Clones concept (Credit: My Ocean Production/Shutterstock)
Privnote, a free web service that lets users send encrypted messages that self-destruct once read, has been copied with the reported aim of redirecting users’ to criminals.
In a on cybersecurity blog KrebsonSecurity, journalist Brian Krebs warned users of a phishing scam that lures unsuspecting victims to a near-identical version of the privnote.com website known as privnotes.com.
However, the fake site doesn’t fully encrypt messages, as Krebs discovered in tests, and can “read and/or modify all messages sent by users.”
Just as worrying, it contains a script that hunts out messages containing bitcoin addresses and changes the original address into the bad actor’s own address in the sent message. This would mean any funds sent would arrive at the bitcoin address owned by the criminal, not the one intended by the message sender.
“Any messages containing bitcoin addresses will be automatically altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same,” Krebs said in the post.
“Until recently, I couldn’t quite work out what Privnotes was up to, but today it became crystal clear,” he said.
Krebs explained he’d been notified by the owners of privnote.com that someone had built a clone version of their site and that it was tricking users of the legitimate site.