NEWNow you can listen to Fox News articles!
A new phishing campaign uses a visual trick that’s easy to miss and hard to spot once you know it. Attackers use the rnicrosoft.com domain to impersonate Microsoft and steal login credentials. The trick is simple. Instead of the letter um, cheaters put ur and n next to each other. In most fonts, those letters blur together and almost look like an m at a glance.
Security experts are raising the alarm because this tactic is working. These emails closely copy Microsoft’s marketing, layout and tone, making them feel familiar and trustworthy. That false sense of legitimacy is often all it takes to get you clicking quickly before you realize something is wrong.
Sign up for my FREE CyberGuy report
Get my best tech tips, emergency security alerts, and special deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join CYBERGUY.COM newspaper
VERY PACKED SITES NOW PUSH REFERRALS AND MALWARE
Cybersecurity experts are warning of a new phishing scam that uses the fake domain rnicrosoft.com to impersonate Microsoft and steal login credentials. (Photo by Oliver Berg/photo alliance via Getty Images)
Why your brain falls for rn trick
This attack depends on how people learn. Your brain predicts words instead of scanning each letter. If something looks familiar, you automatically fill in the blanks. On a large desktop monitor, a careful reader can spot the error. On the phone, danger jumps. The address bar often shortens URLs, and the screen leaves little room for close inspection. This is exactly where the attackers are looking. Once trust is established, you are more likely to enter passwords, authorize fake invoices or download malicious email attachments.
Common typing changes to watch for
Attackers rarely rely on a single strategy. They combine several optical illusions to increase their chances.
A combination of characters
rnicrosoft.com
It uses ur and n together to imitate um
Changing numbers
micros0ft.com
Substitutes a 0 for the letter o
Hyphenation
microsoft-support.com
Add official sounding words to make it look official
TLD change
microsoft.co
It uses a different background finish to make it look more realistic
What attackers do after the click
Typosquatting domains like rnicrosoft.com are rarely used for a single purpose. Criminals reuse them in many scams. The following are typical include phishingfake HR notifications and vendor payment requests. In all cases, the attacker gains speed. The faster you act, the less likely you are to spot a mistake.
Why these fake domains continue to work
Most people don’t slow down to read URLs character by character. Common logos and language reinforce trust, especially during a busy work day. Cell phone use makes this worse. Small screens, shortened links and constant notifications create perfect conditions for errors. This is not just a Microsoft problem. Banks, retailers, healthcare sites and government services all face the same risk.
How to stay safe from typosquatting attacks
Typosquatting scams work because they trick you into trusting the familiar. These steps reduce that time and help you spot fake domains before damage is done.
1) Always extend the sender’s full address
Before clicking anything, open the sender’s full address in the email header. Display names and logos are easy to fake, but domains tell the real story. Look closely for changed letters such as rn instead of m, extra hyphens or unusual domain endings. If the address sounds a little off, treat the message as hostile.
NETFLIX SUSPENSION SCAM SHOWS YOUR INBOX
Fraudsters replace the letter “m” with “rn” in web addresses, a subtle trick that can fool users in no time. (Photo by Paul Chinn/The San Francisco Chronicle via Getty Images)
2) Preview links before you click
On desktop, hover your mouse over the links to reveal the actual destination. On the phone, long press the link to preview the URL. These simple breaks often reveal fake domains designed to steal logins. If the link is not the exact site you expect, do not continue.
3) Avoid email links with passwords or security warnings
If the email says your account needs urgent action, don’t use its links. Instead, open a new browser tab and go to the official website manually using the saved bookmark. Legitimate companies don’t require you to do surprising links, and this practice cuts out most of the typing efforts quickly.
4) Use strong antivirus software for extra protection
Strong anti-virus software can block known phishing sites, flag malicious downloads and warn you before entering information on dangerous sites. While it can’t catch all the new tricks of typing, it adds an important safety net when one’s attention span wanes.
The best way to protect yourself from malicious links that contain malware, which may have access to your private information, is to install strong anti-virus software on all your devices. This protection can alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Find my picks for the best antivirus 2025 winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
5) Check the Answer field for hidden red flags
Even if the sender’s address looks correct, check the Reply To field. Many phishing campaigns target external inboxes that have nothing to do with the actual company. A discrepancy here is a strong indication that the message is a scam.
HOLIDAY DELIVERIES AND FAKE TRACKING DOCUMENTS: HOW MANUFACTURERS TRACK YOU
A typo campaign targeting Microsoft users highlights how seemingly small changes in URLs can lead to major security risks. (Photo by THOMAS SAMSON / AFP) (Photo by THOMAS SAMSON/AFP via Getty Images)
6) Consider a data removal service to reduce tracking
Typosquatting attacks often start with leaked or deleted contact information. A data removal service can help remove your personal information from data broker sites, reducing the number of scam emails and phishing attempts reaching your inbox.
Although no service can guarantee the complete removal of your data from the Internet, a data removal service is definitely a smart choice. They don’t come cheap, and neither does your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. That’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of fraudsters transferring data from information breaches they may find on the dark web, making it harder for them to identify you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out there on the web by visiting Cyberguy.com
Get a free scan to find out if your personal information is already out there on the web: Cyberguy.com
7) Rely on bookmarks saved on important accounts
For e-mail, banking and job sites, use bookmarks that you create yourself. This eliminates the risk of misspelling addresses or trusted links in messages. It is one of the simplest and most effective defenses against malicious domain attacks.
CLICK HERE TO DOWNLOAD THE FOX NEWS PROGRAM
Kurt’s priority is taking
Typosquatting works because it targets human behavior, not software errors. A single altered character can bypass filters and fool smart people in seconds. Knowing these tricks slows down attackers and gives you back control. Awareness turns a sophisticated scam into an obvious fraud.
If one letter can determine whether you are being hacked, how closely are you really reading the links you trust every day? Let us know by writing to us at Cyberguy.com
Sign up for my FREE CyberGuy report
Get my best tech tips, emergency security alerts, and special deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join CYBERGUY.COM newspaper
Copyright 2025 CyberGuy.com. All rights reserved.
