I noticed a client was using https://privnotes.com/ (note the plural “s” in there) and not https://privnote.com/. – I am not sure if this is actually a problem but I found a blog post that suggests being wary of imitations:
https://privnotes.com/ has empty links to social media in the footer so that is one clear indication that it’s not the “original” service.
Google is allowing ads for the imitation site but you can see the “natural” listing for the original site below:
What is PrivNote? It is a free website that allows you to send private/secret notes. It requires no password or user registration. Just write your note get a link, copy and paste that link into an email (or IM). When the recipient clicks the link for the first time, they will see the note in their browser and the note will automatically self-destruct; which means no one (even the original sender) can read the note again. The link won’t work anymore.
UPDATE: the PrivnoteS site was confirmed to be fake and has been removed: https://krebsonsecurity.com/2020/06/privnotes-com-is-phishing-bitcoin-from-users-of-private-messaging-service-privnote-com/
But that’s not the half of it. KrebsOnSecurity has learned that the phishing site Privnotes.com uses some kind of automated script that scours messages for bitcoin addresses, and replaces any bitcoin addresses found with its own bitcoin address. The script apparently only modifies messages if the note is opened from a different Internet address than the one that composed the address.
2 Comments
So, why do they do it? To steal private messages? They rarely have any valuable date. It makes no sense
the clones are all there to steal people’s bitcoin, and only for that.