Privnote, a legitimate encrypted online message service, has been the subject of a year-long phishing scam. Privnote allows users to create encrypted messages which will self-destruct automatically upon reading. Cyber-criminals registered a similar domain, Privnotes[.]com, which was used to target Privnote users. The site hosted at Privnotes[.]com was created to be extremely similar to Privnote in every way, including the appearance and operation of the site. It appears that criminals were using the fake website at the typosquatting domain to steal bitcoins from users who were fooled into thinking they were actually using Privnote. The fraudulent site was designed to identify any message which contained a bitcoin address and alter the message to contain the criminal’s bitcoin address instead. The website even contained a failsafe to avoid detection by checking the IP address of both the message sender and receiver to ensure that they did not match. According to members of Privnote’s staff, the main difference between Privnote and Privnotes was that Privnotes does not actually encrypt the messages fully, allowing them to read and modify the messages being sent by their victims. The criminals who operated the fake site even went to the lengths of paying for a Google AdWords advertisement to direct visitors to the fake site when searching for “Privnotes” on Google, with the link to the fake site appearing at the top of the search results.