A fraudulent site masquerades as an encrypted messenger service to steal Bitcoins

25. Juni 2020 by Keine Kommentare

Cybercriminals have reportedly created a fake version of the website of the legitimate encrypted self-destructive note service, privnote.com. The fake version can be shared with other users to steal Bitcoin.

According to a June 14 report by KrebsOnSecurity, the creators of the encrypted notes service complained about a fake cloned site, privnotes.com, whose scam scheme consists of the following:

„Any message containing Bitcoin addresses will automatically be altered to include a different Etoro address, as long as the Internet addresses of the message’s sender and receiver are not the same.

Peru’s President Not Recommended to Use Bitcoin

Privnote.com said in the report that the phishing site does not apply encryption systems. Instead, cybercriminals can read and/or modify all messages sent by users, in addition to using an automated script that deletes messages for Bitcoin (BTC) addresses, and replaces them with the scammers‘ portfolio address.

A „smart“ scam.
On the fake site, Allison Nixon, head of research for the cyber security firm Unit 221B, said the scam is „pretty smart,“ explaining:

„Due to the design of the site, the sender will not be able to see the message because it self-destructs after opening, and the type of people who use the privnote is not the type of people who will send that bitcoin wallet in any other way for verification purposes“.

Gibraltar’s financial watchdog issues warnings against four crypto currency sites
One of the factors that alerts the company is the fact that, because both URLs are similar, when doing a Google search with the term „privnotes“, the user will see the first shot of a paid Google help, which is the phishing site. The second result is the legitimate website.

Privnote.com representatives wrote to Cointelegraph highlighting the role of Google:

„What is important to know is the use of Google search services by scammers, as this is how they manage to get some audience. Although we notified Google several times, they let the scammer’s site rank even higher than ours because they were paying for ads.

Recent Bitcoin-related scams
In May, Harry Denley, a cryptosecurity researcher, discovered nearly 22 extensions to the Google Chrome web browser built to steal its users‘ crypto currencies. The extensions he found were passed off as crypto-currency companies known as Ledger, KeepKey, MetaMask and Jaxx.

22 Google Chrome extensions discovered for cryptomoney theft
Cointelegraph contacted privnote.com but did not receive a response until the time of publication. This article will be updated in case a response arrives.

Update (18:53 GMT): Added the official Privnote.com release about the phishing incident.