Encrypted messaging site Privnote cloned to steal Bitcoin

Criminals aim to redirect users’ Bitcoins using a phishing scam

Bitcoin sitting on edge on a table with several other coins in the background

Journalist Brain Krebs recently warned Privnote users about a phishing scam that lures victims to a fake website, privnotes.com.

Rather than fully encrypting messages, the fake site enables others to read and/or modify users’ messages. The cloned site also contains a script that finds messages with Bitcoin addresses and allows the hacker to replace the sender’s address with their own. Any Bitcoin funds sent by the original user would go to the modified address instead.  

“Any messages containing bitcoin addresses will be automatically altered to include a different Bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same,” said Krebs. 

“Until recently, I couldn’t quite work out what Privnotes was up to, but today it became crystal clear.”

The owners of the legitimate website privnote.com notified Krebs someone built the clone website to trick its users. The two websites are similar in name and appearance, and privnotes.com comes second in a Google search of “privnote.” Typing “privnotes” will bring up the fake website first in a Google search.

Since Privnote messages self-destruct after they are sent and read, victims of the scam cannot go back to check the Bitcoin messages when they are altered. According to Allison Nixon, chief research officer at Unit 221B, the script seems to change just the first appearance of the Bitcoin address when it’s repeated in the email.

“The type of people using privnote aren’t the type of people who are going to send that bitcoin wallet any other way for verification purposes,” Nixon said. “It’s a pretty smart scam.”

Bitcoin scams have been increasing in frequency over the last few months. Many are tied to the coronavirus pandemic.

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

IT Pro News in Review: Record profits in tech, hackers turn to new languages for malware, Amazon's Bitcoin plans
Business strategy

IT Pro News in Review: Record profits in tech, hackers turn to new languages for malware, Amazon's Bitcoin plans

30 Jul 2021
Study: Cryptocurrency value spikes encourage more illicit mining
cryptocurrencies

Study: Cryptocurrency value spikes encourage more illicit mining

15 Jul 2021
El Salvador offers its citizens free Bitcoin
cryptocurrencies

El Salvador offers its citizens free Bitcoin

25 Jun 2021
Crypto-mining hackers hit Kubernetes clusters
cryptocurrencies

Crypto-mining hackers hit Kubernetes clusters

10 Jun 2021

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Tesla Megapack goes up in flames at Australian battery site
Hardware

Tesla Megapack goes up in flames at Australian battery site

30 Jul 2021
PwnedPiper flaws threaten infrastructure of 80% of US hospitals
Security

PwnedPiper flaws threaten infrastructure of 80% of US hospitals

2 Aug 2021