Online Form Site Builder usage

The phishing community has discovered new way to collect the information from victims. They now are using Online Form Site Builder service to create form and collect victim’s data.

We received a mail targeting ICICI bank user, which contained a html file as an attachment. The subject line of the mail is “Exclusive Privacy Option for Online Banking Proceed Now” and it pretends to be form ICICI bank. Below is the mail

When the attachment opened a form was presented which required all kind of confidential information.

Most of link in form are genuine bank site links. But when user fill in the form and click on the submit button all the information is sent to the following link
https://secure.form2go.com/SubmitForm.php?FormID=78272509823821

https://form2go.com is a Online Form Site Builder service provider where anyone can subscribe, create forms and view the data. The phisher is actually misusing the site, by storing the form received from the customers, and retrieving the forms securely with the small fee of $ 25 per year.

The Quick Heal detects the html file as HTML/Phish.gen and the Antiphishing block the Url.