In the digital age, privacy and security are paramount, especially when it comes to sending sensitive information. Privnote.com has long been a trusted service for sending private, one-time messages. These messages can include, credentials, private information, and payment instructions (including cryptocurrency addresses). However, users should be aware of a new threat: a phishing and cryptocurrency stealing site known as Pirvnota.com (and Priwnote.com). These malicious sites are designed to look like Privnote but with a dangerous twist—they replace cryptocurrency addresses with the scammer’s own address, potentially leading to significant financial loss.
The Phishing Trap
The phishing sites, Pirvnota.com and Priwnote.com, have cleverly positioned themselves to catch unsuspecting users by appearing in Google’s sponsored search results when people look for Privnote. This means that even if you are trying to access Privnote through a seemingly legitimate search, you could be redirected to the fraudulent Pirvnota or Priwnote site instead. They’ve also done a good job with SEO to ensure organic search results when looking for one-time self-destructing messages.
To add to the deception, the scammers behind Pirvnota and Priwnote (they are the same scam group) have gone to great lengths to create a façade of legitimacy. They have developed pages on social media platforms like Pinterest and Tumblr, and even submitted press releases to well-known news outlets such as AP News. These copycat websites displays a near-identical theme, even copying the font and padlock icon from the real Privnote logo into their own that says “Pirvnota” and “Priwnote” on their respective scam websites. Their domains and minor tweaks reveal the true identity of the site: “Write a new note” is now “create new note” and “Share your comments” is now “Comments”. The coloring and layout of the pages, however, are identical.
In this test, a cryptocurrency address for Bitcoin (BTC) is entered into Privnote (the functionality is identical on Priwnote). The generated message is the same address, as Privnote is a legitimate website. On Pirvnota, the fraudulent copycat, the BTC address has been changed to one belonging to the scammers.
Here’s the phishing taking place in real time:
Recognizing the Fake
Given the sophistication of this phishing attempt, it’s crucial for users to be vigilant. Here are some tips to ensure you are on the correct Privnote site:
- Check the URL: Always double-check the web address before entering any information. The legitimate site is Privnote.com. Look out for the somewhat-subtle misspelling of ‘Pirvnota’.
- Read the Titles: Read the header and footer. These scammers identify themselves as Pirvnota, likely in an effort to avoid blatantly infringing on the intellectual property of Privnote.
General Tips to Avoid Malicious Websites
- Verify Search Results: Be cautious of sponsored search results. Sometimes, these can lead to fraudulent sites. Instead, if you know where you want to go, type the URL directly into your browser.
- Look for HTTPS: Ensure the site is secure. The URL should begin with “https://” which indicates a secure connection. However, remember that this alone does not guarantee the site’s legitimacy (but it can be a red flag if you see the website does not offer a secure connection method).
- Trust Your Instincts: If something feels off about the site’s design or the way it functions, it’s better to err on the side of caution and not proceed. If it’s too good to be true, it probably is.
Stay Safe Online
The emergence of Pirvnota.com and Priwnote.com is a stark reminder of the constant vigilance required to stay safe online. Phishing scams are becoming increasingly sophisticated, but by staying informed and cautious, you can protect yourself from falling victim to these malicious schemes.
Always ensure you are on the correct domain when using services like Privnote, and consider bookmarking the legitimate site to avoid accidentally landing on a phishing site in the future. Stay safe and stay informed!
Who are they?
Pirvnota is hosted, or at least protected, by “DDOS-GUARD CORP.” in the Netherlands. DDOS-GUARD has a contact form at the bottom of their website, should you feel so inclined as to notify them that they’re protecting a phishing website that steals money by changing crypto addresses.
Priwnote routes through Cloudflare, so their server’s location is unknown.
Exposing the Frauds
I sent multiple reports to different social media and blog websites with accounts mentioning Pirvnota or Priwnote that give them false legitimacy, and many of them responded with confirmation that they deleted the offending accounts or removed their posts mentioning the website (this impacts their SEO negatively). It seems Pirvnota and Priwnote are still operational. Someone sent me something using Priwnote, which is scary. Fortunately, it had nothing to do with cryptocurrency, but I told the person to change the credentials they sent me because it was likely being saved by the scammers (though the service, IP address, and username were not included so there was no real danger).
I later sent more reports to the domain registrar and hosting provider, which is still DDOS-GUARD, owned by IQWEB. I sent reports in August to DDOS-GUARD and received no reply from their abuse department, so I wasn’t expecting to hear anything this time around.
There’s even an article written by KrebsOnSecurity about them with the headline “Fake Lawsuit Threat Exposes Privnote Phishing Sites”. It is great to see that multiple people are being vocal about this fraudulent website to shine light on the scam and, hopefully, prevent someone from being a victim.
We’re Doing Something Right
At this stage of the investigation, I noticed that if I try to visit ‘Priwnote.com’, I see something showing I’m having some effect on them:
Unfortunately, this probably means the service provider we looked into earlier, DDOS-GUARD, shared my report and my IP address with them.
Names and Domains to Identify the Scammers
The name on the domains are Andrey Sokol and Alexandr Ermakov, likely fake names, but nice for tracking ownership of other fraudulent websites doing the same thing:
pirvnota.com
privnote.co
privatemessage.net
tornote.io
privatenote.io
Privnote is legitimate and very useful. Pirvnota and Priwnote are MALICIOUS. Be careful.