Rather than fully encrypting messages, the fake site enables others to read and/or modify users’ messages. The cloned site also contains a script that finds messages with Bitcoin addresses and allows the hacker to replace the sender’s address with their own. Any Bitcoin funds sent by the original user would go to the modified address instead.
“Any messages containing bitcoin addresses will be automatically altered to include a different Bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same,” said Krebs.
“Until recently, I couldn’t quite work out what Privnotes was up to, but today it became crystal clear.”
The owners of the legitimate website privnote.com notified Krebs someone built the clone website to trick its users. The two websites are similar in name and appearance, and privnotes.com comes second in a Google search of “privnote.” Typing “privnotes” will bring up the fake website first in a Google search.
Since Privnote messages self-destruct after they are sent and read, victims of the scam cannot go back to check the Bitcoin messages when they are altered. According to Allison Nixon, chief research officer at Unit 221B, the script seems to change just the first appearance of the Bitcoin address when it’s repeated in the email.
“The type of people using privnote aren’t the type of people who are going to send that bitcoin wallet any other way for verification purposes,” Nixon said. “It’s a pretty smart scam.”
Bitcoin scams have been increasing in frequency over the last few months. Many are tied to the coronavirus pandemic.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
David Gargaro has been providing content writing and copy editing services for more than 20 years. He has worked with companies across numerous industries, including (but not limited to) advertising, publishing, marketing, real estate, finance, insurance, law, automotive, construction, human resources, restoration services, and manufacturing. He has also managed a team of freelancers as the managing editor of a small publishing company.