It is no surprise that hackers often create clones of popular websites to scam users. Now, investigative security journalist Brian Krebs has revealed that there is a fake version of popular encrypted messages web service Privnote.com was caught redirecting user’s cryptocurrency to scammers.
This reminds us of scam in which fake version of Tor browser was caught stealing Bitcoin from dark web users. In the latest one, however, it has been revealed that unsuspecting users of the original website Privnote.com were lured to an identical version of the original site titled Privnotes (dot) com.
See: Fake govt-issued COVID-19 contact tracing apps spread spyware
The only difference is that instead of offering encrypted, self-destructive messaging service, as the genuine website does, the fake site read and edited all the messages.
Krebs collaborated with security expert Allison Nixon to dig deep into the matter, and identified that the fake website was created to steal cryptocurrency payment requests sent through the original platform.
The website contained a script that looked for messages containing Bitcoin addresses and modified the original address with the scammer’s address. Hence, the funds arrived at the scammer’s address instead of their legitimate destination.
To avoid detection, the first four characters of the modified Bitcoin address were kept similar to the original one. Furthermore, the fake version of Privnote.com modified the Bitcoin address only if the original address was accessed from a different IP than that of the sender.
This means if the internet address of the receiver and sender was the same, the funds could not be transferred to the scammer.