Criminal misuse of your website (phishing)

  • Profile Image
    Abuse & Security Operations Swisscom Schweiz AG
    Asked on July 29, 2011 at 07:14 AM

    To Whom It May Concern

    Dear Sir or Madam

    It has come to our attention that the following website for which you are apparently responsible is being used for malicious purposes:

    [URI]
    http://www.jotform.com/form/12081303688 

    The pages associated with this URL abuse the corporate identity of Swisscom or its customers (see below). They are intended for criminal purposes and may cause considerable damage to third parties including, but not limited to, fraudulent financial transactions. For this reason we have reported this website to various international blacklists.

    It is possible that criminals have gained access to this web hosting account by gathering the password from an infected computer or by hacking into the account. As the contact responsible for this site we URGENTLY request that you delete these pages as soon as possible and take the necessary measures to prevent this website from being abused in this fashion again (for example by changing passwords).

    Many thanks for your prompt attention to this matter. Please do not hesitate to get in touch with us under the email address cert@bluewin.ch when the site has been cleaned, and we will remove your site from our blacklist.


    Yours sincerely
    Swisscom Abuse Team


    Abuse & Security Operations
    Swisscom (Schweiz) AG
    Security Swisscom Schweiz
    Binzring 17
    8045 Zürich
    Switzerland

     


    -------- Original-Nachricht --------
    Return-Path: <no-reply@bluewin.ch>
    Received: from mx30.bluewin.ch (195.186.19.41) by mssfzhh.msg.bluewin.ch (The Blue Window 8.5.119.028.5.119.02)        id 4D23E2BF0CBEFEEA for abuse@bluewin.ch; Fri, 29 Jul 2011 03:03:07 +0000
    X-Bluewin-Spam-Analysis: v=2.0 cv=N5Kr5hBB c=1 sm=0 p=UlH_FG7kpocA:10 a=5ixxG1stklBquILUVYCMVw==:17 a=4sv2fi_v4goA:10 a=WHsXhg87phMA:10 a=YTh5Bbd3AAAA:20 a=uEEd5Y7eqSRdozkzcQgA:9 a=BMwWl9K0RdTUUUYq0M4A:7 a=PUjeQqilurYA:10 a=SSmOFEACAAAA:8 a=EerY2bD9_cPAvLaOe70A:9 a=Dc3SpzURvlYgtLb5FoAA:7 a=5ixxG1stklBquILUVYCMVw==:117
    X-Bluewin-Spam-Score: 100
    X-FXIT-IP: IPv4[161.116.101.15] Epoch[1311908586]
    Received: from [161.116.101.15] ([161.116.101.15:10200] helo=caout02.ird.ub.es) by mx30.bluewin.ch (envelope-from <no-reply@bluewin.ch>) (ecelerity 2.2.3.47 r(39798)) with ESMTP id EE/0B-04989-3A2223E4; Fri, 29 Jul 2011 03:03:06 +0000
    Received: from ub.edu ([161.116.101.161]) by out2.ub.edu (Sun Java(tm) System Messaging Server 6.3-7.01 (built May 14 2008; 32bit)) with ESMTPSA id <0LP20011RD1SKN90@out2.ub.edu>; Thu, 28 Jul 2011 23:58:45 +0200 (CEST)
    Received: from 190121135178.ip48.static.mediacommerce.com.co (190121135178.ip48.static.mediacommerce.com.co [190.121.135.178]) by webmail.ub.edu (Horde Framework) with HTTP; Fri, 29 Jul 2011 00:03:00 +0200
    Date: Fri, 29 Jul 2011 00:03:00 +0200
    From: www.bluewin.ch <no-reply@bluewin.ch>
    Subject: Warning!!!
    To: undisclosed-recipients: ;
    Reply-to: massagingcenter001@hotmail.com
    Message-id: <20110729000300.13216uxonh7qbvys@webmail.ub.edu>
    MIME-version: 1.0
    Content-type: multipart/alternative; boundary="Boundary_(ID_gcPjYbdnVR1Pk6KFNDcSJg)"
    User-Agent: Internet Messaging Program (IMP) H3 (4.3.5)

     

    This message is from UPGRADING messaging center to all
    webmail.bluewin.ch email account owners. We are currentlyupgrading
    our data base and e-mail account center. We are deleting allunused
    email account to create space for new accounts. To prevent your
    account from being deactivated you will have to updateit.

    CLICK HERE TO FILL YOUR INFORMATION.

    Warning!!! All webmail.bluewin.ch Account owners that refuse to update
    his or her account within TWO DAYS of receivingthis email will lose
    his or her account permanently. Click Here[1]update.

    COPYRIGHT © 2011 SWISSCOM (SCHWEIZ) AG

    Enllaços:
    ---------
    [1] http://www.jotform.com/form/12081303688

  • Profile Image
    allanftd
    Answered on July 29, 2011 at 07:43 AM

    Greetings Swisscom Abuse Team,

    Thank you for bringing this to our attention. Upon your recommendation and the result of our initial investigation, we have suspended this form. Rest assured that it will no longer be used for fraudulent and illegal activities.

    JotForm does not tolerate phishing, scamming, and other illegal activities. Thus, we have initiated automated and human-initiated preventive measures to combat illegal activites that exploit our service. 

    Please let us know if we can be of further assistance. Thank you for helping JotForm make the internet a safer place for all!

    JOTFORM SUPPORT