What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    IRS Phishing Site Identified

    Asked by Laura Fried  on April 30, 2014 at 01:29 PM
    Dear Abuse Team,The site is located at: ASN: 54540 IP: 23.29.123.146 Defanged URL: hxxp://form[.]myjotform[.]com/form/41193230934551We are asking for your assistance removing this fraudulent content as quickly as possible and to take the following responses in conjunction with your policies.Secure Your Site ---------------- Your site was likely the victim of a compromise and steps should be taken to secure your server and the content that it is providing. Please see below for some actions that you may want to implement.Help Educate Consumers ---------------------- Please see below for instructions if you would like to assist in helping to educate consumers about online fraud.Help Our Investigation ---------------------- As part of our job, we track and analyze phishing information that over time may lead to the identification and legal action against these phishers. By providing to us any files used in the phish and any relevant logs, you would be assisting us in our efforts. Please email files, logs or any other relevant information to: submits@ofdp.irs.govAdditional information regarding this site appears below.If you have any questions, or require further information, please feel free to call me at 1-202-556-2612.Regards,Laura Fried 202-552-1226 (Fax) Online Fraud Detection and Prevention (OFDP) Internal Revenue Service United States Department of the Treasury--------------------------------------------------------------------------Securing Your Site – Additional Information ------------------------------------------- Your site was likely the victim of a compromise and steps should be taken to secure your server and the content that it is providing.Some actions that you may want to take include: - Inspect relevant logs and audit trails. - Inspect recently created/modified user accounts and files (including hidden files/directories). Phishers generally leave backdoor/shells that enable them access back into the server/site if not removed. - Ensure files/directories have the appropriate privileges/permissions. e.g., web files/directories generally should not be world writable. - Ensure web applications have latest security patches and are securely configured (including changing default login credentials).Ongoing monitoring is also strongly suggested, as most phishing sites return in a few hours to days if the site is not fully secured. For more information see the document from APWG titled: What to Do if Your Website Has Been Hacked by Phishers http://www.apwg.com/reports/APWG_WTD_HackedWebsite.pdf Help Educate Consumers – Additional Information ----------------------------------------------- As part of this action, we request that you redirect all traffic going to this URL to the following website: http://phish-education.apwg.org/r/el/ so that consumers will be educated about phishing if they try to access this page. Information about implementing a redirect to this page can be found here: http://education.apwg.org/r/how_to.html
    Page URL:
    http://form.myjotform.com/form/41193230934551

    site Reports email hidden myJotForm
  • Profile Image
    JotForm Support

    Answered by TitusN on April 30, 2014 at 03:21 PM

    Hello,

    Our automated security system has already flagged and disabled the form and its account from access or use.

    As for your additional requests to have access to the logs and data in relation to that form - I have escalated the issue to my supervisor for a definitive response.

    Thank you for your patience.