Fraudulent site - please shut down![Standard Bank 12302] Domain: myjotform.com

  • Profile Image
    RSA afcc
    Asked on June 12, 2012 at 10:07 AM

    Dear Team,

     

    It appears the form service you provide is being used in a phishing attack

     

    Please find the HTML/View-Source of the attack attached, in which the fraudster’s use of your form service can be seen.

     

    Once the victim completes filling out and submitting personal details, your form service is used by the fraudster to send the compromised details to a remote server or email address.

    Form Information details:

     

    <form class=jotform-form id=21625930272551 name=form_21625930272551 accept-charset=utf-8 action=http://submit.myjotform.com/submit/21625930272551/ method=post _prototypeuid="15" sizcache="6" sizset="1" validationset="true" novalidate="true">
    <input type=hidden value=21625930272551 name=formid>
    <input class=form-textbox id=input_1 name=q1_1 _prototypeuid="3">
    <input class=form-textbox id=input_3 name=q3_2 _prototypeuid="5">
    <input class=form-textbox id=input_4 type=password value="" name=q4_3 _prototypeuid="7">
    <input class=form-textbox id=input_5 name=q5_4 _prototypeuid="9">
    <input class=form-textbox id=input_6 name=q6_5 _prototypeuid="11">
    <input id=simple_spc type=hidden value=21625930272551-21625930272551 name=simple_spc>
    </form>

    RSA Anti-Fraud Command Center
    Tel: +44 (0)800-032-7751
    Tel: +1-866-408-7525
    E-mail:afcc@rsa.com



    *“Phishing” generally refers to a variety of web based scams that make use of an illegitimate website which passes itself off as being that of a targeted financial institution together with associated data collection points (including web based email accounts) in order to deceive the account holders of the financial institution into revealing their personal information, including but not limited to their credit or debit account numbers, checking account information, social security numbers, or banking account passwords. Once these account holder credentials are collected they can then be used to commit wire fraud or other similar activities of a criminal nature.



    82

  • Profile Image
    NeilVicente
    Answered on June 12, 2012 at 10:44 AM

    Thank you for your reporting this fraudulent form. JotForm is committed to fighting against illegal internet activities such as this.

    The account responsible for the said form is now suspended.

    If it's of any help (i.e., investigation), below are some details of the culprit:

    Email:    hfhfffjhfh@yahoo.com
    IP:     41.13.1.78

    Again, thank you for bringing this to our attention. We appreciate your vigilance.