Fraudulent site - please shut down![Standard Bank 12293] Domain:

  • Profile Image
    Asked on June 02, 2012 at 01:57 PM

    Dear Team,

    It appears the form service you provide is being used in a phishing attack.
    Please find the HTML/View-Source of the attack attached, in which the fraudster's use of your form service can be seen.

    Once the victim completes filling out and submitting personal details, your form service is used by the fraudster to send the compromised details to a remote server or email address.

    Form Information details:

    <form id=21526826893564 class=jotform-form accept-charset=utf-8 method=post name=form_21526826893564 action= _prototypeuid="15" sizcache="6" sizset="1" validationset="true" novalidate="true">

    <input value=21526826893564 type=hidden name=formid>

    <input id=input_1 class=form-textbox name=q1_1 _prototypeuid="3">

    <input id=input_3 class=form-textbox name=q3_2 _prototypeuid="5">

    <input id=input_4 class=form-textbox value="" type=password name=q4_3 _prototypeuid="7">

    <input id=input_5 class=form-textbox name=q5_4 _prototypeuid="9">

    <input id=input_6 class=form-textbox name=q6_5 _prototypeuid="11">

    <input id=simple_spc value=21526826893564-21526826893564 type=hidden name=simple_spc>


    Please take the necessary steps in order to disable this fraudulent activity.


    Best Regards,

    RSA Anti-Fraud Command Center
    RSA, The Security Division of EMC
    US Phone: +1-866-408-7525
    For more information about RSA's AFCC 


  • Profile Image
    Answered on June 02, 2012 at 04:29 PM

    We have now disabled the account and the form. Thank you so much for reporting.