Attackers are using "rnicrosoft.com" typosquatting to impersonate Microsoft and steal credentials. Learn how this subtle visual trick bypasses user awareness.

cross-posted from: https://suppo.fi/post/9183817

A sophisticated phishing campaign is currently leveraging a subtle typographical trick to bypass user vigilance, deceiving victims into handing over sensitive login credentials. Attackers utilize the domain “rnicrosoft.com” to impersonate the tech giant.

By replacing the letter ‘m’ with the combination of ‘r’ and ‘n’, fraudsters create a visual doppleganger that is nearly indistinguishable from the legitimate domain at a casual glance.

This technique, known as typosquatting, relies heavily on the font rendering used in modern email clients and web browsers.