In a recent discovery in the cyberspace, a network of phishing sites has been unearthed, masquerading as the popular self-destructive message service Privnote. These deceptive sites are cleverly crafted to mimic the appearance and functionality of the authentic Privnote platform. However, they have a sinister twist – any messages containing cryptocurrency wallet addresses are covertly replaced with addresses controlled by scammers.
The original Privnote website, which was established in 2008, utilizes encryption technology to generate messages that can only be viewed once. The allure of PRIVNOTE among cryptocurrency enthusiasts has made it a prime target for cybercriminals aiming to siphon off cryptocurrency payments using cloned phishing sites.
The situation took a more serious turn when one of these phishing sites – Privnote [.] Co – issued threats of legal action against Metamask, alleging wrongful labeling as fraudulent. In response, a Metamask representative released screenshots as evidence of the site’s fraudulent activities.
These fraudulent sites leverage tactics to attract unsuspecting users, manipulating search engine rankings to appear prominently in search results related to Privnote.
Of particular concern is the link between some of these phishing domains and other fraudulent schemes, along with activities like doxing activists through platforms such as Hkleaks [.] ML, exposing personal information of democracy supporters in Hong Kong.
According to investigations, within a few days in March 2024, scammers managed to intercept and siphon off nearly $18,000 in cryptocurrencies through these phishing sites. This underscores the lucrative nature of their illicit operations and underscores the importance of exercising caution when using cryptocurrency services and encrypted communication platforms.