JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.
We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.
Form from jotform is being used for phishing on our site!Asked by Jason Rote on June 17, 2016 at 03:03 PM
This is in reference to ticket # 1466013778.
I am working with Audrey Forbes (aforbes123) regarding a block we issued against the jotforms website. We had several phishing messages targeting our organization that used jotform as the mechanism to host a phishing form and collect the credentials of users that entered data into the form. Since the site is hosted SSL, our response mechanism was to block your site by IP address.
The form that we received are as follows:
Please let me know the status of this form. Also, please let me know the best mechanism to notify your company of any phishing sites we encounter after we have unblocked the jotform website. We want to be able to respond as quickly as possible during a phishing incident, and if we are able to get timely response from your support team when we encounter a malicious phishing form, we will use your standard process for reporting and removal.
Also, are you able to provide information regarding data that may have been entered into that form that contained logins for the gru.edu and augusta.edu domains? These are accounts that may have been compromised using your tool.
Thank you for your assistance,
Jason Rote | System Integration Architect Lead
Jaguar Collaborative | firstname.lastname@example.org
We do sincerely apologize about any inconveniences this problem may have caused you as we can relate to the frustrations behind such.
I checked the form you mentioned above and found it's already suspended.
We have a common verbal zero tolerance policy for any forms found involved in illegal activities such as phishing, scamming, and anything in between for known sensitive information. This is also stated in our terms of usage.
So for if for any reason you notice this happening again do not hesitate to inform us about it immediately and we'll gladly check and shut it down straight away if found in violation of such.
Additionally the quickest ways to contact us are via the following:
1st - Contact us in our Forum (fastest because we have staff here on hand 24/7 usually)
2nd - Twitter @jotformsupport (we usually check this every 30 minutes to an hour)
3rd - Email us at email@example.com and we'll respond to you as soon as possible.