[PL-2691787] Phishing attack(s) hosted on: form.jotform.com

  • Profile Image
    Matt 
    Asked on November 11, 2021 at 11:40 AM

    During an investigation of fraud, we discovered a compromised website (form.jotform.com) that is being used to attack our client and their customers.


    In addition to the website owner, we have addressed this report to the responsible authoritative providers who have the ability to disable the malicious content in question. Based on your relationship to the content in question, please see our specific request below.


    This threat has been active for at least 47.1 hours.


    http://form.jotform.com/212243074562146


    First detection of malicious activity: 11-09-2021 17:33:25 UTC

    Most recent observation of malicious activity: 11-11-2021 16:39:39 UTC

    Associated IP Addresses:

    35.201.118.58


    ===  HOSTING PROVIDER  ===

    If you agree that this is malicious, we kindly request that you take steps to have the content removed as soon as possible. It is highly likely that the intruder who set up this phishing content has also left additional fraudulent material on this server such as illegitimate access points.


    ===   WEBSITE OWNER   ===

    We recommend taking the following actions to secure the web site and prevent the attackers from returning:

      - Update your web applications including CMS, blog, ecommerce, and other applications (and all add-on modules/components/plugins).

      - Search all of your web directories for suspicious files as attackers commonly leave backdoors.

      - Scan the computer from which you login to your web hosting control panel or ftp server with anti-virus software. 

      - Change your web hosting provider if this is an ongoing issue.


    If your provider has disabled your account because of this incident, you must coordinate a resolution with them directly as PhishLabs has no control over this aspect.


    If we have contacted you in error, or if there is a better way for us to report this incident, please let us know so that we may continue our investigation.


    We are grateful for your assistance.  



    Kind regards,  

    SOC Team

    PhishLabs Security Operations

    12023866001

    Available 24/7



    [PL-2691787] 


  • Profile Image
    Mianala
    Answered on November 11, 2021 at 12:24 PM

    Greetings,

    Thank you for reporting this form.

    We want to assure you that Jotform is not participating in this conduct. We provide a forms generator and unfortunately some parties may use the forms for illegal purposes. When they do that, we suspend their account.


    Our dedicated teams are looking into this now. 

    I’ll get back to you soon.


  • Profile Image
    Mianala
    Answered on November 11, 2021 at 12:51 PM

    Thank you for your patience

    This form is already disabled. Also, the account is permanently suspended.

    Thank you for your cooperation.

    Much appreciated!