What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    Fraudulent site - please shut down! [NedBank 10484] Domain: myjotform.com

    Asked by RSA Security on March 07, 2012 at 01:30 AM

    <!-- /* Font Definitions */ @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-520092929 1073786111 9 0 415 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman","serif"; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin;} a:link, span.MsoHyperlink {mso-style-noshow:yes; mso-style-priority:99; color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {mso-style-noshow:yes; mso-style-priority:99; color:purple; mso-themecolor:followedhyperlink; text-decoration:underline; text-underline:single;} p {mso-style-noshow:yes; mso-style-priority:99; mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Arial","sans-serif"; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-size:10.0pt; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.WordSection1 {page:WordSection1;} /* List Definitions */ @list l0 {mso-list-id:558857269; mso-list-template-ids:-1316075034;} @list l0:level1 {mso-level-tab-stop:.5in; mso-level-number-position:left; text-indent:-.25in;} @list l0:level2 {mso-level-tab-stop:1.0in; mso-level-number-position:left; text-indent:-.25in;} @list l0:level3 {mso-level-tab-stop:1.5in; mso-level-number-position:left; text-indent:-.25in;} @list l0:level4 {mso-level-tab-stop:2.0in; mso-level-number-position:left; text-indent:-.25in;} @list l0:level5 {mso-level-tab-stop:2.5in; mso-level-number-position:left; text-indent:-.25in;} @list l0:level6 {mso-level-tab-stop:3.0in; mso-level-number-position:left; text-indent:-.25in;} @list l0:level7 {mso-level-tab-stop:3.5in; mso-level-number-position:left; text-indent:-.25in;} @list l0:level8 {mso-level-tab-stop:4.0in; mso-level-number-position:left; text-indent:-.25in;} @list l0:level9 {mso-level-tab-stop:4.5in; mso-level-number-position:left; text-indent:-.25in;} ol {margin-bottom:0in;} ul {margin-bottom:0in;} -->

    Dear Team,

    Please be advised that it is likely that fraudulent content will not be visible when accessing the URL below.

    Once the victim completes filling out and submitting personal details, the URL http://submit.myjotform.com/submit/20657290351552/  is used by the fraudster to

    send the compromised details to a remote server or email address.


    Please find the HTML/Page Source code of the attack attached, in which the fraudster’s use of this URL can be seen.

    Please take the necessary steps in order to disable this fraudulent URL.

    Best Regards,

    RSA Anti-Fraud Command Center
    RSA, The Security Division of EMC
    US Phone: +1-866-408-7525
    Email: afcc@rsa.com
    For more information about RSA's AFCC
    http://www.rsa.com/node.aspx?id=3348

    Dear Team

    It appears that your website myjotform.com has been hacked by a fraudster. It is now hosting a phishing attack against NedBank.
    Please remove the fraudulent folders/files as soon as possible and secure your website as it has been compromised.
    Please note that it is possible that the fraudulent content is embedded in your website's legitimate files.

    http://submit.myjotform.com/submit/20657290351552/

    In addition, please send us any source files of the attack.
    Please let us know if you have any questions or need further assistance. We appreciate your cooperation.

    Best Regards,

    RSA Anti-Fraud Command Center
    RSA, The Security Division of EMC
    US Phone: +1-866-408-7525
    Email: afcc@rsa.com
    For more information about RSA's AFCC
    http://www.rsa.com/node.aspx?id=3348

    Date: 3/7/2012

    Dear Sirs

    PHISHING SCAM

    RSA Inc (""), an anti-fraud and security company, is under contract to assist Nedbank Limited and its related entities ("Nedbank") in preventing or terminating online activity that targets Nedbank’s clients as potential fraud victims. RSA has been made aware that you appear to be providing Internet Services to a site, which is using such site as part of a “phishing scam”*. This activity violates Nedbank's copyright, trademark and/or other intellectual property rights and may violate the criminal laws of the Republic of South Africa, the United States and other nations.

    E-mail messages have been broadly distributed to individuals by a person or entity pretending to be Nedbank. These e-mails use Nedbank's name and identity (including trademarks, copyrighted materials and/or other intellectual property) without authorization. The e-mails request recipients to verify and submit sensitive details related to their Nedbank accounts by way of a reply e-mail to the fraudulent site or a link that leads the recipients to a fraudulent site displaying Nedbank’s copyrighted materials, trademarks and/or other intellectual property. The fraudulent site is located at the following URL address http://submit.myjotform.com/submit/20657290351552/ to which you provide services and which is under your control.

    The fraudulent site not only represents a misuse of Nedbank’s intellectual property; its purpose is to improperly obtain the personal information of Nedbank's customers in order to fraudulently access or debit their bank accounts. The owners of fraudulent sites typically perpetrate identity-theft related activities, such as using customer’s credit cards or bank accounts without authorization. In addition, since the vast majority of all of the e-mails are not being sent to actual Nedbank customers, the actions serve to damage the reputation and image of Nedbank.

    In addition to these necessary steps, Nedbank would like you to set up a redirect to the Anti Phishing Working Group (APWG) Phishing Education Landing Page at http://education.apwg.org/r/en instead of serving a 404 message or other error page when you disable a phish site. The APWG Public Education Initiative (PEI) has created a webpage to educate users about phishing. The page specifically explains that they have just fallen for a phishing communication (email or otherwise) and talks about ways they can avoid being victimized in the future. If you wish to learn more about how to set up the redirect, please read here: http://education.apwg.org/r/how_to.html.

    Please take all necessary steps to immediately shut down the fraudulent site, terminate its availability to the Internet and discontinue the transmission of any e-mails associated with this site.

    We understand that you may not be aware of this improper use of your services and we appreciate your cooperation. We specifically would ask that you also take the following actions:

    PLEASE PROVIDE US WITH A TAR/ZIP FILE OF THE SOURCE CODE FOR THIS SITE, SO THAT WE MAY ANALYZE IT TO HELP PREVENT FURTHER ATTACKS. IF ANY CUSTOMER DATA HAS BEEN CAPTURED THAT IS STORED ON YOUR SYSTEMS OR EQUIPMENT, PLEASE SEND US THAT DATA SO THAT THE CUSTOMERS TO WHOM THAT DATA RELATES CAN BE NOTIFIED AND TAKE STEPS TO PROTECT THEIR CREDIT. PLEASE PROVIDE A COPY OF ANY RECORDS YOU MAINTAIN THAT INDICATE THE NAME, CONTACT INFORMATION, METHOD OF PAYMENT OR SIMILAR INFORMATION THAT MAY BE USEFUL IN HELPING LEARN THE IDENTITY AND LOCATION OF THE CUSTOMER FOR WHOM THE SITE HAS BEEN OPERATED.

    Thank you for your cooperation to prevent and terminate this fraudulent activity, should you have any queries kindly contact and Nedbank using the details below.

    Yours faithfully

    RSA Anti-Fraud Command Center
    Tel: +44 (0)800-032-7751
    Tel: +1-866-408-7525
    Tel: +353-21-4946601
    EU Fax: +353 214 938 300
    EU Fax: +972-9-9728101
    US Fax: +1-212-208-4644
    E-mail: afcc@rsa.com
    For more information about RSA's AFCC http://www.rsa.com/node.aspx?id=3348

    *"Phishing" is an e-mail scam that attempts to trick consumers into revealing personal information, such as their credit or debit account numbers, account information, Identity Numbers, or banking account passwords, through an impostor’s site or in a reply e-mail.



    28

  • Profile Image
    JotForm Support

    Answered by idarktech on March 07, 2012 at 01:36 AM

    Hi,

    Thanks for reporting this to us. This form is now suspended.

  • Profile Image

    Answered by anartwork on March 07, 2012 at 01:37 AM

    I was able to find the account related to that form and it's already suspended. Let us now if you need any help.

  • Profile Image

    Answered by dirk-bern on March 26, 2012 at 11:39 AM
    This email address send fraud mails and pages of banks fake

    FINCROSS FINANCE < fincrossfinance@gmail.com >
    -------------------------------------------------------------------------------------------------------------------------
    ausblenden
    Return-Path: <fincrossfinance@gmail.com>
    Received: from zhhdzmsp-mxin14.bluewin.ch (195.186.227.151) by mbox37.it.bwns.ch (8.5.142)
    id 4F6A6DCC002E1E97 for dirkstelter@bluewin.ch; Mon, 26 Mar 2012 07:02:16 +0000
    X-Bluewin-Spam: Cloudmark
    X-Bluewin-Spam-Analysis: v=2.0 cv=Ta8hfVIU c=1 sm=1 p=Usw35ZdrAAAA:8 a=nDghuxUhq_wA:10
    a=zR9nZqBaR02gfoWikUQA:9 a=wPNLvfGTeEIA:10 a=2thzRvpImpoNm5GYaSsA:9
    a=ouzStLS6Xcy7DPFLTOgA:7 a=tXsnliwV7b4A:10 a=CtHlqftZKFFvy5pJVxOhog==:117
    X-Bluewin-Spam-Score: 100
    X-FXIT-IP: IPv4[209.85.214.54] Epoch[1332745336]
    Received: from [209.85.214.54] ([209.85.214.54:56290] helo=mail-bk0-f54.google.com)
    by zhhdzmsp-mxin14.bluewin.ch (envelope-from <fincrossfinance@gmail.com>)
    (ecelerity 2.2.3.46 r()) with ESMTP
    id AC/6D-00448-774107F4; Mon, 26 Mar 2012 07:02:16 +0000
    Received: by bkcjc3 with SMTP id jc3so5243457bkc.41
    for <dirkstelter@bluewin.ch>; Mon, 26 Mar 2012 00:02:15 -0700 (PDT)
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
    d=gmail.com; s=20120113;
    h=mime-version:in-reply-to:references:date:message-id:subject:from:to
    :content-type;
    bh=71m0WylHzJNLpSgtMhDx6L67rLZcLuZeXRICk3Fitmw=;
    b=TbHbOHPwBJVFTEmhCM5JYLz+eH9XFUb8eSD7B5Zwz+gTAl/cC6SV992HSOM0lZHyoI
    wxNXUtdhTIXIXgSHbYY/oMpvgs8eCKuyot4pJZd6JbkXb0J7QXbaP9aroKs13vSt5AX9
    CjKbOzhxJA9lB9MakPDDZaxcO6rzcksyjVRtsxNOXz6jBxbZxHpnJ2YPccdcfbKLkTNg
    fTNUusCqUDfY2HEvC46BUfe2subCpb0Yw8khkQsLt1Gcqe3OSzQXRU9F2BfzI+usUCFK
    MIMECNRQdh0dhcFRQRCkJrmS9c2KuyJdM3HC0zi0I9mr0YQqnGB9ULdn5pr2hNIrMo0C
    d8nQ==
    MIME-Version: 1.0
    Received: by 10.205.119.130 with SMTP id fu2mr1601028bkc.32.1332745335704;
    Mon, 26 Mar 2012 00:02:15 -0700 (PDT)
    Received: by 10.205.138.139 with HTTP; Mon, 26 Mar 2012 00:02:15 -0700 (PDT)
    In-Reply-To: <22992732.55871332690459905.JavaMail.webmail@bluewin.ch>
    References: <e5cced2f0d94556bf2e1f8adb14ba33f@jotform.com>
    <22992732.55871332690459905.JavaMail.webmail@bluewin.ch>
    Date: 26.03.12 09:02
    Message-ID: <CAPQHih3H6xjks9dDu-8QM=fiW73+gcgJCoCuzqzbL6T9WquzBg@mail.gmail.com>
    Subject: Re: (TEST) I can help
    From: FINCROSS FINANCE <fincrossfinance@gmail.com>
    To: dirkstelter@bluewin.ch
    Content-Type: multipart/alternative; boundary=000e0ce043124f8bba04bc1ff4a9
    --------------------------------------------------------------------------------------------------------------------------

    Hi,
    Please click on the link below to complete this form.
    http://myjotform.com/form/20854919150556

    Thank you!

    -------------------------------------------------------------------

    Return-Path: <noreply@jotmails.com>
    Received: from zhbdzmsp-mxin13.bluewin.ch (195.186.99.151) by mbox37.it.bwns.ch (8.5.142)
    id 4F6A6DCC00330B7E for dirkstelter@bluewin.ch; Mon, 26 Mar 2012 15:01:12 +0000
    X-Bluewin-Spam: Cloudmark
    X-Bluewin-Spam-Analysis: v=2.0 cv=E4h6beFQ c=1 sm=1 p=Usw35ZdrAAAA:8 a=+p01KD0CdVOpbHo1XVYX0g==:17
    a=IkcTkHD0fZMA:10 a=zxCMNJHSbHYgPQJvXTAA:9 a=hkegm7cZ_YIWLhw_usIA:7
    a=QEXdDO2ut3YA:10 a=nIInyQnjPVMA:10 a=43skhrRZdN0A:10
    a=+p01KD0CdVOpbHo1XVYX0g==:117
    X-Bluewin-Spam-Score: 100
    X-FXIT-IP: IPv4[174.34.57.218] Epoch[1332774072]
    Received: from [174.34.57.218] ([174.34.57.218:46489] helo=monk.jotservers.com)
    by zhbdzmsp-mxin13.bluewin.ch (envelope-from <noreply@jotmails.com>)
    (ecelerity 2.2.3.46 r()) with ESMTP
    id FD/74-04055-8B4807F4; Mon, 26 Mar 2012 15:01:12 +0000
    Received: from monk.jotservers.com ([127.0.0.1])
    by monk.jotservers.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id q2QF0waP007236
    for <dirkstelter@bluewin.ch>; Mon, 26 Mar 2012 11:00:58 -0400
    Received: (from jotform@localhost)
    by monk.jotservers.com (8.14.3/8.14.3/Submit) id q2QF0wQV007235;
    Mon, 26 Mar 2012 11:00:58 -0400
    X-Authentication-Warning: monk.jotservers.com: jotform set sender to noreply@jotform.com using -f
    To: dirkstelter@bluewin.ch
    Subject: Kredit-Alarm!!!
    X-PHP-Originating-Script: 1002:PHPMailerLite.php
    Date: 26.03.12 17:00
    From: customercare@bankcoop.ch
    Reply-to: customercare@bankcoop.ch
    Message-ID: <c6f5cc195c7b8c44a7529afe78ab306c@jotform.com>
    X-Priority: 3
    X-Related-UserName: bankcoop
    X-Related-Last-Form-ID: 20854919150556
    X-Related-IP: 196.46.245.30
    MIME-Version: 1.0
    Content-Transfer-Encoding: 8bit
    Content-Type: text/html; charset="utf-8"

     

     

  • Profile Image
    JotForm Support

    Answered by idarktech on March 26, 2012 at 11:42 AM

    Hello,

    That form is now suspended. Thanks for reporting.

  • Profile Image

    Answered by DR vicker on July 06, 2012 at 07:47 AM

    DR vicker I just wanted to say thank you soooo much for the time that you took with me and helping me to get John back. Through all the phone calls and e-mails, you were there for me and helped me to get him back. God has truly blessed you with a very special gift. Never give up and always continue to follow Gods light as you have been and things will continue to look up for you. Just as you told me, God always watches the actions of every person and makes determinations on their future based upon this. Well, I did my part with the extensive negative releasing spell and kept in contact with you, probably more that I should have. I have been blessed and I am grateful that God put you in my path.You are the perfect spell caster i have never met,you can contact him with this email okokospellcaster1971@yahoo.com