On June 14, security news outset KrebsOnSecurity alerted its readers about a fake version of Privnote.com, a popular website for sending encrypted self-destructing messages, that is capable of stealing your Bitcoin.
Those behind this phishing scam are able to replace all Bitcoin addresses with their own to trick its users into sending them BTC.
Fishing for Bitcoin addresses
Scammers simply use the plural form of the domain ‘privnote,’ making it very challenging to tell the difference at first glance. It’s also common for malicious actors to prey on their potential victims with the help of misspellings, hyphenations, or alternative extensions.
All messages sent with the help of Privnotes.com are not encrypted, which means that they can be easily accessed by the website’s owners.
In fact, a specific script is utilized for automatically finding all notes containing Bitcoin addresses and modifying them.
While Privnotes.com could possibly be used for stealing all kinds of data, cybersecurity analyst Allison Nixon believes that pilfering Bitcoin is the main purpose of the sham:
At first, I thought that was their whole angle, just to siphon data. But the bitcoin wallet replacement is probably much closer to the main motivation for running the fake site.
Such scams are common
Phishing scams remain one of the most popular ways of swindling money out of cryptocurrency users who are not attentive or tech-savvy enough to notice the ploy.
Recently, entrepreneur Eric Savics lost all of his Bitcoin savings ($113,000) after entering his seed phrase into a malicious KeepKey extension for Google Chrome.
Last year, U.Today also reported about a fake Telos Foundation website with an extra hyphen that was meant to steal EOS.