Attackers are using "rnicrosoft.com" typosquatting to impersonate Microsoft and steal credentials. Learn how this subtle visual trick bypasses user awareness.

A sophisticated phishing campaign is currently leveraging a subtle typographical trick to bypass user vigilance, deceiving victims into handing over sensitive login credentials. Attackers utilize the domain “rnicrosoft.com” to impersonate the tech giant.

By replacing the letter ‘m’ with the combination of ‘r’ and ‘n’, fraudsters create a visual doppleganger that is nearly indistinguishable from the legitimate domain at a casual glance.

This technique, known as typosquatting, relies heavily on the font rendering used in modern email clients and web browsers.

  • hemko@lemmy.dbzer0.com
    48·
    20 hours ago

    I’m kinda surprised Microsoft hasn’t bought that domain long time ago… That trick is like decades old

    • tankplanker@lemmy.world
      8·
      11 hours ago

      You would think it would be an easy up-sell by the domain registrars to offer sound and look a like domains when you registering and renewing your domain

    • Railcar8095@lemmy.world
      32·
      18 hours ago

      On the one hand, it can help mitigate phishing attacks that could cost millions. On the other hand, rnicrosoft would have to spend 20 pounds in something not AI related.

      Surely you can see why it’s not an easy solution.

      Devils advocate: it’s not their responsibly to prevent third parties impersonating them. But it would be pretty damm nice if they did.

    • 𝚝𝚛𝚔@aussie.zone
      6·
      16 hours ago

      Honestly not a bad idea for things like filenames and URLs.

      I’ll go variable width fonts, with it without serifs, for a wall of text… But for something short and critical I want to trust what I’m seeing.

      Also bring back the line through 0s so you know it’s a number.

      • ulterno@programming.dev
        2·
        11 hours ago

        l also replaced 'I’s with 'l’s and vice-versa in some of my previous comments and haven’t yet seen anyone react to them.

        Hopefully someone finds out the ones I did today.

        • SayCyberOnceMore@feddit.uk
          1·
          5 hours ago

          Well, here’s 1, l spotted:

          l also replaced 'I's with 'l's and vice-versa in some of my previous comments and haven't yet seen anyone react to them. Hopefully someone finds out the ones I did today.

          l did something simiIar in my original repIy, but it Iooked too weird, so gave up.

          (0r did l?)

  • kn33@lemmy.world
    42·
    21 hours ago

    It feels like there’s a lot wrong going on here but my sleeping pill is starting to kick in so if anyone wants me to explain my thoughts ask in the morning

  • imetators@lemmy.dbzer0.com
    29·
    20 hours ago

    I get a weird feeling about this. Like, you know… That is so stupid that I cant wrap my mind around it to understand how would it work. But then, I also understand that people are dumb and pay no attention to anything, mindlessly clicking “Accept all” on cookies and notification requests from shady websites.

    • BakerBagel@midwest.social
      41·
      12 hours ago

      You were up late last night because your kid was sick, but you still had to be up at 5:30 to take your other kid to day care before driving an hour to work. You get to the office and it looks like your computer had an update last night and so you need to verify your login credentials. You’ve been on about 4 hours of sleep a night for the past week and just want to get on with your day.

      People are overworked and exhausted, so stuff like that is bound to work on someone

    • scintilla@crust.piefed.socialEnglish
      51·
      15 hours ago

      Fuck off with this shit. Get off your damn high horse and look at the fucking images. If you aren’t aware people with vision problems exist I suggest you go talk to people IRL more. This is leaving aside the elderly who can have vision problems on top of likely being less tech aware than most younger people simply because it wasn’t a thing when they were younger so it was never part of their life in the same way that it is for most under 50.

    • MalMen@monero.town
      3·
      17 hours ago

      Even if you pay attention to that details you are not allways 100% aware… This week I almost fall for a SMS fiahing payment… The payment amount and message made sense when I read it, I was on my bank to make the payment and get ridnof that task… Only stoped by chance when I saw that other fishing attems on same SMS thread