Fraudulent Site Impersonates Encrypted Messaging Service to Steal Bitcoins

Published at: June 15, 2020

Cybercriminals have reportedly created a fake site version of the legitimate encrypted self-destructing notes service privnote.com. The fake version can be shared with other users to steal Bitcoin.

According to a June 14 report from KrebsOnSecurity, the creators of the encrypted notes service complained about a fake clone site, privnotes.com, whose scam scheme consists of the following:

“Any messages containing Bitcoin addresses will be automatically altered to include a different Bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same.”

Privnote.com said in the report that the phishing site does not apply encryption systems. Instead, the cybercriminals can read and/or modify all messages sent by users, in addition to using an automated script that scours messages for Bitcoin (BTC) addresses, and replaces them with scammers’ wallet address.

A ”smart” scam

On the fake site, Allison Nixon, chief research officer at cybersecurity firm Unit 221B, said the scam is “pretty smart,” explaining: 

“Because of the design of the site, the sender won’t be able to view the message because it self destructs after one open, and the type of people using privnote aren’t the type of people who are going to send that bitcoin wallet any other way for verification purposes.”

One of the factors that alert the company is the fact that because both URLs are similar, when doing a Google search with the term “privnotes,” the user will see the first shot of a Google’s paid aid, which is the phishing site. The second result is the legit website.

Representatives from Privnote.com wrote Cointelegraph highlighting Google’s role:

"What's important to know is the used of the Google Search services by the scammers, as that's the way they manage to get some audience. Although we notified Google multiple times they let the scammer site be position even above use because they were paying for Ads. People trust Google so most do not have second thoughts by the search results give them something that looks like our service."

Recent Bitcoin-related scams

In May, Harry Denley, a crypto-security researcher, discovered almost 22 Google Chrome web browser extensions built to steal their users’ cryptocurrencies. The extensions he found impersonated well-known crypto firms such as Ledger, KeepKey, MetaMask, and Jaxx.

Cointelegraph reached out to privnote.com but received no reply as of press time. This article will be updated should a response come in.

Update (18:53 GMT): Added Privnote.com’s official statement on the phishing incident.

Tags
Related Posts
22 More Crypto-Stealing Google Chrome Extensions Discovered
A security researcher has discovered another 22 Google Chrome web browser extensions built to steal their users' cryptocurrencies. Cybersecurity news outlet Naked Security reported on Friday that Harry Denley, a security researcher specializing in cryptocurrencies, discovered 22 more malicious Google Chrome extensions. The extensions he discovered impersonated well-known crypto firms such as Ledger, KeepKey, MetaMask and Jaxx. Their purpose is to trick users into giving away the credentials needed to access their wallets. Most of the phishing extensions have already been taken down as of press time. Per the report, most were down within 24 hours of Denley reporting them. …
Bitcoin / May 8, 2020
Reddit user warns of a copy & paste exploit that stole his crypto
A Reddit user operating under the name “seraf1990” warned of a copy & paste crypto scam that replaced a wallet address he copied from Coinbase with one belonging to scammers. According to seraf1990, he lost about $350 worth of Bitcoin (BTC) — money that he notes was meant to go towards his rent for next month. The post explains that seraf1990 was attempting to cash out some BTC by sending it from Binance to his account on Coinbase. After copying the exchange’s Bitcoin wallet address, he pasted it into the appropriate field back on Binance and completed the transaction “without …
Bitcoin / Aug. 26, 2020
Game over! Squid Game-inspired crypto scam collapses as price crashes from $2.8K to zero
A cryptocurrency inspired by Netflix's internationally hit TV show "Squid Game" scammed investors in what appears to be a $3.38 million "rug pull" scheme. Dubbed "SQUID," the cryptocurrency plunged to almost a fraction of a cent minutes after crossing over $2,850 at 09:35 UTC, Nov. 1. The deadly drop surfaced following a 75,000% bull run, showcasing a greater demand for SQUID among traders after its debut on Oct. 26. At the core of the retail craze lay the popularity of Squid Game. The scammers promoted SQUID as a play-to-earn cryptocurrency inspired by the South Korean TV fictional show in which …
Markets / Nov. 2, 2021
Indian prime minister Modi's hacked Twitter account attempts BTC scam
The official Twitter account of Indian Prime Minister Narendra Modi got compromised earlier today, which was then used to share misleading information about the mainstream adoption of Bitcoin (BTC) and redistribution of 500 BTC among the Indian citizens. On Dec. 10, Modi said in a virtual event virtual summit hosted by US President Joe Biden that technologies such as cryptocurrencies should be used to empower democracy and not undermine it: “By working together, democracies can meet the aspirations of our citizens and celebrate the democratic spirit of humanity.” While the long-awaited Lok Sabha Winter Session, a parliamentary meetup intended to …
Adoption / Dec. 12, 2021
Crypto’s recovery requires more aggressive solutions to fraud
It’s hardly an exaggeration to say that our industry is facing tough times. We’ve been in the midst of a “crypto winter” for some time now, with the prices of mainstays, including Bitcoin (BTC) and Ether (ETH), tumbling. Likewise, monthly nonfungible token (NFT) trading volumes have fallen more than 90% since their multibillion dollar peak back in January of this year. Of course, these declines have only been exacerbated by the numerous black swan events rocking the crypto world, such as the FTX and Three Arrows Capital meltdowns. Taken together, it shouldn’t be a surprise that crypto is facing a …
Cryptocurrencies / Dec. 30, 2022