Phishing site copies encrypted messaging service to steal digital currencies

A new phishing site that impersonates an established online messaging service is preying on digital currency users. It is able to read the users’ messages and in cases where a digital currency address is on the message, it changes it to one owned by the scammers.

The site, privnotes.com is a clone of the legitimate online messaging service, privnote.com. The latter allows its users to send encrypted messages over the internet which self-destruct after reading.

Privnotes.com has been in operation for over a year now, cybersecurity journalist Brian Kerbs revealed on his blog. With the URLs being quite similar, a number of users can hardly tell the difference and end up using the scam. On Google search, for instance, the scam comes up as the second search result when you search for ‘privnote.’ Additionally, the scammers have a paid ad that pops up at the top of Google search results.

The genuine site encrypts all the users’ messages in a way that even the site can’t access them. However, the scam doesn’t encrypt the messages and can read and modify them.

The scammers have focused on users who send digital currency addresses via their platform, using an automated script that scours the messages for the addresses.

The blog post stated, “Any messages containing bitcoin addresses will be automatically altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same.”

The script changes the digital currency address just once if it’s repeated multiple times in a message.

The self-destructing nature of the messages sent via the service makes it the perfect crime. Allison Nixon, a cybersecurity researcher at Unit 221B remarked, “And because of the design of the site, the sender won’t be able to view the message because it self-destructs after one open, and the type of people using privnote aren’t the type of people who are going to send that bitcoin wallet any other way for verification purposes. It’s a pretty smart scam.”

Nixon believes that the scammers are also collecting other data in the messages which they can then use to extort the users.