Keep yourself safe from fraud
At J.P. Morgan, protecting your information and assets is our top priority. While we deploy sophisticated fraud prevention strategies, you are an integral component to preventing fraudulent activity.
What does fraud look like and how does it happen?
To improve your security posture and mitigate fraud risk, it is vital for you to understand the ways fraudsters can trick you into performing actions or divulging confidential information—as well as to understand best practices to prevent against identity theft.
- Email Compromise: Fraudsters go to great lengths to socially engineer you and/or your employees by researching you, your company and individuals who process wire transfers on your behalf. By mimicking you or your trusted associates, they use language specific to you and/or your company to ask for funds to be sent to accounts under their control.
- Social Engineering: Fraudsters deceive individuals into providing confidential or sensitive information via email (phishing), phone (vishing) or text message (SMSing) by claiming to be a trusted associate or organization. JPMorgan Chase will never ask you to disclose confidential information/credentials in an email or text message. We will also never ask you to move money into a new account via email, phone or text message.
- Wire and ACH Fraud: Wire fraud occurs when a fraudster transfers funds to an account unbeknownst to the account holder, or when the account holder unintentionally sends a wire transfer to a fraudulent account. ACH fraud occurs when an account is accessed for unauthorized ACH payments (debits).
- Online Banking Fraud: Online banking fraud occurs when malicious software, also known as malware, is installed on your computer. Through viruses, keystroke loggers, ransomware or other types of malware, fraudsters gather confidential account credentials and financial information.
- Remote Access: Fraudsters can gain remote access to your computer through malware or phishing attempts claiming to be reputable virus protection providers. With this access, fraudsters can take over your computer and complete transactions without your knowledge.
Top 10 actions you can take to protect yourself from fraud
Money movement and online banking
1. Always validate payment instructions by calling the originator on a known number when instructions are received via email, even if the email is from a senior member of the company or a trusted vendor
2. Check your online banking accounts for unauthorized activity periodically, and set up online alerts to notify you of account changes and transactions
3. Never share banking credentials and passwords, and never log in to your online banking accounts from a public computer or WiFi
4. Adopt multi-factor authentication for all online banking accounts, and always log off your online banking account when not in use
5. Do not preprint or include excess personal information on your checks, such as your SSN or phone number and keep the checks in a safe place
Computer, email and telephone
1. Ensure operating systems and data protection software on your computer and mobile devices, including anti-malware and anti-virus software, are up-to-date
2. Do not allow anyone to access your computer remotely
3. Be wary of the following red flags in emails:
• Spoofed email address
• Poor grammar or spelling
• Urgency around payment transmission
• Late changes of payment instructions
• Suspicious attachments or links
• Blurred company logo on an invoice
4. Do not assume a phone call is genuine because the person on the other end has your information; J.P. Morgan will never call to instruct you to move funds to a new account
5. Do not call or text an unknown phone number; call a known number (i.e., back of the credit card or your banking representative) to help prevent a possible fraud incident
J.P. Morgan will never:
- Ask you to log in to the same computer with more than one user’s credentials
- Ask you to repeatedly submit login credentials
- Contact you about online problems, such as logging in, if you haven’t contacted us first
- Request sensitive confidential information by email
If you believe you have been targeted by a fraud scheme or your login credentials have been compromised, please contact your J.P. Morgan team member.
This article is provided for educational and informational purposes only and is not intended, nor should it be relied upon, to address every aspect of the subject discussed herein. The information provided in this article is intended to help clients protect themselves from cyber fraud. It does not provide a comprehensive listing of all types of cyber fraud activities and it does not identify all types of cybersecurity best practices. You, your company or organization is responsible for determining how to best protect itself against cyber fraud activities and for selecting the cybersecurity best practices that are most appropriate to your needs. Any reproduction, retransmission, dissemination or other unauthorized use of this article or the information contained herein by any person or entity is strictly prohibited.
