Fraudulent site - please shut down! [NedBank 10519] Domain: myjotform.com

  • Profile Image
    RSA Security
    Asked on March 08, 2012 at 04:13 AM

    Dear Team,

    It appears the form service you provide is being used in a phishing attack.
    Please find the HTML/View-Source of the attack attached, in which the fraudster's use of your form service can be seen.

    Once the victim completes filling out and submitting personal details, your form service is used by the fraudster to send the compromised details to a remote server or email address.

    Form Information details:

    <form class=jotform-form id=20666485592565 name=form_20666485592565 accept-charset=utf-8 action=http://submit.myjotform.com/submit/20666485592565/ method=post>

    <input type=hidden value=20666485592565 name=formid>

    <input class=form-textbox id=input_1 name=q1_1>

    <input class=form-textbox id=input_3 type=password size=11 value="" name=q3_2>

    <input class=form-textbox id=input_4 type=password value="" name=q4_3>

    <input id=simple_spc type=hidden value=20666485592565-20666485592565 name=simple_spc>

    </form>

     


    Please take the necessary steps in order to disable this fraudulent activity.

     

    Best Regards,

    RSA Anti-Fraud Command Center
    RSA, The Security Division of EMC
    US Phone: +1-866-408-7525
    Email: afcc@rsa.com
    For more information about RSA's AFCC
    http://www.rsa.com/node.aspx?id=3348 



    69

  • Profile Image
    idarktech
    Answered on March 08, 2012 at 04:22 AM

    Hi there,

    Thank you so much for reporting this to us. I have now suspended the account where this form is connected to.

    We hope that you'll continue to report forms similar to this. Thanks.