Came across a very interesting read about all of this.
Fake Lawsuit Threat Exposes Privnote Phishing Sites
April 4, 20247 Comments
A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers.
Keep on reading more at the bottom link!
https://krebsonsecurity.com/2024/04/fake-lawsuit-threat-exposes-privnote-phishing-sites/#:~:text=The%20%20disclosure%20%20revealed%20a%20%20profitable,Privnote%2C%20at%20%20privnote.com.
Topic: The danger of the fake Priv note site (Read 298 times)
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
So because we all use Privnote frequently I wanted to make everyone aware. We need to stop these con artists.
I never used it in my life and I will never use it in future.If someone can't read what is written on website logos and can't make a difference between Privnote and Pirvnote, than he has a much bigger problem.
Using open source SimpleX chat is much better alternative for sharing files or any text, and it can also be used for chatting, and talking with audio or video.
Why is there another thread on this?
STOP using privnote.com or privnotes.com or whatever these scammers are coming up with....
Use PGP or something like zerobin.net or other similar pastebin
Please sign up for https://keybase.io/
STOP using privnote.com or privnotes.com or whatever these scammers are coming up with....
Use PGP or something like zerobin.net or other similar pastebin
Please sign up for https://keybase.io/
Ok...I'll ask the stupid questions.
1) How is zerobin.net better than privnote? Couldn't it be exploited just as easily? (ie. zerobin.com or zerobin.co.net)
2) How do we use keybase.io in place of a privnote in the forums? I have a Keybase account. I thought it was just a private chat app between keybase users. Does it have some functionality similar to privnote?
3) I imagine PGP is the most secure, but is it hard or easy to use? I'm guessing most here do not know how to set it up or use it, including myself. Just the name "PGP Encryption" sounds foreboding and difficult to use. Is it? I suppose I should look for a how to guide, but...I...am...just...lazy. Ok, there it is. I'm lazy! I admit it. And Privnote was easy. Dammit!
another article about Alexander Ermakov
https://home.treasury.gov/news/press-releases/jy2041#:~:text=Ermakov%20is%20a%20Russian%20national,numbers%2C%20and%20sensitive%20medical%20information.
this was written just this year in January.
any chance the two are different people who both happen to be named "Alexander Ermakov"
https://home.treasury.gov/news/press-releases/jy2041#:~:text=Ermakov%20is%20a%20Russian%20national,numbers%2C%20and%20sensitive%20medical%20information.
this was written just this year in January.
any chance the two are different people who both happen to be named "Alexander Ermakov"
Thats our guy, Alexander Ermakov.
If I was a big-wig russian hacker, I would not register my cloned privnote site in my real name.
Whoever owns the site probably thinks very highly of Mr. Ermakov?
Or maybe Alexander truely does not give a fuck and just registered the site in his real name.
Either way, this site is certainly russian.
another article about Alexander Ermakov
https://home.treasury.gov/news/press-releases/jy2041#:~:text=Ermakov%20is%20a%20Russian%20national,numbers%2C%20and%20sensitive%20medical%20information.
this was written just this year in January.
any chance the two are different people who both happen to be named "Alexander Ermakov"
https://home.treasury.gov/news/press-releases/jy2041#:~:text=Ermakov%20is%20a%20Russian%20national,numbers%2C%20and%20sensitive%20medical%20information.
this was written just this year in January.
any chance the two are different people who both happen to be named "Alexander Ermakov"
Should change topic to danger of all priv sites, steer clear of them all unless you're fine with no security or privacy!
Privnote.co IPs:
Privnote.co Whois data:
Registrant: Alexandr Ermakov
Read: https://www.abc.net.au/news/2024-01-23/aleksandr-ermakov-medibank-private-data-breach-cyber-attack/103378142
Eclipse conclusion: Russian hackers.
Quote
privnote.co./104.21.85.105
privnote.co./172.67.204.157
privnote.co./172.67.204.157
Privnote.co Whois data:
Code:
Domain Name: privnote.co
Registry Domain ID: D537AF02ADE244405A9D7652E7F71BECF-GDREG
Registrar WHOIS Server: whois.webnic.cc
Registrar URL: www.webnic.cc
Updated Date: 2023-06-02T19:15:23Z
Creation Date: 2022-02-10T17:00:42Z
Registry Expiry Date: 2025-02-10T17:00:42Z
Registrar: Web Commerce Communications Limited dba WebNic.cc
Registrar IANA ID: 460
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +60.389966788
Domain Status: ok https://icann.org/epp#ok
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Alexandr Ermakov
Registrant Street: REDACTED FOR PRIVACY
Registrant Street: REDACTED FOR PRIVACY
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Balahna
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: RU
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: leah.ns.cloudflare.com
Name Server: aiden.ns.cloudflare.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2024-03-15T23:37:15Z <<<
Registrant: Alexandr Ermakov
Read: https://www.abc.net.au/news/2024-01-23/aleksandr-ermakov-medibank-private-data-breach-cyber-attack/103378142
Eclipse conclusion: Russian hackers.
I will second the recommendation for keybase - though someone there had already created a MMLLC clone before I even signed up on keybase - had my logo and everything if I recall.
and if you are going to use privnote or any site - always check the link - my grandson clicks on at least a dozen "fake" sites a day and that is just in searching for 3d print files and/or games. Sooooo many fake sites out there.
and if you are going to use privnote or any site - always check the link - my grandson clicks on at least a dozen "fake" sites a day and that is just in searching for 3d print files and/or games. Sooooo many fake sites out there.
Why is there another thread on this?
STOP using privnote.com or privnotes.com or whatever these scammers are coming up with....
Use PGP or something like zerobin.net or other similar pastebin
Please sign up for https://keybase.io/
STOP using privnote.com or privnotes.com or whatever these scammers are coming up with....
Use PGP or something like zerobin.net or other similar pastebin
Please sign up for https://keybase.io/
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
From a post I made a year ago....
I went ahead and used this site and gave the following addy.....see from pic below....you can see what I placed and what was give are not the same just as OP mentioned.
Here is the balance of the one they gave https://blockchair.com/bitcoin/address/bc1q50r0529jkml7hlswcfj5av2wgqc3efpc35c3wm
I tried another yesterday and it was zero balance....so I guess sometimes they generate a new address.
Also years ago there was another site impersonating privnote.....here is an article.
https://www.hackread.com/fake-version-note-sharing-site-privnote-com-steale-bitcoin/
Again...I say....I would send the btc addy to the person using two different channels.....
Example....if you want to use privnote that is fine and send thru forum. But I would also use another service totally different and send thru an email...discord or twitter...email...etc etc etc. Then I would compare the addys.
Another way.....if for any high amount...send $10 in BTC...confirm it has arrived then once that is done, send the rest.
I went ahead and used this site and gave the following addy.....see from pic below....you can see what I placed and what was give are not the same just as OP mentioned.
Here is the balance of the one they gave https://blockchair.com/bitcoin/address/bc1q50r0529jkml7hlswcfj5av2wgqc3efpc35c3wm
I tried another yesterday and it was zero balance....so I guess sometimes they generate a new address.
Also years ago there was another site impersonating privnote.....here is an article.
https://www.hackread.com/fake-version-note-sharing-site-privnote-com-steale-bitcoin/
Again...I say....I would send the btc addy to the person using two different channels.....
Example....if you want to use privnote that is fine and send thru forum. But I would also use another service totally different and send thru an email...discord or twitter...email...etc etc etc. Then I would compare the addys.
Another way.....if for any high amount...send $10 in BTC...confirm it has arrived then once that is done, send the rest.
So because we all use Privnote frequently I wanted to make everyone aware. We need to stop these con artists.
So when you search Privnote two sites came up, and the fake one was first.
Privnote.co.com -FAKE
Privnote.com -Real
So I had heard that the first one was fake but i wanted to run a test. I wrote a message stating send 1.263 BTC to an address. I created the note and emailed it to myself. When i opened the note, sure enough the BTC address was changed. Very easily someone could be scammed. Also since the note is destroyed the buyer would be the one losing the BTC and they didnt even write the note.
I noticed a couple things about the fake Privnote site. The link has to be highlighted, dragged and copied where on the real site its a single click. Also the fake site lacks ads and is much more simple than the real site. These guys must be stopped. Can we contact Google and have them taken down. Any thoughts on stopping these pricks?
So when you search Privnote two sites came up, and the fake one was first.
Privnote.co.com -FAKE
Privnote.com -Real
So I had heard that the first one was fake but i wanted to run a test. I wrote a message stating send 1.263 BTC to an address. I created the note and emailed it to myself. When i opened the note, sure enough the BTC address was changed. Very easily someone could be scammed. Also since the note is destroyed the buyer would be the one losing the BTC and they didnt even write the note.
I noticed a couple things about the fake Privnote site. The link has to be highlighted, dragged and copied where on the real site its a single click. Also the fake site lacks ads and is much more simple than the real site. These guys must be stopped. Can we contact Google and have them taken down. Any thoughts on stopping these pricks?
Please take care, everyone. I think there should be good link checkers available to verify links for phishing attempts. It might help.
So because we all use Privnote frequently
Why? I've received them a few times, but never used it to send anything. Is it to avoid having your address in a forum PM?Quote
Any thoughts on stopping these pricks?
Use PGP? It a lot more work, but when done properly, you're absolutely sure nobody can tamper with the message. Or at least sign a Bitcoin message from an address staked on Bitcointalk. And verify those messages before trusting them. 
Well spotted dane, Shower of pricks alright.
This happens so much, begs the question what are google doing? or can they keep up
with the amount of fake ads?
I reported the ad here and I think others should do it too > https://support.google.com/ads/troubleshooter/4578507?sjid=4893102103974055549-EU&visit_id=638460846812663378-2913507470&rd=1
I checked to see if it was still live before reporting and sure enough it was but with
a slightly different address, I ran a test and sure enough when I sent the link to myself
the address was changed!
Here is the google listing above the real site
and here is the received note with the SCAM address, look at the banner on the page
its PIRVNOTA
and confirmation from google that the report has been received
This happens so much, begs the question what are google doing? or can they keep up
with the amount of fake ads?
I reported the ad here and I think others should do it too > https://support.google.com/ads/troubleshooter/4578507?sjid=4893102103974055549-EU&visit_id=638460846812663378-2913507470&rd=1
I checked to see if it was still live before reporting and sure enough it was but with
a slightly different address, I ran a test and sure enough when I sent the link to myself
the address was changed!
Here is the google listing above the real site
and here is the received note with the SCAM address, look at the banner on the page
its PIRVNOTA
and confirmation from google that the report has been received
So because we all use Privnote frequently I wanted to make everyone aware. We need to stop these con artists.
So when you search Privnote two sites came up, and the fake one was first.
Privnote.co.com -FAKE
Privnote.com -Real
So I had heard that the first one was fake but i wanted to run a test. I wrote a message stating send 1.263 BTC to an address. I created the note and emailed it to myself. When i opened the note, sure enough the BTC address was changed. Very easily someone could be scammed. Also since the note is destroyed the buyer would be the one losing the BTC and they didnt even write the note.
I noticed a couple things about the fake Privnote site. The link has to be highlighted, dragged and copied where on the real site its a single click. Also the fake site lacks ads and is much more simple than the real site. These guys must be stopped. Can we contact Google and have them taken down. Any thoughts on stopping these pricks?
So when you search Privnote two sites came up, and the fake one was first.
Privnote.co.com -FAKE
Privnote.com -Real
So I had heard that the first one was fake but i wanted to run a test. I wrote a message stating send 1.263 BTC to an address. I created the note and emailed it to myself. When i opened the note, sure enough the BTC address was changed. Very easily someone could be scammed. Also since the note is destroyed the buyer would be the one losing the BTC and they didnt even write the note.
I noticed a couple things about the fake Privnote site. The link has to be highlighted, dragged and copied where on the real site its a single click. Also the fake site lacks ads and is much more simple than the real site. These guys must be stopped. Can we contact Google and have them taken down. Any thoughts on stopping these pricks?
Jump to: