Cybercriminals have formed a phishing site that personifies privnote.com, a genuine secret messaging service, to hijack users' bitcoins.
On June 14, the KrebsOnSecurity website announced that the authors of privnote.com, an encrypted note service, complained about the privnotes.com clone site, whose working scheme is to change BTC addresses in messages.
Privnote.com says the phishing platform doesn't use an encryption system. Cybercriminals can view and change all messages sent by users. Besides, there is an automatic script that allows you to replace bitcoin addresses.
Unit 221B Research Director Allison Nixon explained that privnote.com message senders cannot re-view messages because they self-destruct after the first opening. At the same time, users of this service are not used to sending BTC addresses in any other way.
Trending: Finder: Bitcoin could hit $80,000 by 2025
Interestingly, Google’s search for privnotes previously led to a page that ranked this fraudulent site in the first place, while a legitimate site came in second (although privnote.com now comes first again).
The company said that fraudsters manage to attract a specific audience because they pay for advertising on Google, and even appear to be higher than a legitimate site based on search outcomes.
“People trust Google, and so most of them don’t think about the fact that the search outcomes give something alike to our service,” said a company representative.