
Ask HN: How to verify a Chase PPP secure message/email? - social_quotient
So I got an email from Chase with an attached html file which loads a &quot;secure message&quot;. The tech seems to be supplied by Voltage which seems legit but it uses the domain jpmchase.com or more specifically https:&#x2F;&#x2F;securemail.jpmchase.com&#x2F; A few issues<p>1- I had to make a new password and confirm my email to then open the secure message - if its from chase why do I need to make a new password? How do I know its them if they don&#x27;t take my existing password? All of the trust challenge is on my side which I get but it seems like they would assert something for me to know I can trust them&#x2F;it?
2- The email footer copyright is 2002-2017, it seems odd that its 3 years out of date?
3- The 2 people on this secure message both have chase emails but one is chase.com and the other is jpmchase.com I tried to google both of them and found that the main guy is on linkedin but cant find a contact number or something to really associate him with Chase as a company other than it being on his resume but I don&#x27;t think those are validated?
4- After logging in to the secure message I notice that its footer is also out of date<p>I then tried to call my local Chase to verify the email, the people, or the legitimacy of the transaction. The branch automated service hung up on me after a few minutes (Austin branch). I then went back to google and found that the guy mentioned above is in Ohio at JP Morgan Chase so I called that number, it&#x27;s disconnected from the google result.<p>You might be wondering why I would even remotely think this is legit? The application ID in the email happens to match the ID I got when I submitted my actual application. So that being somewhat random (I think) is the only way to really think this is not 100% spam&#x2F;scam.<p>So, How should someone with tech chops go about validation anything like this? How do we expect a non-technical person might go about it as well?<p>any thought appreciated.
======
clintonb
I've used Voltage for bank communication. Voltage messages are usually sent
with prior notice (e.g., someone in regular email tells you they are going to
use Voltage).

Chase is a large organization with multiple domains, including both chase.com
and jpmchase.com.

I generally trust Voltage messages because they are typically received after
another persons tells me to expect one, or I request one when transmitting PII
or other secure data.

If you received this message out of the blue, do your due diligence. If your
business is actually relying on Paycheck Protection Program (PPP), and you do
business banking with Chase, you should already know what's going on here and
continue the application.

