WIXLIB

Protectingagainst andrecovering fromfraud andidentity theftWHAT TO DO

Our commitmentAt J.P. Morgan, protecting your informationand assets is our top priority. As a client,you benefit from the controls and processeswe have in place to maintain the privacyand confidentiality of your financialinformation. While we deploy sophisticatedfraud prevention strategies, you are anintegral component to preventing fraudulentactivity, and are ultimately responsible forensuring your own security posture.If you have any questions, please call yourJ.P. Morgan team about additional stepsyou may be able to take to protect yourself.1

Responding toa growing threatFraud and identity theft are growing andserious threats, making it essential thatfraud prevention is incorporated into yourdaily activities.The following pages identify fraud trendsand areas of serious vulnerability andprovide detailed steps you can take tohelp protect yourself, your assets and yourpersonal information.How fraud and identity theft happen 4Protect yourself from fraud and identity theft 8Recovering from fraud and identity theft 12Prevent future identity theft 19 3

How fraud andidentity theft happenFraud can be perpetrated in many ways. Fraudsters no longeronly steal your information through physical means, but alsoleverage technology to compromise your confidential and financialinformation for financial gain.HOW FRAUD HAPPENSSocialengineeringFraudsters go to great lengths to deceive individuals into providingconfidential or sensitive information via email (phishing), phone(vishing), or text message (SMiShing) by claiming to be a trustedassociate or organization.J.P. Morgan Chase will never ask you to disclose confidentialinformation or credentials in an email or text message.EmailcompromiseFraudsters target individuals and businesses that regularly performwire payments by using language specific to you or your company,and attempt to impersonate you or your trusted associates in orderto redirect funds to accounts under their control, via email in anumber of ways.Email Compromise can occur through hacking, when a fraudstergains unauthorized access to a legitimate email account, and/orspoofing, when a fraudster creates an email address that lookssimilar to a legitimate email address in order to trick individualsinto believing it is genuine.Third Party Email Compromise: Both individuals and organizationscan fall victim to third party email compromise fraud. Fraud occurswhen fraudsters exploit trusted relationships between you, yourbusiness, and vendors or third party service providers. Fraudstersoften target third parties you work with in an attempt to redirectpayments to their accounts. They may hack the third party’s emailsystem or spoof their email address and send genuine-lookinginvoices to deceive you or your business.4

HOW FRAUD HAPPENSRemoteaccess attackFraudsters can gain remote access to your computer throughmalware or social engineering attempts claiming to be reputableservice protection providers.With this access, fraudsters can take over your computer andcomplete transactions without your knowledge.Mobile devicetakeoverMobile device takeover occurs when fraudsters hijack a phonenumber without having possession of the physical device.Fraudsters trick cell phone service providers into transferring(or porting) the victim’s phone number from an existing deviceto a new device, giving fraudsters the ability to reset the victim’spasswords on every account that uses the phone number forauto recovery and access to information sent to the mobile numberby text, phone call or email.PhysicaltheftFraudsters may:Access your personal information, including medical records orother sensitive documents, by targeting institutions/entitiesto whom you’ve previously provided personal data in the normalcourse of doing business.Steal or divert your mail to another location through thepostal service.Steal your laptop or mobile phone.Your personal or your firm’s information can be used to: Open a bank account or apply forcredit using your name, date of birthand other personal identificationnumbers Enroll in wireless service or otherutilities in your name Initiate money movement transfersfrom accounts File a fake tax return and steal yourrefund Forge existing or print counterfeitchecks or debit cards Hold your information or othersensitive data for ransom5

TYPES OF FRAUDWire fraudWire fraud occurs when a fraudster transfers funds to anaccount unbeknownst to the account holder, or when the accountholder unintentionally sends a wire transfer to a fraudulentaccount. Fraud often occurs when fraudulent payment instructionsare received via email.Onlinebanking fraudOnline banking fraud occurs via social engineering, or whenmalware is installed on your device. Through these tactics,fraudsters gather login credentials.Once your online account is compromised, a fraudster is ableto view account information, initiate payments and update contactinformation.6Check fraudTraditional paper checks contain sensitive and personal informationsuch as your name, address, account number, routing number andsignature, which fraudsters can use to illegally access your accounts.Check fraud occurs when fraudsters steal and/or forge physicalchecks, create counterfeit checks using genuine account and routingdetails, chemically remove and replace details on a check (checkwashing) or trick individuals into withdrawing funds against a checkthat has not cleared (check kiting).ACH fraudAutomated Clearing House (ACH) is an electronic paymentnetwork that enables businesses and individuals to securelytransfer funds via their banks. ACH fraud occurs when fraudsterstrick you into sharing your bank routing number and accountnumber, or by obtaining the information from a check. Fraudsterscan sometimes initiate payments from your bank account througha third party service provider by knowing these two pieces ofinformation.Payroll fraudPayroll fraud occurs when fraudsters hack into businesses’networks, deploy sophisticated malware or impersonateemployees, ultimately to change details in the payroll system.

Targeted financial exploitation of individualsTargeted financial exploitation of individuals occurs when fraudsters misuse,misappropriate or steal funds from elder or vulnerable persons. Fraudsterscan be unknown individuals or trusted individuals like family members, caregivers or professionals, like an attorney or financial advisor.TYPES OF COMMON FRAUD SCAMSTech supportA fraudster impersonates a software technician and requests toaccess your computer remotely to remediate an issue. Sometimesan alert appears on your device that instructs you to call atechnical support staff. Do not allow anyone to access your deviceremotely.ExtortionA fraudster claims that a loved one has been arrested orhospitalized and requests payment for their release or medicalexpenses. Often, the fraudster creates a sense of urgency andstates the transaction must be “confidential” to bypass controls.TaxA fraudster claims you owe a debt to a government agency andrequests for credit card, gift card or account information over thephone or email.Lottery andinheritanceA fraudster promises cash prizes or an inheritance reward if feesor taxes are paid in advance.InvestmentInvestment fraud occurs when fraudsters use deceptive methodsto persuade potential investors into making purchases or saledecisions. They may take advantage of common interests orassociations to build trust among potential investors, and use falseor misleading information or fictitious opportunities.A fraudster requests payment, such as bitcoin, for an investmentor business opportunity, typically offered without crediblebackground, history or documentation.RomanceA fraudster expresses a pretense of romantic interest to buildan emotional connection, typically via social media or onlinedating sites.7

Protect yourself from fraudand identity theftAt J.P. Morgan, we believe that one of the best ways to fight fraudand identity theft is to prevent it from happening in the first place.A few simple precautionary measures can go a long way tohelp prevent someone from stealing important personal andfinancial information.Top actions you can take to protect yourself from fraudGENERAL FRAUD PREVENTION GUIDELINES1. Be mindful of the information you share with others, even in the normalcourse of doing business2. Do not use personally identifying information as your username orpassword3. Create strong and complex passwords on all devices and online accounts,never share them, change them frequently and consider using a passwordmanagement tool4. Be mindful when using public Wi-Fi. Confirm the network name beforeconnecting. Avoid using your card to make online purchases or logging intoyour banking accounts5. Remain vigilant for suspicious activity online and in your physicalsurroundings6. Keep financial documents and records in a secure place, and destroysensitive documents you no longer need7. Carry only what you need. The less personal information you have withyou, including personal checks, the better off you will be if your purse orwallet is stolen8

MONEY MOVEMENT AND ONLINE BANKING GUIDELINES1. Never share banking credentials and passwords, and each user shouldhave a unique user ID. Additionally, consider leveraging an RSA token tohelp secure your online accounts. A token is a real-time code that refreshesevery minute and is needed to login to your account, in addition to yourusername and password2. Adopt multi-factor authentication for all online banking and emailaccounts, and always log off your online accounts when not in use3. Always validate payment instructions by calling the originator, or source ofthe instructions, on a known number when instructions are received via email,even if the email is from a senior member of the company or a trusted vendor4. Consider using online bill pay, and print your statements at home or in theoffice through a secure connection rather than receiving them through the mail5. Check your online banking accounts for unauthorized activity periodically,and set up online alerts to notify you of account changes and transactions6. Do not preprint or include personal information on checks, and store themin a safe placeCOMPUTER, EMAIL AND TELEPHONE GUIDELINES1. Be wary of the following red flags in emails: Spoofed email address Poor grammar or spelling Urgency around payment transmission Last-minute changes of payment instructions Suspicious attachments or links Blurred company logo on an invoice2. Do not allow anyone to access your computer remotely3. Do not assume a phone call is genuine because the person on the otherend has your information; call the business back on a known number as listedon its website4. Do not call or text an unknown phone number; call a known number(such as contact information on the back of your credit card or yourJ.P. Morgan team to help prevent a possible fraud incident5. Protect your mobile devices. Contact your service provider to implementadditional controls, like an account PIN or password, to protect you fromauthorized transactions6. Ensure operating systems and data protection software on your computerand mobile devices, including anti-malware and anti-virus software, areup-to-date9