One Letter Away: Impersonation, Bitcoin, and Phishing Expeditions
KrebsOnSecurity reports that a phishing website has been impersonating the private messaging service Privnote.com in order to steal Bitcoin. The real Privnote is a free site that allows users to send encrypted messages that are automatically erased after being read. The owner of Privnote contacted Krebs in February telling him that someone had created a copy of their site at the domain “privnotes[.]com.” The spoofed site contained a messaging service, but the messages were sent in plain text and could be read or modified by the site’s operators. And the bogus domain name was just one character off.