How to verify a Chase PPP secure message/email?

So I got an email from Chase with an attached html file which loads a "secure message". The tech seems to be supplied by Voltage which seems legit but it uses the domain jpmchase.com or more specifically https://securemail.jpmchase.com/ A few issues

1- I had to make a new password and confirm my email to then open the secure message - if its from chase why do I need to make a new password? How do I know its them if they don't take my existing password? All of the trust challenge is on my side which I get but it seems like they would assert something for me to know I can trust them/it? 2- The email footer copyright is 2002-2017, it seems odd that its 3 years out of date? 3- The 2 people on this secure message both have chase emails but one is chase.com and the other is jpmchase.com I tried to google both of them and found that the main guy is on linkedin but cant find a contact number or something to really associate him with Chase as a company other than it being on his resume but I don't think those are validated? 4- After logging in to the secure message I notice that its footer is also out of date

I then tried to call my local Chase to verify the email, the people, or the legitimacy of the transaction. The branch automated service hung up on me after a few minutes (Austin branch). I then went back to google and found that the guy mentioned above is in Ohio at JP Morgan Chase so I called that number, it's disconnected from the google result.

You might be wondering why I would even remotely think this is legit? The application ID in the email happens to match the ID I got when I submitted my actual application. So that being somewhat random (I think) is the only way to really think this is not 100% spam/scam.

So, How should someone with tech chops go about validation anything like this? How do we expect a non-technical person might go about it as well?

any thought appreciated.