- IID SIRTAsked on May 10, 2011 at 04:42 PM
A criminal intruder has placed a fake login page (phishing web site) on the jotform.com web site targeting "" customers for the purpose of Credit Card Fraud and Identity Theft. The phishing site is located at:
IP Address: 184.108.40.206
I am a Fraud Analyst with the company called "Internet Identity" located in Tacoma, Washington in the United States. I am contacting you on behalf of "" because you are listed as an administrative contact for this web site. If that information is out of date, please direct this request to the appropriate individuals.
Please have the Network Administrator secure the server to prevent further abuse for criminal purposes. Have the Network Administrator contact us when the files have been removed so that we can update our client and deactivate this incident. The case number should be below. If you have questions, please contact us. Our business operates 24/7/365 and we can be reached by telephone, fax or E-mail
IID -- on behalf of
Actively Securing the Extended Enterprise
Office: +1.253.590.4100 | Fax: +1.425.699.6597
- JotForm SupportabajanAnswered on May 10, 2011 at 04:49 PM
Thank you for drawing this to our attention, IID. The user's account has been suspended and the form disabled. Also, the principals at JotForm will be notified.
- FMPAnswered on February 05, 2013 at 02:16 AM
Name: IID SIRT E-Mail: firstname.lastname@example.org Subject: URGENT: domahidimusic.com has been compromised Message: Dear Website Administrator,
We are contacting you to report that your website domahidimusic.com has been compromised and fraudulent content targeting our client Chase Bank has been placed at:
IP Address: 220.127.116.11
A criminal has placed this fake login page for the purpose of credit card fraud and identity theft. Please remove all files related to this attack and take action to secure your website.
We are an Internet security company located in Tacoma, Washington. If you are unable to resolve this problem yourself, please contact your webhost for assistance.
We also request that you sequester any data related to this compromise which could include phishing kit files, source code, log entries of access to the server for the site, connections to upload or download data to the site, or records of the account being created. If provided to us, we will forward this information on to our client.
We can be reached 24/7 at the contact information below if you have any questions. We greatly appreciate your prompt attention to this issue and request that you advise us regarding what actions you take.
Security Incident Response Team
Sender IP: 18.104.22.168 - Referer: www.foxyform.com
You are receiving this e-mail message because you have registered a contact form at www.foxyform.com
- JotForm SupportEltonCrisAnswered on February 05, 2013 at 05:15 AM
This seems to haven been resolved already. Also, It would be best to addressed the second concern to foxyform support since they have the full control of the reported phishing form.