.

At J.P. Morgan, protecting client information is a top priority. That’s why we apply controls and procedures that help shield your accounts from fraudulent activity.

But we can’t do this alone. It’s also important for you to stay vigilant—by understanding emerging trends and taking action to protect yourself against potential breaches and exposure. 

As the fraud landscape continues to evolve, we encourage all of our clients, as well as their children and parents, and extended network of friends, employees, and coworkers to take the simple action steps below to protect their information, identities and financial profiles.

To start, whether with or outside of J.P. Morgan, one of the most important precautions you can take to prevent fraud is to verbally verify all payment instructions with your beneficiary, service provider or trusted contact when you receive payment request details via email.

Top 5 things to do with J.P. Morgan

1. Leverage Dual-Factor Authentication to further secure your online accounts.

As part of our multi-factor authentication, J.P. Morgan offers an RSA token—a real-time code that refreshes every minute and is only given to you. In addition to your username and password, an RSA token provides a second layer of validation when you log in to your account via J.P. Morgan Online℠ and the J.P. Morgan Mobile® app.

Take action:

  • Contact your J.P. Morgan Client Service Team to request a secure token for your online profile.

2. Create unique, complex usernames—not just passwords.

Usernames should not contain any personal information, including any derivative of your email address (e.g.,; johnsmith as a username).

Passwords should be unique, at least 10 characters in length—including a combination of upper- and lowercase letters, numbers and special characters—and should not contain any personal information or answers to your security questions, such as a pet’s name.

Take action:

  • Update your J.P. Morgan Online username and password by following these simple steps:
    • Log in to your J.P. Morgan Online account.
    • Click on the “person” icon at the top right-hand corner of the screen.
    • Select “Sign-in and Security.”
    • Edit your username to remove personal information and ensure it does not match your email accounts.
    • Review and create a strong password using the guidelines above.
  • Next, review your other online accounts to ensure those login credentials are strong and unique as well.

3. Enable online alerts.

Turning on alerts allows you to be one step ahead of fraud. J.P. Morgan Online offers alerts that you can apply to your online profile and accounts. When enabled, these alerts notify you of potentially fraudulent transactions or account changes.

Take action:

  • Enable alerts:
    • Log in to your J.P. Morgan Online account.
    • Click on the “person” icon at the top right-hand corner of the screen and select “Alerts.”
    • Select “Alerts delivery” to set up your delivery profile.
    • Select “Choose Alerts” from the menu on the left to enable the alerts; we recommend enabling both email and text formats.
    • For more information on available alerts, click here.

4. Use online bill payment systems to pay your bills instead of writing personal checks.

If a check is stolen or lost, a fraudster has access to your personal information—including your name, address, bank account number and signature. When you use online bill payment systems, J.P. Morgan sends a check on your behalf without disclosing your personal account number to the beneficiary.

Take action:

  • Contact your J.P. Morgan Client Service Team to learn more about enrolling in J.P. Morgan Online. If you need assistance setting up your online bill payments, you will be connected to a dedicated Banking Personal Assistant.

5. Set up paperless statements to help prevent your account information from being lost or stolen in the mail.

Take action:

  • Enroll in Paperless Statements by contacting your Client Service Team. You can also update your preferences within J.P. Morgan Online via these steps:
    • Log in to your J.P. Morgan Online account.
    • Click on the “person” icon at the top right-hand corner of the screen and select “Alerts.”
    • Select “Account Settings > Paperless.”
    • Review and save your options.

Top 5 things to do outside of J.P. Morgan

1. Implement a credit freeze with each of the three credit bureaus.

Freezing your credit is a proactive measure against identity theft. A credit freeze—also known as a security freeze—restricts access to your credit report, making it more difficult for identity thieves to open accounts in your name and/or abuse your credit.

Take action:

  • To put a security freeze on your credit, as well as to protect the accounts of your family members, call or visit the websites below:
    • Equifax: 800.349.9960 |
    • Experian: 888.397.3742 |
    • TransUnion: 888.909.8872 |


2. Choose a reputable email provider that offers spam filtering and multi-factor authentication, and enable those features.  

Take action:

  • Compare your provider against others.
  • Delete emails containing personal information—such as photos of IDs or documents saved in your email Inbox, Sent and Trash folders. Fraudsters often review the emails in your account to understand how you transact, communicate and conduct business months before they attempt to commit fraud.

3. Contact your mobile service provider to proactively prevent phone porting and call forwarding.

In an emerging trend, fraudsters have begun hijacking phone numbers by tricking cell phone service providers into transferring (or porting) a victim’s phone number to a new device, or by hacking into an individual’s online account with the service provider. When this occurs, fraudsters gain access to the data ported from the original mobile device and are able to reset a victim’s passwords on every account that uses the phone number for auto recovery. They are also able to receive one-time verification codes sent to the mobile number by text, phone call or email. Equally concerning is the ease with which a phone number can be forwarded to another number.

Take action:

  • Log in to your online account or call your service provider to freeze phone porting and call forwarding capabilities, and add a verbal password to your account for additional security.

4. Install anti-virus and ad-blocking software on all of your devices, and keep it up-to-date.

Take action:

  • Do your homework—not all software is created equal. You will want to consider software that includes multi-layered malware, spyware and adware protection. Some also offer firewall and spam filtering capabilities as well as ransomware protection.

5. Limit the amount of personal information shared online by reviewing and removing personal information posted on social media accounts.

Take action:

  • Conduct an audit of your social media privacy settings and the information a person may have access to when viewing your accounts as well as your children’s. 

Top 5 things you should never do

1. Do not assume a phone call, email or text message is genuine.

Be wary of impersonators. Fraudsters use social engineering techniques to deceive you into divulging information or taking action on a financial account.

2. Do not share personal information with unknown individuals.

Be mindful of the information you share with others, even in the normal course of business.

3. Do not use the same credentials and passwords for your online accounts.

Consider using a password management tool.

4. Do not allow unknown individuals to access your computer remotely.

Even if they claim to be from a reputable service or technology provider.

5. Do not use public Wi-Fi networks (such as those in hotels, airports and coffee shops).

Do not use without a Virtual Private Network (VPN).