Email Fraud and 'Phishing'

Phishing attacks seek to gather personal information, such as Social Security numbers and passwords, to access victims' accounts. A phishing attack often appears as an unsolicited, but authentic looking email that may threaten to close your account unless you verify some information. In most cases these fraudulent emails are sent out as spam and appear to come from legitimate businesses or sites that you trust.  The email also conveys a sense of urgency which lures unsuspecting users to respond to the request. Once you click on the link, you may be taken to a phony site or pop up window that will encourage you to enter your personal information. Although the links in the message may look like your financial institution's website address, they point to a fake website that gathers the information you enter. Criminals then use that information to steal a person's identity.

What do Criminals do with your personal information?

Criminals can use your personal information to carry out fraudulent and unauthorized transactions to your account.

John Hancock Email Practices:

We will never send you an email:

  • Requesting personal information, or notifying you of problems with your account(s)

We will send you an email only if:

  • You have signed up for eDelivery of your statements.
  • In response to an email inquiry that you have sent us.  These responses will not contain:
    • Specific Account Information
    • Confirmation of a transaction
    • CC of any other person

Follow these guidelines to protect yourself from email and website scams:

  • Do not open emails from unknown sources, or from an institution you do not do business with, delete it immediately.
  • If you were not expecting the email, and it is from a business institution you utilize, call the financial institution rather than clicking on the link.
  • Look at the senders email address, if it does not tie to the institution purportedly sending the message, delete the email.
  • Hover your cursor over the link in the email. If it shows something different than what it is purporting to be or just does not look right to you, do not click on the link and instead call your financial institution to ask about the email.
  • Look for misspelling within the email or broken English. These are indications that the email is not from your financial institution and is in reality a phishing email.
  • Always use a secure website to send personal or financial information. Ensure that the padlock icon is visible in your browser.
  • When submitting any financial information, look at the address bar and ensure that it starts with https:// rather than http://
  • Log into your online accounts on a regular basis. Report any suspicious transactions to your financial institution immediately.
  • Install anti-virus/anti-spyware software and keep it up to date to detect known malware. Today's Internet Security packages incorporate this type of software with a firewall and website reputation software, which, when installed and activated, can help prevent the download of malware to your PC or prevent you from connecting to a known malicious website.
  • Create a user account on your PC that does not have administrative rights to the PC and use that new account for everything but updating or installing new software. This will help prevent malware from being installed to your PC should you click on a malicious link.
  • Bookmark web addresses on your browser for sites you visit frequently and for future visits, use only that bookmarked address to access the site. For example, type the John Hancock Investments website [] to go to our site and then bookmark the web address on your internet browser.
  • Review your credit report every four to six months for unauthorized activity.
  • If submitting an email message to an institution you have a relationship with, treat the email as if it were a postcard. Don't include any information that you wouldn't be willing to write on a postcard.

If you believe that you are the target of an online e-mail scam relating to a John Hancock account, please forward the suspect email to:

If you are not comfortable forwarding suspicious emails, you may also call us at 800-225-5291 any business day between 8:00 A.M., and 7:00 P.M., ET.  Please write down the title of the email you received, along with the sender’s name or address and the file names of any attachments 

We are not responsible for the content of third party sites hyperlinked from this page, nor do we guarantee the products or services offered on third-party sites.  You should review the privacy statement of a website before you provide personal or confidential information.