Form from jotform is being used for phishing on our site!

  • Profile Image
    Jason Rote 
    Asked on June 17, 2016 at 03:03 PM

    This is in reference to ticket # 1466013778.

    I am working with Audrey Forbes (aforbes123) regarding a block we issued against the jotforms website.  We had several phishing messages targeting our organization that used jotform as the mechanism to host a phishing form and collect the credentials of users that entered data into the form.  Since the site is hosted SSL, our response mechanism was to block your site by IP address.

    The form that we received are as follows:

    Please let me know the status of this form.  Also, please let me know the best mechanism to notify your company of any phishing sites we encounter after we have unblocked the jotform website.  We want to be able to respond as quickly as possible during a phishing incident, and if we are able to get timely response from your support team when we encounter a malicious phishing form, we will use your standard process for reporting and removal.

    Also, are you able to provide information regarding data that may have been entered into that form that contained logins for the and domains?  These are accounts that may have been compromised using your tool.

    Thank you for your assistance,

    Jason Rote  |  System Integration Architect Lead

    Jaguar Collaborative

    Office: 706-721-9503  |

  • Profile Image
    Answered on June 17, 2016 at 03:57 PM

    Hi Jason,

    We do sincerely apologize about any inconveniences this problem may have caused you as we can relate to the frustrations behind such.

    I checked the form you mentioned above and found it's already suspended.

    We have a common verbal zero tolerance policy for any forms found involved in illegal activities such as phishing, scamming, and anything in between for known sensitive information. This is also stated in our terms of usage.

    So for if for any reason you notice this happening again do not hesitate to inform us about it immediately and we'll gladly check and shut it down straight away if found in violation of such.

    Additionally the quickest ways to contact us are via the following:

    1st - Contact us in our Forum (fastest because we have staff here on hand 24/7 usually)

    2nd - Twitter @jotformsupport (we usually check this every 30 minutes to an hour)

    3rd - Email us at and we'll respond to you as soon as possible.