Phishing on your network.

  • Profile Image
    Benjamin Kentopp 
    Asked on December 11, 2015 at 06:23 PM

    Our company investigates computer crime incidents on behalf of banks and other companies.

     

    A form receiver page was found to be operating on your network and targeting Yahoo customers. It is used to relay stolen financial information and redirects victims to the legitimate Yahoo site.

     

     

    23.29.118.186 - us-sub2.jotservers.com

     

    http://submit.myjotform.com/submit/51732420443547/

     

     

     

    We kindly request that you disable or remove the form receiver script as soon as possible.

     

    If we have contacted you in error, or there is a better way for us to report this incident, please let us know.

     

    Thank you for your assistance,

     

    Benjamin Kentopp

    PhishLabs Security Operations

    soc@phishlabs.com

    +1.202.386.6001

    http://www.phishlabs.com

     

  • Profile Image
    Charlie
    Answered on December 12, 2015 at 10:02 AM

    Thank you for reporting this to us.

    I see that the form ID 51732420443547 is not anymore accessible. The account has also been suspended. We do not tolerate phishing activities as this is a clear violation of our terms and is illegal. Our management is doing its best to prevent people using our forms for this illegal activities, we have a team dedicated to manually check forms, and we also have an anti-Phishing system that scans thousands of forms regularly.

    We appreciate your effort in reporting this to us, if you find similar forms, please do feel free to contact us again.