This Is Why You Should Be Super Careful When Using Privnote.com to Send Bitcoin Addresses

News
Sun, 06/14/2020 - 12:03
Alex Dovbnya
A Bitcoin-stealing clone of Privnote.com has been spotted by cybersecurity experts
Cover image via stock.adobe.com
Contents

On June 14, security news outset KrebsOnSecurity alerted its readers about a fake version of Privnote.com, a popular website for sending encrypted self-destructing messages, that is capable of stealing your Bitcoin.

Those behind this phishing scam are able to replace all Bitcoin addresses with their own to trick its users into sending them BTC.

Related
Scammers Targeting XRP Community with Legit-Looking Email Scam. Can You Spot This One?

Fishing for Bitcoin addresses  

Scammers simply use the plural form of the domain ‘privnote,’ making it very challenging to tell the difference at first glance. It’s also common for malicious actors to prey on their potential victims with the help of misspellings, hyphenations, or alternative extensions.

All messages sent with the help of Privnotes.com are not encrypted, which means that they can be easily accessed by the website’s owners. 

In fact, a specific script is utilized for automatically finding all notes containing Bitcoin addresses and modifying them.     

image by krebsonsecurity.com


While Privnotes.com could possibly be used for stealing all kinds of data, cybersecurity analyst Allison Nixon believes that pilfering Bitcoin is the main purpose of the sham: 

At first, I thought that was their whole angle, just to siphon data. But the bitcoin wallet replacement is probably much closer to the main motivation for running the fake site.

Such scams are common

Phishing scams remain one of the most popular ways of swindling money out of cryptocurrency users who are not attentive or tech-savvy enough to notice the ploy.

Recently, entrepreneur Eric Savics lost all of his Bitcoin savings ($113,000) after entering his seed phrase into a malicious KeepKey extension for Google Chrome.

Last year, U.Today also reported about a fake Telos Foundation website with an extra hyphen that was meant to steal EOS.

About the author

Alex Dovbnya (aka AlexMorris) is a cryptocurrency expert, trader and journalist with extensive experience of covering everything related to the burgeoning industry — from price analysis to Blockchain disruption. Alex authored more than 1,000 stories for U.Today, CryptoComes and other fintech media outlets. He’s particularly interested in regulatory trends around the globe that are shaping the future of digital assets, can be contacted at alex.dovbnya@u.today.


This site uses cookies for different purposes. Please set your preferences in Cookie Settings and visit our Cookie policy for more information on how and why cookies are used on this site. Click here for cookie policy

Cookie settings