Form submitter received spam email with jotform in URL

  • Profile Image
    LisaAR
    Asked on February 22, 2018 at 12:40 PM

    Hi, there--


    I just created a JotForm account the other day and created my first form. I then sent it to a colleague as a test. She completed it (and loved it) but shortly after submitting it received a phishing email. When hovering over the "click here," we could see that the URL had JotForm in it. I've attached a pic. I am trying to convince staff here that using JotForm would help us out, but if we will be opening up our users to negative, risky email...that would be bad. Can you offer me any insight into this? 

    Thanks. 
    ~Lisa

  • Profile Image
    Kevin_G
    Answered on February 22, 2018 at 01:46 PM

    The screenshot you attached did not reach this thread, please upload it following this guide, attached images on email replies to this thread will not reach the forum: https://www.jotform.com/help/438-How-to-Post-Screenshots-to-Our-Support-Forum 

    Also, I have checked the only form with submissions http://www.jotform.us/form/80506916100144 and I can see you have an email auto-responder configured there, please note that the email was sent to the submitter's email as soon as she submitted the form. 

    Here's a guide with more info about such functionality: https://www.jotform.com/help/30-Explanation-of-Email-Notification-and-Autoresponder-Settings 

    And this guide will help you to check your account email history so you can see the emails that have been sent from your account: https://www.jotform.com/help/293-How-to-View-All-Your-Form-Email-History 

    I hope this helps. 

  • Profile Image
    LisaAR
    Answered on February 22, 2018 at 02:19 PM

    Sorry about that--I submitted my question via your website, and it had a way to attach a file, so that is what I did. 

    As for the auto-responder, that was not the issue. That part is fine. What is my concern/problem is that after she submitted--and after her auto-response--she then received another email that was about her email box being full and needing to "click here" to remedy it. When we hovered over the link to see where it would have sent us, "jotform" was within the URL. We never clicked the link, as it was clearly a phishing email, so I can't tell you where it would ultimately have led--but it is of concern to me that we might be opening up risks and dangers to those who receive your forms. 

    (I could only take a photo of this because when I tried to screenshot it, the hover content would no longer show.)

    Hope this makes clearer sense.

    1519326133IMG_20180222_091548.jpg


  • Profile Image
    Richie_P
    Answered on February 22, 2018 at 03:32 PM

    Thank you for your report on the phishing form, my colleague has suspended the user and  disabled the  form.

    Please let us know if we can be of further assistance.

  • Profile Image
    LisaAR
    Answered on February 22, 2018 at 03:39 PM

    Can you please explain exactly what that means? I created the form--that is now disabled? How did it become a phishing form? And who is the user that is suspended? I sent it to one person as a test, and they responded to the form as they were supposed to. I don't understand what went wrong or who is at fault. 

  • Profile Image
    LisaAR
    Answered on February 22, 2018 at 03:48 PM

    Followup question: I see when I look at the form numbers that the phishing one is different from the one I created--so I am assuming that is the form you are meaning as disabled. But how did that connect to my form? As I learn about JotForm, one aspect that I absolutely need if I will be able to recommend using your service is dependable security. 

  • Profile Image
    Kevin_G
    Answered on February 22, 2018 at 04:46 PM

    OK, the phishing form contained on the email you provided is this one http://www.jotform.us/form/80492732962160, this form is not connected to your account and the form's owner account has been suspended already due to the phishing attempt the user tried to perform. 

    Please note that your submitter's email address was not provided from JotForm to anyone, as per our terms, we do not share the information with others so the person that sent that email should have obtained the email from another way.

    We also protect our users from phishers and have a system that automatically disable suspicious forms, we have also a team dedicated to this activity in order to ensure our users. 

    Your account is currently correct as well as your form, as explained above, your account nor your form are connected to the phishing form/account that we already suspended. 

    I hope this helps. 

  • Profile Image
    LisaAR
    Answered on February 26, 2018 at 02:53 PM

    I appreciate your explanation, but I still have some concerns. If the disabled form stems from another JotForm account--how did this happen? How was the (now suspended) user able to access our form and create the phishing email that they did? 

  • Profile Image
    Richie_P
    Answered on February 26, 2018 at 04:21 PM

    May we know the FormID you used?  As what my colleague have said, we do not share any information on the submitted email address or any other sensitive information.

    We are not sure how he had your submitter email address, but as of now, the forms has been disabled and the user suspended.


  • Profile Image
    LisaAR
    Answered on February 27, 2018 at 10:07 AM

    Sorry, but not sure what you mean by "FormID"...please clarify. Thanks.

  • Profile Image
    Richie_P
    Answered on February 27, 2018 at 11:37 AM

    Sorry, what I meant was the Form you sent to your colleague to test and after,she received the email with the link to the phishing form.

    I checked the mail logs and your form, but can't see how the link was given to your colleagues email.

    Rest assured that, the form and the user is already suspended.

  • Profile Image
    LisaAR
    Answered on February 27, 2018 at 01:28 PM

    I'm still lost on what you are trying to see. Bottom line is that I was hoping to propose the use JotForm at my work but not if it opens us up to having our form recipients receive spam. If there is not a clear understanding as to why--and whether or not it will happen again--I can't propose it. So...can you offer me an explanation and reassurance on this?

    Thank you.

  • Profile Image
    Kevin_G
    Answered on February 27, 2018 at 02:13 PM

    This guide will help you getting your form URL: https://www.jotform.com/help/401-Where-to-Find-My-Form-URL 

    However, the form included on the spam email the user received was not related to your account, as explained before, users do not have access to information of other JotForm users so it's not possible that someone else may have obtained that info from your account, your account has not been compromised as far as I can tell. 

    Unfortunately, there is no way for us to know how that spammer may have obtained the email address (basically, the spammer may have obtained the email address even if you would not have created an account on JotForm, spammers/phishers use different methods to get the information), but we do ensure to suspend accounts performing phishing/spam/scam activities in order to keep our users safe. 


  • Profile Image
    LisaAR
    Answered on February 27, 2018 at 02:58 PM

    I know how to get the URL...it's https://form.jotform.com/80506916100144. You asked for the form ID--I didn't know they were the same.

    The fact that I sent a JotForm and then there was another JotForm sent as a phishing email--*whom you suspended*--means to me that this is a JotForm user who found a way to access other JotForm users...and this is not secure. Unless you can offer an assurance of security, I can't recommend to my colleagues that we use this platform. Sorry, but I am frustrated here. I just want to know whether or not JotForm is a safe, secure answer to our form needs. So far, that does not appear to be true.

  • Profile Image
    Richie_P
    Answered on February 27, 2018 at 03:23 PM

    As what my colleague have said, users don't have access to information of other Jotform users.

    It might be the computer used by your client/user was compromised already or his/her email address was already in the spammer/phisher's list. We may never know how the spammer/phisher obtained the email address of your user, but we assure you it was not through the submissions in JotForm.

    That is why we are very vigilant on forms created and we have a system that checks phishing forms to prevent the idea that, Jotform is giving away information.

    You can check our security info at this link https://www.jotform.com/security/