Cyber-security investigator Brian Krebs has posted on his blog KrebsOnSecurity, the discovery that Privnote.com imposter site “Privnotes.com” has been replacing Bitcoin addresses within its’ users’ private messages.
Privnote facilitates the sending of private self-destructing messages. A website using the plural of the domain looks nearly identical to the legitimate site and has been operating for nearly a year.
You could be a victim, if you are a user of Privnote.com and may potentially have gone to the imposter site by accident. Even if your messages did not contain Bitcoin addresses, one cannot be certain that your messages were not parsed for other types of information.
For 327 days, the impostor site https://t.co/I2Dnj5GvAe has been stealing traffic/privacy/users from https://t.co/kJk2Wkjqxc, a legit encrypted msg service. Worse: KrebsOnSecurity found https://t.co/I2Dnj5GvAe also will alter bitcoin addresses in messages. https://t.co/FKImFsr1gO pic.twitter.com/KNornIAjBb
— briankrebs (@briankrebs) June 14, 2020
I have to wonder how it could have operated for so long – did Privnote.com pursue legal options or attempt a takedown request with the webhost?
And would it not have been prudent to place a message somewhere on their homepage warning users of the existence of the scam site under the pluralized web address?