{"id":226113,"date":"2026-06-04T10:31:00","date_gmt":"2026-06-04T14:31:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/04\/is-your-personal-device-protecting-your-business-accounts\/"},"modified":"2026-06-04T12:25:15","modified_gmt":"2026-06-04T16:25:15","slug":"is-your-personal-device-protecting-your-business-accounts","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/04\/is-your-personal-device-protecting-your-business-accounts\/","title":{"rendered":"Is your personal device protecting your business accounts?"},"content":{"rendered":"

Is your personal device protecting your business accounts?<\/a><\/p>\n

https:\/\/www.jpmorgan.com\/insights\/cybersecurity\/phishing\/is-your-personal-device-protecting-your-business-accounts<\/a><\/p>\n

Publish Date: 2026-06-04 10:31:00<\/a><\/p>\n

Source Domain: www.jpmorgan.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points.
\n A single unsecured connection can give a fraudster everything they need to access your business accounts: login credentials, multi-factor authentication (MFA) approval and an active session. Knowing how to spot an account takeover attack, where a cybercriminal gains access to a protected account and the funds or data it contains, is critical to prevention.
\nThe scenario below shows how a routine payment on public Wi-Fi could open the door to an account takeover attempt. Plus, learn about red flags and practical prevention tips.<\/p>\n

A treasury team member stops at a coffee shop late at night for a quick latte and decides to submit a time-sensitive payment.
\nWithout realizing it, they connect to an \u201cevil twin\u201d Wi-Fi hotspot set up by a bad actor. The network name looks legitimate\u2014\u201cCoffeeShop_Free\u201d\u2014and their phone connects automatically.
\nA polished sign-in page appears with an \u201caccept terms\u201d prompt. The attacker uses it to intercept the connection and display a request to install \u201csecurity certificates\u201d by approving new device management settings. The employee taps through the prompts.
\nJoining an evil-twin hotspot doesn\u2019t automatically give an attacker all your passwords right away.\u00a0In most cases, the attacker only gets passwords if you give them a way to capture them\u2014typically by\u00a0tricking you into logging in on a spoofed page\u00a0(for example, through a look-alike domain).
\nMoments later, the employee visits their bank\u2019s website to make the payment. Because of the settings they just approved, the attacker can redirect them to a convincing look-alike login page. When the employee enters their username and password, the attacker captures the credentials.
\nThe attacker immediately uses those credentials to sign in to the real account and triggers an MFA push notification to the employee\u2019s phone. Eager to finish, the employee approves the prompt, unintentionally approving the attacker\u2019s login.
\nSoon after, the employee notices warning signs: an unexpected VPN icon, certificate warnings, and a stream of account alerts and password reset emails from unfamiliar locations. With access in hand, the attacker attempts to change profile details, add new beneficiaries and initiate payments.<\/p>\n

Recognizing red flags early can help you stop account takeovers before damage is done\u2014whether they start with an \u201cevil twin\u201d hotspot or a deceptive text, email, call or website.
\nUnusual prompts asking for sensitive information
\nIt\u2019s normal to enter your login details on our website or app. But if you\u2019re asked to share your password or any token\/MFA code by email or text message\u2014or on an unexpected webpage\u2014treat it as suspicious.
\nFor example, if a page looks like our site but your password manager doesn\u2019t auto-fill like it normally does and the site asks you to type your credentials, pause and confirm you\u2019re on the correct website before entering anything.
\nUnexpected requests to click links, log in or download files
\nAvoid signing in through links in unknown or unexpected messages. Instead, open our official app or type the web address into your browser. If a webpage asks you to install anything\u2014like \u201csecurity certificates,\u201d a \u201csecurity update\u201d or new device settings\u2014stop and confirm the request is legitimate before you continue.
\nLogin alerts, password resets or activity from new locations
\nUnfamiliar access patterns can indicate unauthorized access and should be escalated quickly.
\nNew device management settings
\nA device management profile is a setting that can control how your phone or computer works. If your device asks you to add a new \u201cdevice management\u201d setting or \u201cprofile\u201d and you didn\u2019t request it, treat it as a warning sign.
\nCheck your device\u2019s\u00a0Settings\u00a0(often under\u00a0Device Management\u00a0or\u00a0Profiles). If you see one you don\u2019t recognize, don\u2019t approve it. Ask for help to review it and remove it.
\nCopycat websites and emails
\nAccount takeover often uses look-alike domains or spoofed emails. They may closely resemble a real webpage or email from the organization a fraudster is impersonating, but are designed to trick users into sharing credentials or trusting a fake destination.<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Is your personal device protecting your business accounts? https:\/\/www.jpmorgan.com\/insights\/cybersecurity\/phishing\/is-your-personal-device-protecting-your-business-accounts Publish Date: 2026-06-04 10:31:00 Source Domain:…<\/p>\n","protected":false},"author":1,"featured_media":226114,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.jpmorgan.com\/content\/dam\/jpmorgan\/images\/cb\/insights\/cybersecurity\/cb-banner-fraud-personal-device-1440x810px-horizontal.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,25],"class_list":["post-226113","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/226113"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=226113"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/226113\/revisions"}],"predecessor-version":[{"id":226116,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/226113\/revisions\/226116"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/226114"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=226113"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=226113"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=226113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}