Fraudulent site - please shut down![Standard Bank 12220]

  • Profile Image
    RSA security
    Asked on February 01, 2012 at 03:04 AM


    Dear Team,

    It appears the form service you provide is being used in a phishing attack.

    Please find the HTML/View-Source of the attack attached, in which the fraudster's use of your form service can be seen.

    Once the victim completes filling out and submitting personal details, your form service is used by the fraudster to send the compromised details to a remote server or email address.

    Form Information details:

    <form id=form74596 name=form14940 accept-charset=utf-8 action= method=post enctype=multipart/form-data sizcache="10" sizset="0" cc="true">

    <form class=jotform-form id=20301941399 accept-charset="utf-8" name="form_20301941399" method="post" action="">

    <input type=hidden value=20301941399 name=formid>

    <input class=form-textbox id=input_1 name=q1_11 _prototypeuid="3">

    <input class=form-textbox id=input_3 type=password value="" name=q3_2 _prototypeuid="5">

    <input class=form-textbox id=input_4 type=password value="" name=q4_3 _prototypeuid="7">

    <input class=form-textbox id=input_5 name=q5_4 _prototypeuid="9">

    <input class=form-textbox id=input_6 name=q6_5 _prototypeuid="11">

    <input class=form-textbox id=input_7 name=q7_6 _prototypeuid="13">

    <input class=form-textbox id=input_8 name=q8_7 _prototypeuid="15">

    <input class=form-textbox id=input_9 name=q9_8 _prototypeuid="17">

    <input class=form-textbox id=input_10 name=q10_9 _prototypeuid="19">

    <input class=form-textbox id=input_11 name=q11_10 _prototypeuid="21">

    Please take the necessary steps in order to disable this fraudulent activity.

    Best Regards,

    RSA Anti-Fraud Command Center

    RSA, The Security Division of EMC

    US Phone: +1-866-408-7525


    For more information about RSA's AFCC

    To whom it may concern,

    RSA, The Security Division of EMC (“RSA”), an information security company, has been appointed to assist Standard Bank in preventing or terminating online activity that targets, or may target Standard Bank’s clients as potential fraud victims.

    RSA has been made aware that your company appears to be providing internet services to a website, which is making unauthorized use of Standard Bank’s trademarks. This site not only violates Standard Bank’s copyright, trademarks and other intellectual property rights, but may also become a host to a phishing attack, or other fraudulent scams directed against Standard Bank and Standard Bank’s clients.

    The fraudulent website not only represents a misappropriation of Standard Bank’s intellectual property; its purpose is to mislead Standard Bank’s clients. Our experience has shown that such sites become a host of phishing* and other fraudulent scams against our customer’s account holders. 

    Please take all necessary steps to immediately shut down the fraudulent website, terminate its availability on the Internet and discontinue the transmission of any e-mails associated with this website.

    We understand that you may not be aware of this improper use of your services and we appreciate your cooperation. We specifically ask that you also take the following actions wherever relevant or possible:

    Please provide us with a tar/zip file of the source code for this website, so that we may analyze it to help prevent further attacks; If any customer data has been captured that is stored on your systems or equipment, please send us that data so that the customers to whom that data relates can be notified and take steps to protect their credit;

    We specifically would ask that you also provide a copy of any records you maintain that indicate the name, contact information, method of payment or similar information that may be useful in helping learn the identity and location of the customer for whom the website has been operated.

    The foregoing is without prejudice to any and all of rights and remedies of any financial institution in connection with this matter, which are hereby expressly reserved.

    RSA is providing this notification to you in the interest of preventing the proliferation of phishing scams and the information contained herein is provided to you on an "AS-IS" basis, without representation or warranty of any kind.

    Thank you for your cooperation to prevent and terminate this fraudulent activity.

    If you need further information, please do not hesitate to contact RSA at the numbers below.



    RSA Anti-Fraud Command Center
    Tel: +44 (0)800-032-7751
    Tel: +1-866-408-7525
    Tel: +353-21-4946601
    EU Fax: +353 214 938 300
    EU Fax: +972-9-9728101
    US Fax: +1-212-208-4644

    *“Phishing” generally refers to a variety of web based scams that make use of an illegitimate website which passes itself off as being that of a targeted financial institution together with associated data collection points (including web based email accounts) in order to deceive the account holders of the financial institution into revealing their personal information, including but not limited to their credit or debit account numbers, checking account information, social security numbers, or banking account passwords. Once these account holder credentials are collected they can then be used to commit wire fraud or other similar activities of a criminal nature.



  • Profile Image
    Answered on February 01, 2012 at 03:35 AM


    Thank you so much for your cooperation. We've now suspended the accounts where this forms are connected to. We hope you'll continue to report forms similar to this.

    Thanks for reporting, have a great day!