What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    IRS Phishing Site Identified

    Asked by Laura Fried  on September 09, 2014 at 08:57 PM
    Dear Abuse Team,The site is located at: ASN: 54540 IP: 23.29.123.146 Defanged URL: hxxp://form[.]myjotform[.]com/form/42517047725556We are asking for your assistance removing this fraudulent content as quickly as possible and to take the following responses in conjunction with your policies.Secure Your Site ---------------- Your site was likely the victim of a compromise and steps should be taken to secure your server and the content that it is providing. Please see below for some actions that you may want to implement.Help Educate Consumers ---------------------- Please see below for instructions if you would like to assist in helping to educate consumers about online fraud.Help Our Investigation ---------------------- As part of our job, we track and analyze phishing information that over time may lead to the identification and legal action against these phishers. By providing to us any files used in the phish and any relevant logs, you would be assisting us in our efforts. Please email files, logs or any other relevant information to: submits@ofdp.irs.govAdditional information regarding this site appears below.If you have any questions, or require further information, please feel free to call me at 1-202-556-2612.Regards,Laura Fried 202-552-1226 (Fax) Online Fraud Detection and Prevention (OFDP) Internal Revenue Service United States Department of the Treasury--------------------------------------------------------------------------Securing Your Site – Additional Information ------------------------------------------- Your site was likely the victim of a compromise and steps should be taken to secure your server and the content that it is providing.Some actions that you may want to take include: - Inspect relevant logs and audit trails. - Inspect recently created/modified user accounts and files (including hidden files/directories). Phishers generally leave backdoor/shells that enable them access back into the server/site if not removed. - Ensure files/directories have the appropriate privileges/permissions. e.g., web files/directories generally should not be world writable. - Ensure web applications have latest security patches and are securely configured (including changing default login credentials).Ongoing monitoring is also strongly suggested, as most phishing sites return in a few hours to days if the site is not fully secured. For more information see the document from APWG titled: What to Do if Your Website Has Been Hacked by Phishers http://www.apwg.com/reports/APWG_WTD_HackedWebsite.pdf Help Educate Consumers – Additional Information ----------------------------------------------- As part of this action, we request that you redirect all traffic going to this URL to the following website: http://phish-education.apwg.org/r/el/ so that consumers will be educated about phishing if they try to access this page. Information about implementing a redirect to this page can be found here: http://education.apwg.org/r/how_to.html
    Page URL:
    http://form.myjotform.com/form/42517047725556

    site Reports hidden myJotForm phishing phisher
  • Profile Image
    JotForm Support

    Answered by jonathan on September 09, 2014 at 11:18 PM

    Thank you for the information. We were able to trace the form and the account involved.

    We have now suspended the account and forms.

    Thanks.