I got a phishing email from Jotform

  • Profile Image
    Wayne Edgar 
    Asked on July 11, 2021 at 12:47 PM

    Here's the full text version of the email. Attached is a pic of it in GMail. Hopefully you can use it to find out who is using your service to send phishing emails. Thanks.


    Delivered-To: zerovertex@gmail.comReceived: by 2002:a05:7010:7528:b029:c1:8fa8:a640 with SMTP id f40csp904123mde; Sat, 10 Jul 2021 02:54:17 -0700 (PDT)X-Received: by 2002:a0c:e9d0:: with SMTP id q16mr40791934qvo.53.1625910856725; Sat, 10 Jul 2021 02:54:16 -0700 (PDT)X-Google-Smtp-Source: ABdhPJwTn8gQinGscIyprKx4dYA+DhfoibATgmfC9VVnK/vlNY/0XbeTdP7PJtW1w83W9v3AyrMrX-Received: by 2002:a0c:e9d0:: with SMTP id q16mr40791900qvo.53.1625910856150; Sat, 10 Jul 2021 02:54:16 -0700 (PDT)ARC-Seal: i=1; a=rsa-sha256; t=1625910856; cv=none; d=google.com; s=arc-20160816; b=VH7VGiKPbi8ENkpBHtwFqjL0OR/ZCD9mFSV8e5rwk3ibxGo4wYc485djh1WHtRF9hg W9A2J4xvfPg4nhe6NG+wtf3MnvIWoBijggHK3xjCURlVCsPNP+yIw1bO43H1vWOWKz4/ cOdCqyDrp0veSwrJOUGidhjCVk6Xt4yZa6HY9olCL40RnJ8wgG4TOEEmdu9UaquIU6m7 QpIxQD75LPB7ZLaO0lOznW6Kleyj4jg9wr/SBMmQF9YF4SLU+0Qdpf/jjSrTI9U63rwg LN1SiRzKSfgwSBpeqw7yAay5jJJkTn8B/f5iEtb0OBnrxYLw1gH3O6RXR6FcTsOgpMos E7lw==ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:emailprovider:message-id :reply-to:from:date:subject:to:dkim-signature; bh=GnobSNdv7odW2HbEMCfaffVHKrUcNpHPYKH0v5lCJ+k=; b=vvlTc7yEJpnLgEXRYEZDSswzoGzFxypmyok6fgusWytoH0RrGKhImIsLpT3u9z5UfF 1m50rtrFmTaL0GmCLX2msOXzNmACVC0rQeIEvD2WtCy7ZTqwBWmY40zmFltyCU+iSbl6 4mgpAilXuv2NZj2bWeNQbgHyuE2tIYw+oIIp4aETsdSRzuGrrdmgDT/+L0SC+1MObwfv GEnQSGjxo/0SfXMl/93K9YQqbUOJ0u1PzU3Sxq4wxIvioTeL9IvlOdI0sZZTy3Nj4wja rCWVHq6XXd3LR3esSkZZRjDPYMeFFCyvHPbPuv8s4T2Xv9BHWPds/2BkxtAS37uitFwF 2H8g==ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@jotform.com header.s=mail header.b=aWhoYJyw; spf=pass (google.com: domain of returns@jotform.com designates 152.160.247.199 as permitted sender) smtp.mailfrom=returns@jotform.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=jotform.comReturn-Path: <returns@jotform.com>Received: from pool2-204.formresponse.com (pool2-204.formresponse.com. [152.160.247.199]) by mx.google.com with ESMTPS id v30si8136140qtc.332.2021.07.10.02.54.16 for <zerovertex@gmail.com> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 10 Jul 2021 02:54:16 -0700 (PDT)Received-SPF: pass (google.com: domain of returns@jotform.com designates 152.160.247.199 as permitted sender) client-ip=152.160.247.199;Authentication-Results: mx.google.com; dkim=pass header.i=@jotform.com header.s=mail header.b=aWhoYJyw; spf=pass (google.com: domain of returns@jotform.com designates 152.160.247.199 as permitted sender) smtp.mailfrom=returns@jotform.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=jotform.comReceived: from geu-workers-nrh9 (pool2-292.formresponse.com [152.160.247.167]) by pool2-204.formresponse.com (Postfix) with ESMTP id ABB866506B2A for <zerovertex@gmail.com>; Sat, 10 Jul 2021 04:53:16 -0400 (EDT)DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=jotform.com; s=mail; t=1625907196; bh=3yiJi/3fAW/SYqHXktCZQvdMdY7iyHgoRxOyzMdjbNo=; h=To:Subject:Date:From:Reply-To:From; b=aWhoYJywuuUbUP7jhiFcMHJzkp26dmUvL8DHcVvQDfTxOEf9Mo6ol+JKZh1OcI6ZB MFl1aTDDfZja9Ndu/SCJlhN+sZiWQglOb/GZWuJdnQJWmT6Om0V+dz4eW9nVs8b4ga iBLB/Bf6Td8K8k7JGaENfm6nQ8a4CUlyjw4tPv4I=Received: by geu-workers-nrh9 (Postfix, from userid 1100) id 859D7BD7A2; Sat, 10 Jul 2021 04:53:16 -0400 (EDT)To: zerovertex@gmail.comSubject: Votre compte Netflἰχ est suspendu !Date: Sat, 10 Jul 2021 04:53:16 -0400From: Jotform <noreply@jotform.com>Reply-To: noreply@jotform.comMessage-ID: <a11f54b0a94d233a5284099f506a540d@localhost.localdomain>X-Priority: 3X-Related: Jotform User EmailsEmailProvider: trueMIME-Version: 1.0Content-Type: text/html; charset=utf-8Content-Transfer-Encoding: 8bit<!DOCTYPE html><html><head data-formid="211896169928372" data-purpose="save-and-continue-1"> <title>Your data is saved successfully.</title> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <style> /* CLIENT-SPECIFIC STYLES */ body, table, td, a { -webkit-text-size-adjust: 100%; -ms-text-size-adjust: 100%; } /* Prevent WebKit and Windows mobile changing default text sizes */ table, td { mso-table-lspace: 0pt; mso-table-rspace: 0pt; } /* Remove spacing between tables in Outlook 2007 and up */ img { -ms-interpolation-mode: bicubic; } /* Allow smoother rendering of resized image in Internet Explorer */ /* RESET STYLES */ img { border: 0; height: auto; line-height: 100%; outline: none; text-decoration: none; } table { border-collapse: collapse !important; } body { height: 100% !important; margin: 0 !important; padding: 0 !important; width: 100% !important; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto,Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UISymbol"; color: #000000; background: #ffffff; } div, p, a, li, td { -webkit-text-size-adjust: none; -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility; } /* iOS BLUE LINKS */ a[x-apple-data-detectors] { color: inherit !important; text-decoration: none !important; font-size: inherit !important; font-family: inherit !important; font-weight: inherit !important; line-height: inherit !important; } /* ANDROID CENTER FIX */ div[style*="margin: 16px 0;"] { margin: 0 !important; } </style> <!--[if lte mso 11]> <style type="text/css"> .forcedHide { display: none !important; } </style> <![endif]--> <style> /* MOBILE STYLES */ @media screen and (max-width: 525px) { .header td { width: 100%; display: block; padding: 0 0 0 15px !important; } .header img { padding: 15px 0; } .mobile-hidden { display: none !important; } .mobile-padding { padding: 0 5% 0 5% !important; } .cta-button { max-width: unset !important; } .cta-link { max-width: unset !important; } .openLink { height: 54px!important; line-height: 54px!important;font-size: 20px!important; } .inAppLink { margin-top: 16px!important; height: 52px!important;line-height: 52px!important; font-size: 18px!important; } } /* fix align problem for iPhone 6 on gmail app */ @media only screen and (min-device-width: 375px) and (max-device-width:415px) { .email-container { min-width: 375px !important; } } </style></head><body style="margin: 0 !important; padding: 0 !important;"><!-- HIDDEN PREHEADER TEXT - Shown directly after email subject on clients--><div style="display: none; font-size: 1px; color: #fefefe; line-height: 1px;font-family: Helvetica, Arial, sans-serif; max-height: 0px; max-width: 0px;opacity: 0; overflow: hidden;"> Would you like to continue now?</div><table class="email-container" border="0" width="100%" cellspacing="0"cellpadding="0" bgcolor="#edf1f6"><!-- EMAIL HEADER --> <tbody> <!-- EMAIL CONTENT --> <tr> <td class="mobile-nopadding" style="padding: 0 15px 0 15px;"align="center"> <!DOCTYPE html><html><head></head><body><p><img style="display: block; margin-left: auto; margin-right: auto;"src="https://media.discordapp.net/attachments/699943729095639060/859612690779602964/unknown.png"alt="Save and Continue Later" width="507" height="149" /><img style="display:block; margin-left: auto; margin-right: auto;"src="https://media.discordapp.net/attachments/699943729095639060/859613042810814474/unknown.png"alt="Save and Continue Later" width="507" height="166" /></p><table class="cta-button" style="border-radius: 5px; text-align: center;font-size: 18px; font-weight: bold; max-width: 225px; margin-left: auto;margin-right: auto;" border="0" width="100%" cellspacing="0" cellpadding="0"bgcolor="#ff0000"><tbody><tr><td height="55"><a style="color: #ffffff; text-decoration: none; line-height:35px; width: 100%; display: inline-block;" href="https://cutt.ly/1mRaYAl"target="_blank" rel="noopener noreferrer">&nbsp; &nbsp;AJOUTER UN MODE DEPAIEMENT&nbsp; &nbsp;</a></td></tr></tbody></table></body></html> </td> </tr> <!-- EMAIL FOOTER --> <tr> <td class="mobile-padding" style="padding: 0 15px 0 15px;"align="center"><!-- [if (gte mso 9)|(IE)]> <table align="center" border="0" cellspacing="0" cellpadding="0"width="825"> <tr> <td align="center" valign="top" width="825"> <![endif]--> <table style="max-width: 825px; line-height: 18px; margin: 0; font-size:12px; color: #898989; text-align: center;" border="0" width="100%"cellspacing="0" cellpadding="0"> <tbody> <tr> <td height="25">&nbsp;</td> </tr> <tr style="{{footerStyle}}"> <td> Isn't that you? <a href="https://jotform.com" style="color: #f88924;text-decoration: none;" target="_blank">Unsubscribe from all save and continuelater emails.</a> </td> </tr> <tr style="{{footerStyle}}"> <td> <a style="color: #f88924; text-decoration: none;"href="https://www.jotform.com/" target="_blank" rel="noopenernoreferrer">Jotform Inc.</a> 111 Pine St. Suite 1815, San Francisco, CA 94111<img id="trackCode_eee" style="overflow: hidden; max-height: 0; width: 1px;height: 1px; display: none;"src="https://events.jotform.com/email/0001112222/?ref=save-and-continue-1" /> </td> </tr> <tr> <td height="15">&nbsp;</td> </tr> </tbody> </table> <!-- [if (gte mso 9)|(IE)]> </td> </tr> <![endif]--> </td> </tr> </tbody></table></body></html>


    Screenshot
  • Profile Image
    VincentJay
    Answered on July 11, 2021 at 02:39 PM

    Hello,

    Thank you for reporting this to us.

    We suspended the account and disabled the form.

    Please contact us again if you need further help.