Can you terminate this phishing site: http://form.jotformpro.com/form/30604368709962?

  • Profile Image
    Oscar Racle
    Asked on March 05, 2013 at 08:54 PM

    http://form.jotformpro.com/form/30604368709962

  • Profile Image
    jonathan
    Answered on March 05, 2013 at 10:26 PM

    Hi,

    May I request for more details before I can take action on this form... Can you please provide me a URL of the website where this form might had been used for phishing.

    I just need to verify how it was used.

    Thanks.

  • Profile Image
    Oscar Racle
    Answered on March 06, 2013 at 12:24 AM

    No legitimate organisation will ever ask users to enter plain text passwords into a 3rd part form utility. The form needs to be terminated ASAP.

    The URL was contained exactly in phishing spam:

    "Mail Service will discontinue the use of our current  Email System. You are therefore required to re-validate your mailbox.

    To re-validate your mailbox please click the link below:

    http://form.jotformpro.com/form/30604368709962

  • Profile Image
    Oscar Racle
    Answered on March 06, 2013 at 12:41 AM

    google docs also is infested with password theft forms.

    You could learn 2 things from that:

    1) include an abuse link

    2) include a warning: "NEVER submit passwords"

    Example:

    example

  • Profile Image
    Oscar Racle
    Answered on March 06, 2013 at 12:43 AM

  • Profile Image
    Oscar Racle
    Answered on March 06, 2013 at 12:44 AM

    example

    http://www.putlocker.com/file/9112BE7BDE10DD85

  • Profile Image
    jonathan
    Answered on March 06, 2013 at 12:59 AM

    I understand your point. We actually have contacted already the owner of the form to provide us more details needed. We are waiting for the response and also monitoring this form.

    At the moment, the form owner doesn't have any previous record and audit trails that could put them on the bad side which can result to immediate suspension. We do need them to explain their side also.

    Since it is a verification form, there is a possibility that this is used for internal purposes only.

    For example, on a collaborative intranet website, it is possible for tech support to pass to end users form like this for ticketing system. The password is open text only since the end users might need the tech support to login to the account of the user (to see the problem).

    Nonetheless, we really appreciate your pro-activeness on this. I have marked this form for monitoring already since your initial message.

    Thank you very much.