Phishing (pronounced "fishing") is a form of criminal activity that employs social engineering techniques to acquire sensitive personal information (such as Passwords, account numbers, Personal Identification Numbers (PINs), Social Security Numbers and account information). By masquerading as trustworthy individuals or businesses in an apparently official electronic communication like email, criminals use sophisticated lures to "fish" for users' Passwords and account or personal information.
However, scammers may use other contact methods to obtain your private information, such as text messages (also known as short message phishing or "smishing") and through phone calls (also known as voice phishing or "vishing"). With these methods, you could receive a text message, phone call or voice mail directing you to a website or phone number, where you would be asked to provide your personal data.
For example, you could receive a text message from an unusual number that says your bank account will be closed, frozen or terminated unless you call a telephone number or go to a website. Often, these messages give negative consequences for not responding. This is an attempt to scare you and convince you to provide your personal or account information.
There are hundreds of variations, but in general, phishing comes in one of these flavors:
If you ever are unsure about the authenticity of a Chase email, phone call or text message, please call the toll-free number on the back of your credit/debit card or the toll-free number printed on your bank statement.
With those things in mind, please exercise caution when reading email that appears to have been sent by us. It's an unfortunate reality that criminals continue to devise ways to exploit technology in an effort to obtain your personal or account information.
If you've gotten such email and you have questions that aren't addressed in our FAQs, please forward it to us at email@example.com. You'll get an automated response to let you know we got the message, and we’ll follow up with you in 2 business days.
Each situation is different. We'll work with you to make the best decisions based on the nature of the compromise and what data you shared.
They take many forms, but most are similar in tone – harsh, demanding and scary. See examples some customers have received.
If you’re suspicious, don't reply to, click on, or enter any information. Instead, please forward it to firstname.lastname@example.org. If you entered information about one of your Chase accounts, you should call us immediately. We investigate each incident and take steps to prevent further unauthorized email from being sent.
We can't share all the steps we take, but we are able to stop many scams. First, we try to shut down the server sending the messages. Then we work with domestic and international law enforcement to track and arrest the criminals responsible. Many, however, are based outside the United States, and disguise their email origins by sending them from hacked computers.
Looks can be deceiving. As criminals make more credible forgeries of legitimate email and websites, you can no longer rely on seeing familiar graphics like the Chase logo. The key to determining an email’s authenticity lies in the tone of the message and the nature of the solicitation. Criminals want you to give them information and they're not very subtle about it. Our goal in marketing by email is to tell you about products and services we think will interest you.
It's not our practice to:
They might not know anything about you specifically, but they do know Chase has millions of customers worldwide. Their idea is to cast a very broad net in hopes of catching unsuspecting customers.
It works like this: Phishers target the customers of large companies. They phish millions of email accounts, knowing that many of their targets will be among the recipients. In the process, they end up sending mail to many people who aren't customers.
Criminals obtain email addresses through various means, including purchasing mailing lists from reputable companies. Often, they have no idea where you bank or who issues your credit card. They just know we have millions of customers, and if they phish enough people, they'll eventually get lucky.
You should never give out personal or financial information such as your checking account, credit card or Social Security numbers over the phone unless you initiate the call or know the person or organization you’re dealing with.
No legitimate representative of JPMorgan Chase will ever ask you for your PIN or password via email communication. They will request this information only when you call in to discuss your account.
Always use caution when you receive a phone call from someone who:
Please contact us immediately if you believe you have given out any personal information over the phone. To report a suspicious phone call or potential fraudulent activity, please follow the instructions on this page.