NEWNow you can listen to Fox News articles!
New phishing campaign uses a visual trick that is easy to miss and hard to miss once you recognize it. Attackers use the rnicrosoft.com domain to impersonate Microsoft and steal login credentials. The trick is simple. Instead of the letter m, scammers put p and n next to it. In many fonts, these letters merge together and at first glance appear almost identical to the letter “m”.
Security Experts are sounding the alarm because these tactics work. These emails closely replicate Microsoft's branding, layout, and tone, making them familiar and trustworthy. This false sense of legitimacy is often all it takes to quickly click away before you realize something is wrong.
Subscribe to my FREE CyberGuy Report
Get my best tech tips, breaking security alerts, and exclusive offers straight to your inbox. Plus, you'll get instant access to my ultimate scam survival guide – free when you join my CYBERGUY.COM newsletter.
THE MOST PARKED domains are now a source of scams and malware
Cybersecurity experts are warning of a new phishing scam that uses the fake domain rnicrosoft.com to impersonate Microsoft and steal credentials. (Photo by Oliver Berg/Image Alliance via Getty Images)
Why does your brain fall for the trick?
This attack depends on how people read. Your brain predicts words rather than scanning each letter. When something seems familiar to you, you automatically fill in the blanks. On the big desktop monitor, an attentive reader may notice a flaw. On the phone the risk varies. The address bar often shortens URLs, leaving little screen space for close inspection. This is exactly what the attackers want. Once trust is established, you are more likely to enter passwords, approve fake accounts, or download malicious attachments.
Common typosquatting options worth paying attention to
Attackers rarely rely on one trick. They mix several visual deceptions to increase their chances.
Letter combinations
rnicrosoft.com
Uses r and n together to simulate m.
Exchange numbers
micros0ft.com
Replaces the letter o with the number 0.
Hyplation
microsoft-support.com
Adds official-sounding words to appear legal
switching top level domain
microsoft.co
Uses a different domain ending to appear real
What do attackers do after you click
Typesquatting domains such as rnicrosoft.com are rarely used for a single purpose. Criminals reuse them in numerous scams. Common follow-up actions include credential phishingFake notices from HR and requests from suppliers for payment. In any case, the attacker benefits from speed. The faster you act, the less likely you are to notice the error.
Why do these fake domains keep working?
Most people don't slow down to read URLs character by character. Familiar logos and language build trust, especially during a busy workday. The use of mobile devices makes the situation worse. Smaller screens, shortened links, and constant notifications create an ideal environment for errors. This is not just a Microsoft problem. Banks, retailers, healthcare portals and government services face the same risk.
How to protect yourself from typosquatting attacks
The typesquatting scam works because it tricks you into trusting something that seems familiar. These steps slow this down and help you spot fake domains before the damage is done.
1) Expand the full sender address each time
Before clicking anything, open the full sender address in the header of the email. Display names and logos are easy to fake, but domains tell the real story. Pay close attention to rearranged letters such as rn instead of m, added hyphens, or strange domain endings. If the address seems even slightly incorrect, consider the message hostile.
NETFLIX SUSPENSION SCAM AIMED AT YOUR INBOX
Scammers replace the letter “m” with “rn” in web addresses, a clever trick that can fool users at first glance. (Photo by Paul Chinn/The San Francisco Chronicle via Getty Images)
2) Preview links before clicking
On your desktop, hover your mouse over the links to open the actual destination. On your phone, press and hold a link to view the URL. This simple pause often reveals similar domains designed to steal logins. If the link isn't exactly the site you expect, don't proceed.
3) Avoid email links for passwords or security warnings.
If the email states that your account is urgent, do not use the links. Instead, open a new browser tab and manually navigate to the official website using the saved bookmark. Legitimate companies don't require you to act on unexpected links, and this habit will instantly cut off most typo attempts.
4) Use powerful antivirus software for added protection.
Strong antivirus software can block known phishing domains, flag malicious downloads, and warn you before entering credentials on risky sites. While it can't catch every new typo, it adds an important safety net when human attention slips.
The best way to protect yourself from malicious links that install malware and potentially access your personal information is to install powerful antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware, keeping your personal information and digital assets safe.
Get my picks for 2025's top antivirus protection winners for your Windows, Mac, Android, and iOS devices at Cyberguy.com.
5) Check the Reply field for hidden red flags.
Even if the sender's address looks correct, check the Reply field. Many phishing campaigns send responses to external mailboxes that have nothing to do with the real company. A discrepancy here is a strong signal that the message is a scam.
HOLIDAY DELIVERY AND FAKE SMS TRACKING: HOW FRAUDERS TRACK YOU
A typosquatting campaign targeting Microsoft users shows how small visual changes to URLs can lead to serious security risks. (Photo by THOMAS SAMSON/AFP) (Photo by THOMAS SAMSON/AFP via Getty Images)
6) Consider removing data to reduce targeting.
Typesquatting attacks often begin with the leaking or collection of contact information. A data removal service can help remove your personal information from data broker sites, reducing the number of fraudulent emails and spear phishing attempts that reach your inbox.
While no service can guarantee complete removal of your data from the internet, a data removal service is indeed a smart choice. They're not cheap, and they're not cheap. your privacy. These services do all the work for you, actively monitoring and systematically removing your personal information from hundreds of websites. This is what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk that scammers will link leaked data to information they can find on the dark web, making it harder for them to target you.
Check out my top data removal services and get a free scan to see if your personal information has already been published online by visiting Cyberguy.com.
Get a free scan to see if your personal information has already been published online: Cyberguy.com.
7) Use saved bookmarks for important accounts.
For email, banking and work portals, use bookmarks that you create yourself. This eliminates the risk of misspelling an address or trusting links in messages. This is one of the simplest and most effective defense measures against attacks on similar domains.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Kurt's key takeaways
Typesquatting works because it targets human behavior rather than software flaws. One replaced character can bypass filters and fool smart people in a matter of seconds. Knowing these tricks slows down attackers and puts you back in control. Awareness turns a sophisticated scam into an outright fake.
If one email can decide whether you get hacked, how carefully do you really read the links you trust every day? Let us know by writing to us at Cyberguy.com.
Subscribe to my FREE CyberGuy Report
Get my best tech tips, breaking security alerts, and exclusive offers straight to your inbox. Plus, you'll get instant access to my ultimate scam survival guide – free when you join my CYBERGUY.COM newsletter.
Copyright CyberGuy.com 2025. All rights reserved.
