Cybercriminals have become more desperate since the COVID-19 pandemic struck. Just recently, they cloned a fake site version of the legitimate encrypted self-destructing notes service, privnote.com, which has been used to rob victims of their Bitcoins.
According to a report released by KrebsOnSecurity, the owners of the encrypted notes service complained about a fake clone site, privnotes.com, whose fraud system consists of the following:
“Any messages containing Bitcoin addresses will be automatically altered to include a different Bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same.”
Cybercriminals used the fake version to read or adjust all messages sent by users, in addition to using an automated program that searches for keywords such as Bitcoin (BTC) addresses and replaced them with scammers’ wallet addresses.
How best to safeguard your BTC: The solution depends on how you protect your private key, which is a 256-bit number that unlocks a BTC wallet. That sensitive data should be protected with care by all means, preferably offline or through a proprietary secured online wallet system.
You need your private keys to have access to your BTCs, so if you allow your BTC wallet to be compromised by having malware on your system, going through unsecured web pages, or responding to phishing scams, cybercriminals can spend your bitcoins, or lose your BTCs.
About the fake site, Allison Nixon, chief research officer at cybersecurity firm Unit 221B, says that the scam is “pretty smart,” explaining:
“Because of the design of the site, the sender won’t be able to view the message because it self-destructs after one open, and the type of people using privnote isn’t the type of people who are going to send that bitcoin wallet any other way for verification purposes.”
One of the factors that alerted the company is the fact that because both URLs are similar when doing a Google search with the term “privnotes,” the user will see the first shot of a Google’s paid aid, which is the phishing site. The second result is the legit website.
Representatives from Privnote.com wrote to Cointelegraph, highlighting Google’s role:
“What’s important to know is the use of the Google Search services by the scammers, as that’s the way they manage to get some audience.
“Although we notified Google multiple times they let the scammer site be the position even above use because they were paying for Ads. People trust Google so most do not have second thoughts by the search results give them something that looks like our service.”