NEWYou can now listen to Fox News articles!
A new phishing campaign is exploiting a visual trick that is easy to miss and hard to unsee once you know it. Attackers are using the domain rnicrosoft.com to impersonate Microsoft and steal login credentials. The trick is simple. Instead of the letter m, scammers place r and n side by side. In many fonts, those letters blur together and look almost identical to an m at a quick glance.
Security experts are sounding the alarm because this tactic works. These emails closely copy Microsoft branding, layout and tone, which makes them feel familiar and trustworthy. That false sense of legitimacy is often all it takes to get a quick click before you realize something is wrong.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter
MOST PARKED DOMAINS NOW PUSH SCAMS AND MALWARE
Cybersecurity experts warn of a new phishing scam that uses the fake domain rnicrosoft.com to mimic Microsoft and steal login credentials. (Photo by Oliver Berg/picture alliance via Getty Images)
Why your brain falls for the rn trick
This attack relies on how people read. Your brain predicts words instead of scanning each letter. When something looks familiar, you fill in the gaps automatically. On a large desktop monitor, a careful reader might spot the flaw. On a phone, the risk jumps. The address bar often shortens URLs, and the screen leaves little room for close inspection. That is exactly where attackers want you. Once trust is established, you are more likely to enter passwords, approve fake invoices or download harmful attachments.
Common typosquatting variations to watch for
Attackers rarely rely on a single trick. They mix several visual deceptions to increase their odds.
Letter combinations
rnicrosoft.com
Uses r and n together to mimic m
Number swapping
micros0ft.com
Replaces the letter o with the number 0
Hyphenation
microsoft-support.com
Adds official-sounding words to look legitimate
TLD switching
microsoft.co
Uses a different domain ending to appear real
What attackers do after you click
Typosquatting domains like rnicrosoft.com are rarely used for a single purpose. Criminals reuse them across multiple scams. Common follow-ups include credential phishing, fake HR notices and vendor payment requests. In every case, the attacker benefits from speed. The faster you act, the less likely you are to notice the mistake.
Why these fake domains keep working
Most people do not slow down to read URLs character by character. Familiar logos and language reinforce trust, especially during a busy workday. Mobile use makes this worse. Smaller screens, shortened links and constant notifications create perfect conditions for mistakes. This is not a Microsoft-only problem. Banks, retailers, healthcare portals and government services all face the same risk.
How to stay safe from typosquatting attacks
Typosquatting scams work because they rush you into trusting what looks familiar. These steps slow that moment down and help you spot fake domains before damage is done.
1) Expand the full sender address every time
Before clicking anything, open the full sender address in the email header. Display names and logos are easy to fake, but domains tell the real story. Look closely for swapped letters like rn in place of m, added hyphens or strange domain endings. If the address feels even slightly off, treat the message as hostile.
NETFLIX SUSPENSION SCAM TARGETS YOUR INBOX
Scammers are replacing the letter “m” with “rn” in web addresses, a subtle trick that can fool users at a quick glance. (Photo By Paul Chinn/The San Francisco Chronicle via Getty Images)
2) Preview links before you click
On a desktop, hover your mouse over links to reveal the real destination. On a phone, long-press the link to preview the URL. This simple pause often exposes lookalike domains designed to steal logins. If the link does not match the exact site you expect, do not proceed.
3) Avoid email links for password or security alerts
When an email claims your account needs urgent action, do not use its links. Instead, open a new browser tab and manually go to the official website using a saved bookmark. Legitimate companies do not require you to act through surprise links, and this habit cuts off most typosquatting attempts instantly.
4) Use strong antivirus software for added protection
Strong antivirus software can block known phishing domains, flag malicious downloads and warn you before you enter credentials on risky sites. While it cannot catch every new typo trick, it adds an important safety net when human attention slips.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
5) Check the Reply To field for hidden red flags
Even if the sender address looks correct, inspect the Reply To field. Many phishing campaigns route replies to external inboxes that have nothing to do with the real company. A mismatch here is a strong signal that the message is a scam.
HOLIDAY DELIVERIES AND FAKE TRACKING TEXTS: HOW SCAMMERS TRACK YOU
A typosquatting campaign targeting Microsoft users highlights how small visual changes in URLs can lead to major security risks. (Photo by THOMAS SAMSON / AFP) (Photo by THOMAS SAMSON/AFP via Getty Images)
6) Consider a data removal service to reduce targeting
Typosquatting attacks often begin with leaked or scraped contact details. A data removal service can help remove your personal information from data broker sites, reducing the number of scam emails and targeted phishing attempts that reach your inbox.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com
7) Rely on saved bookmarks for critical accounts
For email, banking and work portals, use bookmarks you created yourself. This eliminates the risk of mistyping addresses or trusting links in messages. It is one of the simplest and most effective defenses against lookalike domain attacks.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Kurt’s key takeaways
Typosquatting works because it targets human behavior, not software flaws. A single swapped character can bypass filters and fool smart people in seconds. Knowing these tricks slows attackers down and gives you back control. Awareness turns a sophisticated scam into an obvious fake.
If a single letter can decide whether you get hacked, how closely are you really reading the links you trust every day? Let us know by writing to us at Cyberguy.com
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter
Copyright 2025 CyberGuy.com. All rights reserved.
