Email is an integral tool used every day to communicate and interact online, and can be used as a user ID when signing into websites. Hackers can attempt to gain access to your accounts by attacking email providers or employing social engineering techniques and malware to target you. It is important to utilize your email provider’s security features and to take the appropriate steps if you believe your account has been compromised.

Maintain separate accounts for business and personal use, and don’t use them interchangeably

• Create passwords of at least 10 characters, using a mix of upper- and lower-case letters, numbers and special characters. Change your passwords three or four times a year

• Be alert to social engineering attempts — cyber criminals may use emails that contact links, malware or viruses to gain confidential information CYBER SAFETY

• Safeguard your information — use an email encryption tool when transmitting sensitive information • Create “disposable” email addresses for websites that require an email as a user ID

• When accessing email accounts, ensure software on devices are up-to-date and consider using a Virtual Private Network (VPN) when using public Wi-Fi

Strengthen your password A strong password is your front line of defense against unauthorized access to your accounts.

• Navigate to Profile > View Account > Security > Change Password > [Enter your new complex password and confirm it] > Select Change Password Note: Hotmail and Outlook also provide you the ability to automatically be prompted to change your password every 72 days

Two-step verification is one of the strongest cybersecurity measures available and adds an extra layer of protection from cyber criminals. After you’ve enabled two-step verification, you will enter your password and an additional security code upon logging in.

• Navigate to Profile > View Account > Security > More Security Options > More Security Settings > Two-step verification > [Follow activation steps] You will be prompted to set up an authenticator app if you have a smartphone. (With an authenticator app, you can get security codes even if your phone isn’t connected to a cellular network). You can also create app passwords for apps and devices (such as Xbox 360, Windows Phone 8), that do not support two-step verification codes.

In the event that you lose access to your email account, enabling a recovery email address and phone number can help expedite the account recovery process.

• Navigate to Profile > View Account > Security > Update your security info [Ensure the recovery email and recovery phone number are up to date]

If you receive a suspicious or unwanted email, reporting it to {provider} can help ensure you do not receive further suspicious emails to your inbox, and can help customize your account’s spam filters. Hotmail/Outlook allow you to report an email as Junk, Phishing Scam, or inform the provider that a friend’s email has been hacked. Hotmail/Outlook use this to help prevent further unwanted emails from coming in.

• Navigate to the Inbox or Junk folder > Select Junk drop-down > [Select the appropriate reporting option] Applying filters can help you reduce and avoid junk mail, and set up safe and blocked senders. • Navigate to Settings > Options > Mail > Filters and Reporting, Safe Mailing Lists, Safe Senders, and Blocked Senders

You can use your Hotmail/Outlook account to set up alias addresses from which you can send and receive email using the same inbox, contact list and account settings as the primary account. You can sign into your account with any alias, using the same password for all. These aliases can help to also keep your identity protected and mitigate your cyber risk. Sign-in preferences allow you to choose which aliases can sign into your account. To make it more difficult for someone to break into your account, turn off sign-in preferences for any email address, phone number or a Skype name you do not use.

• Navigate to Settings > Options > Accounts > Connected Accounts

In the event that your account becomes compromised by a cyber adversary, you can utilize a recovery code if you lose access to your security info. You need to print out your recovery code and keep it in a safe place in case of such an emergency.

• Navigate to Profile > View Account > Security > More Security Options > Recovery Code

• Change your password on your various online accounts, using a different password for each account • Enable two-factor authentication (two-step verification) wherever possible, including on your email, banking, e-commerce accounts

• Install anti-virus and anti-malware software, with auto-updates

• Ensure your operating system is up-to-date

• Contact your J.P. Morgan representative immediately

Check email forwarding and filter settings After compromising your account, hackers can modify email settings to forward, delete or even send emails on your behalf without your knowledge. Periodically check email forwarding and filter settings to verify that there have not been changes made to your account.

• Navigate to Settings > Options > Mail > [Verify details in each section] — Automatic processing > Automatic replies — Accounts > Connected accounts and Forwarding Additionally, monitor your Contacts for added or deleted contacts, and your Sent and Deleted mail folders for sent or deleted emails.

Regularly review recent activity, including recently connected devices and account changes for suspicious activity. Hotmail/Outlook allow you to review which devices are connected to your account and where they are located. If you do not recognize a device, its access should be removed immediately.

• Navigate to Profile > View Account > Security > See my recent activity

Hackers will often attempt to change your email account password during a compromise. If you find you can no longer sign in to your account, it may need to be recovered. Use your recovery code, which you set up to recover your account.

In the event that you no longer are using an email account, it is important to properly close the account and delete its data so it cannot be accessed in the future. Your account will be permanently deleted and you will not be able to recover any data or settings. Please note: an email account and the data and emails contained therein can not be reactivated.

• Navigate to Profile > View Account > Security > More Security Options > Close Your Account