Phishing Phorm

  • Profile Image
    Israel Hsu
    Asked on November 28, 2011 at 04:07 AM

    I received an email that redirected me to a form on your site that looks like a phishing attack. The form is at http://www.jotform.com/form/13312153298?

     

    The email is:

    Return-Path: <bsouth@cogeco.ca> Received: from moa.cs.ucla.edu (moa.cs.ucla.edu [131.179.128.29]) by panther.cs.ucla.edu (8.13.8+Sun/8.13.8/UCLACS-6.0) with ESMTP id pAS6QWQn008953 for <_____@panther.cs.ucla.edu>; Sun, 27 Nov 2011 22:26:32 -0800 (PST) Received: by moa.cs.ucla.edu (Postfix) id 84C3C253D6; Sun, 27 Nov 2011 22:26:32 -0800 (PST) Delivered-To: _____@cs.ucla.edu Received: from wmipb02.cogeco.net (wmsmtp2.cogeco.ca [216.221.81.192]) by moa.cs.ucla.edu (Postfix) with ESMTP id 58AB9253D3 for <_____@cs.ucla.edu>; Sun, 27 Nov 2011 22:26:32 -0800 (PST) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ak13ACQp007AqMjO/2dsb2JhbABEgn0BEpwTA4pCAQEWgQaBBYEMAUsBASY0TwQDECCBGoYKghSLR4o4kByFXIkFhzIPdoIrBIdwjFqFYIR3gmYBhh8B X-IronPort-AV: E=Sophos;i="4.69,582,1315195200"; d="scan'208";a="2951193" X-SBRS: None Received: from unknown (HELO cogeco.ca) ([192.168.200.206]) by wmipb02.cogeco.net with SMTP; 28 Nov 2011 01:26:31 -0500 To: (Recipient List Suppressed) Sender: bsouth@cogeco.ca From: helpdesk@ucla.edu Reply-to: helpdesk@ucla.edu Subject: WARNING! X-Mailer: Cogeco Webmail - complaints to abuse@cogeco.ca ( 180.149.96.69 - bsouth@cogeco.ca ) X-Originating-IP: 180.149.96.69 Date: Sun, 27 Nov 2011 18:26:31 -1200 X-Priority: 3 (Normal) Message-id: <4ed32997.376.617f.7154@cogeco.ca> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printableYour Email Has Reach its set quota, copy or paste the link below and fill out the required details toavoid lost of your UCLA account.http://tinyurl.com/UCLA-HelpDeskUniversity of California, Los Angeles Ucla Helpdesk Centre Copyright =a92011
  • Profile Image
    idarktech
    Answered on November 28, 2011 at 04:11 AM

    Hi Israel,

    I have now suspended the account where the form is connected to. Thank you so much for reporting.