Types of Online Fraud

This topic explains the following types of online fraud:


“Phishing” (pronounced “fishing”) is when criminals use email to try to lure you to fake websites, where you are asked to disclose confidential, financial, or personal information like passwords, account numbers, or transaction information.

The most common type of phishing is an email threatening some dire consequence if you do not immediately log in and take action.

You should never respond or reply to email that:


Phishing scams can have a phone connection. First, it was “phishing,” where criminals send email by the thousands in hopes of tricking unsuspecting users into sharing confidential information.

Now, there is “vishing.” In this latest twist, fraudsters use a telephone number in the phishing email instead. If you call, a person or an automated response system will ask for your personal or account information.

When you call J.P. Morgan, only call the phone numbers we have provided directly to you during your program implementation.

REMINDER: J.P. Morgan will never ask you for your password.


Hijacking is a type of network security attack in which the attacker takes control of a communication, just as an airplane hijacker takes control of a flight, between two entities and masquerades as one of them. Hijack attacks may be used simply to gain access to information or the attacker may pose as that user and do anything the user is authorized to do on the network (i.e., move money).

If you are not able to successfully access PaymentNet during normal business hours and you receive one of the responses below, you should immediately contact your program administrator and then call your J.P. Morgan Customer Service representative or Client Application Support:

Malware and Botnets

Recent developments in the area of cyber security point to a sharp increase in the number and complexity of online security attacks. These attacks are of particular concern because they can target users of financial applications at large banking institutions such as J.P. Morgan.

One of the most common of these attacks injects malicious software, known as “malware” onto a user’s machine. The malware is then able to “enslave” the machine as part of a network of “robot” computers. A network of robot computers is referred to as a “botnet.”

The use of malware distributed via botnet allows fraudsters to override existing security methods as well as harvest highly sensitive data and security credentials and possibly perform fraudulent transactions.

Malware or a Botnet can:

The best way to avoid falling victim to malware attacks is to practice good computer hygiene by following the recommended security best practices for PaymentNet users described here.