How J.P Morgan Referral Links Actually Work: The Security Architecture
J.P Morgan's referral programme uses browser first-party cookies and URL tracking parameters to attribute your sign-up to a referral source, not personal data harvesting or account takeover. When you click a verified J.P Morgan referral link, your browser receives a cookie that persists through your account opening, identity verification, and initial deposit — this cookie is the only mechanism linking you to the referral reward. The cookie is set by Mention-Me, J.P Morgan's official referral platform partner, and is stored locally on your device, not transmitted to UseMyCode or any third party outside the J.P Morgan ecosystem. This architecture is industry-standard and is used by hundreds of UK financial services brands including Nutmeg, Interactive Investor, and Vanguard.
The referral link itself is a tracked URL pointing to J.P Morgan's official domain (jpmorgan.com or a Mention-Me subdomain routing to J.P Morgan). When you click the link, your browser makes an HTTPS-encrypted request to J.P Morgan's servers, meaning the connection is secure and cannot be intercepted by third parties. The URL contains a unique referral identifier (a parameter like ?ref=xyz123) that tells J.P Morgan's system which referral source sent you — this identifier is not sensitive personal data and does not expose your identity before you sign up. Once you arrive at J.P Morgan's landing page, you proceed through their standard account opening flow, providing your name, address, and identity documents directly to J.P Morgan (not to UseMyCode or Mention-Me). J.P Morgan then matches your account opening to the referral cookie, confirms you meet eligibility criteria, and applies the 6-month fee waiver automatically.
FCA Regulation and Consumer Protection: What Safeguards Apply to J.P Morgan Referrals
J.P Morgan Personal Investing is authorised and regulated by the UK Financial Conduct Authority (FCA) under FCA Handbook rules, meaning the platform must comply with mandatory capital adequacy, customer asset segregation, and dispute resolution standards that protect your money and personal data. The FCA's regulatory framework applies to the referral programme itself — J.P Morgan must advertise the offer truthfully, apply it as promised, and provide a transparent complaints process if the reward is not credited. If J.P Morgan fails to apply the 6-month fee waiver despite you meeting all eligibility criteria, you have a legal right to file a formal complaint with J.P Morgan (8-week resolution window) and, if unsatisfied, escalate to the Financial Ombudsman Service (FOS) at no cost. The FOS can order J.P Morgan to apply the waiver retroactively and award compensation for financial loss or inconvenience caused by their failure to honour the advertised terms.
Customer funds held in J.P Morgan investment accounts are protected by the Financial Services Compensation Scheme (FSCS) up to £85,000 per person per regulated entity. This protection applies regardless of whether you signed up through a referral link or directly — your money is segregated from J.P Morgan's corporate assets and held in trust, meaning if J.P Morgan were to fail, the FSCS would compensate you for up to £85,000 of your account balance. The FSCS protection does not cover investment performance losses (if your portfolio falls in value due to market movements, that is not covered) but does cover the security of your capital against provider insolvency. Mention-Me, the third-party referral platform, is not a regulated financial services provider and does not hold customer funds — it only manages referral tracking and attribution, so FSCS protection does not apply to Mention-Me itself, but this is irrelevant because Mention-Me never touches your money.
Under UK data protection law (GDPR and the Data Protection Act 2018), J.P Morgan and Mention-Me must process your personal data transparently, securely, and only for stated purposes. Both entities are registered with the Information Commissioner's Office (ICO) and must comply with mandatory data security standards including encryption, access controls, and breach notification requirements. When you click a J.P Morgan referral link, Mention-Me receives a record that you clicked the link and subsequently opened a J.P Morgan account — this data is used solely to credit the referral reward and is not sold to third parties for marketing purposes. You can review J.P Morgan's full privacy policy on their website and can opt out of marketing communications at any time via your account settings or by contacting their support team. If you believe J.P Morgan or Mention-Me has misused your data, you can file a complaint with the ICO at www.ico.org.uk.
Phishing, Fraud, and Fake Referral Links: How to Spot and Avoid Them
Phishing attacks targeting investment platform referral links have increased in the UK over the past 3–5 years, with scammers creating fake landing pages that mimic J.P Morgan's official design to harvest login credentials, identity documents, and bank details. The most common phishing vector is a fake referral link shared via email, social media, or messaging apps that looks legitimate but routes to a counterfeit J.P Morgan page. To protect yourself, always verify the destination URL before entering any personal information. A legitimate J.P Morgan referral link will route to a URL containing "jpmorgan.com" or "mention-me.com" (Mention-Me is J.P Morgan's official referral partner) — if the URL contains any other domain (e.g., "jpmorgan-invest.com" or "jpmorganpersonal.co.uk"), it is a phishing page and you should close the browser immediately without entering any data.
UseMyCode referral links are tested by our editorial team before publication and are monitored monthly to ensure they remain legitimate and functional. When you click the J.P Morgan link on this page, you can verify its destination by right-clicking the link and selecting "Copy Link Address" (or equivalent in your browser), then pasting it into a text editor to inspect the full URL. The link should contain "mention-me.com" or "jpmorgan.com" — if it contains any other domain, report it to UseMyCode immediately via the feedback form on this page. Additionally, you can hover your mouse over the link (without clicking) and your browser will display the destination URL in the bottom-left corner — use this to verify the domain before clicking.
Phishing emails often use urgency ("Claim your reward before it expires!") or authority ("From: J.P Morgan Support") to pressure you into clicking quickly without verifying the link. Legitimate J.P Morgan communications will always include your account number, will not ask you to click a link to "verify" your identity, and will not request passwords or identity documents via email. If you receive an email claiming to be from J.P Morgan offering a referral reward, do not click any links in the email — instead, log into your J.P Morgan account directly via the official J.P Morgan website (type jpmorgan.com into your browser address bar manually, do not click a link) and check your account messages or contact J.P Morgan support directly via their official phone number (found on your account statements or the J.P Morgan website). This verification step takes 2 minutes and prevents you from accidentally entering credentials into a fake page.
Data Privacy and Security: What Information Is Collected and How It Is Protected
When you click a J.P Morgan referral link and sign up for an account, three entities receive your personal data: J.P Morgan (your account provider), Mention-Me (the referral tracking platform), and potentially your bank (if you make a deposit). Each entity has a specific role and specific data protection obligations. J.P Morgan receives your full name, date of birth, UK address, phone number, email address, and identity verification documents (passport or driving licence images) — this data is required by UK Financial Conduct Authority Know Your Customer (KYC) regulations and is used for account management, regulatory reporting, fraud prevention, and communication about your account. J.P Morgan stores this data securely using encryption and access controls and retains it for the duration of your account plus 6 years after account closure (required by UK tax and anti-money-laundering law). J.P Morgan does not sell your personal data to third parties for marketing purposes outside its corporate group (JPMorgan Chase & Co. subsidiaries).
Mention-Me receives a record that you clicked the referral link and subsequently opened a J.P Morgan account — this record includes your email address and account opening date but does not include your full identity documents, bank details, or investment portfolio contents. Mention-Me uses this data solely to verify that you completed the referral action and to credit the referral reward in J.P Morgan's system. Mention-Me is a GDPR-compliant UK company and does not sell referral data to third parties for marketing purposes. Your bank receives your account number and the amount of your deposit when you transfer funds to J.P Morgan — this is standard banking data and is protected by your bank's own security and privacy policies. UseMyCode does not receive any of your personal data when you click the referral link on this page — the link routes directly to J.P Morgan, and UseMyCode has no visibility into your account opening, identity verification, or deposit details.
To review and control how your data is used, log into your J.P Morgan account and navigate to Settings or Privacy Preferences. You can opt out of marketing emails, adjust communication preferences, and review which data J.P Morgan holds about you. You can also request a copy of all personal data J.P Morgan holds (a "Subject Access Request" under GDPR) by contacting their support team — they must provide this within 30 days at no cost. If you believe J.P Morgan has misused your data or breached your privacy, you can file a formal complaint with J.P Morgan's Data Protection Officer (contact details on their website) or escalate to the Information Commissioner's Office (ICO) at www.ico.org.uk.
Verifying That Your J.P Morgan Referral Link Is Legitimate: A Step-by-Step Checklist
Before you click any J.P Morgan referral link, use this checklist to confirm it is legitimate and safe. First, verify the source of the link — if it came from an email, social media message, or unknown website, be cautious. Legitimate referral links are published on official brand websites, trusted financial comparison sites (like UseMyCode), and official referral programme platforms (like Mention-Me). If you are unsure whether a source is trustworthy, navigate to J.P Morgan's official website directly (type jpmorgan.com into your browser) and look for a "Refer a Friend" or "Referral Programme" section — this will link to J.P Morgan's official referral landing page. Second, inspect the link's destination URL by right-clicking the link and selecting "Copy Link Address" (or equivalent). Paste the URL into a text editor and check that it contains "jpmorgan.com" or "mention-me.com" — if it contains any other domain, do not click it. Third, check for HTTPS encryption — the URL should start with "https://" (not "http://"), indicating a secure connection. Fourth, look for security indicators in your browser — most modern browsers display a padlock icon in the address bar when you visit an HTTPS-secured site. If you see a warning message ("This site is not secure" or "Certificate error"), close the browser immediately and do not enter any data.
Fifth, review the landing page design — legitimate J.P Morgan pages display the official J.P Morgan logo, use consistent branding, and clearly state the offer terms (6 months fee-free, minimum £500 deposit, new customers only). If the page looks unprofessional, contains spelling errors, or uses unusual language, it may be a phishing page. Sixth, check for contact information — legitimate J.P Morgan pages include a phone number, email address, or live chat option for customer support. If you cannot find any way to contact J.P Morgan from the page, it is likely fake. Seventh, never enter your password or full identity document details into a page you are not 100% confident is legitimate — if you are unsure, close the page and contact J.P Morgan directly via their official phone number (found on your statements or the J.P Morgan website) to verify the offer before proceeding. Eighth, if you have already entered sensitive information into a page you now believe was phishing, contact J.P Morgan immediately and ask them to flag your account for fraud monitoring — they can place a temporary hold on your account to prevent unauthorised access whilst they investigate.
UseMyCode Security Tip: The safest way to access a J.P Morgan referral offer is to click the link on UseMyCode (which we test monthly), or to navigate to J.P Morgan's official website directly, find their referral programme section, and click the link from there. Never click a referral link from an unsolicited email or social media message, even if it appears to come from a trusted source — scammers can spoof email addresses and create fake social media accounts. If you receive a referral link via email or message, verify it is genuine by contacting J.P Morgan directly using the phone number on your account statements or the J.P Morgan website, not by clicking the link in the message.
What to Do If You Suspect Fraud or Your Referral Link Is Fake
If you clicked a link you now believe was phishing, or if you suspect you have been the victim of referral fraud, take immediate action. First, if you entered your password, change it immediately by logging into your J.P Morgan account via the official website (type jpmorgan.com directly into your browser, do not click any links) and updating your password in Settings. Second, if you provided identity documents (passport or driving licence images), contact J.P Morgan's fraud team immediately by phone (number on your statements or the J.P Morgan website) and report the suspected phishing attempt — ask them to flag your account for fraud monitoring and to review whether any unauthorised access has occurred. Third, if you provided your bank account details, contact your bank and ask them to monitor your account for unauthorised transactions — most banks can place a temporary hold on your account whilst they investigate. Fourth, report the phishing link to UseMyCode via the feedback form on this page, including the URL of the fake page, the date you clicked it, and any details about how you found the link (email, social media, etc.). UseMyCode will investigate within 48 hours and will report the phishing page to J.P Morgan and to the UK's National Fraud Intelligence Bureau (Action Fraud) if necessary.
Fifth, if you believe you have been the victim of identity theft or fraud, report it to Action Fraud (the UK's national fraud reporting service) at www.actionfraud.police.uk or by calling 0300 123 2040. Action Fraud will create a crime reference number and will investigate whether your identity has been used fraudulently. Sixth, consider placing a fraud alert or credit freeze with one of the UK's credit reference agencies (Equifax, Experian, or TransUnion) — this prevents scammers from opening accounts in your name using your stolen identity. You can request a free credit freeze online via each agency's website. Seventh, monitor your credit report regularly (you can access a free credit report annually via www.clearscore.com or www.moneysupermarket.com) to check for unauthorised accounts or credit applications opened in your name. If you spot fraudulent activity, report it to the credit agency and to Action Fraud immediately. Eighth, if you have already opened a J.P Morgan account through a phishing link and have deposited funds, contact J.P Morgan immediately and ask them to investigate whether the account is legitimate and whether your funds are secure — they can review the account opening details and referral attribution to determine whether the account was opened fraudulently.
About This Article
This article was written by the UseMyCode editorial team and last reviewed on 09 June 2026. UseMyCode independently verifies every referral link and discount code before publication. This page may contain affiliate links — see our editorial policy for details.
