Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
NEWYou can now listen to Fox News articles!
A new phishing campaign exploits a visual trick that’s easy to miss and hard to ignore once you know it. Attackers use the rnicrosoft.com domain to impersonate Microsoft and steal login credentials. The trick is simple. Instead of the letter m, scammers place r and n side by side. In many fonts, these letters blend together and appear almost identical to an m at a glance.
Security experts are sounding the alarm because this tactic works. These emails closely copy Microsoft’s branding, layout, and tone, making them familiar and trustworthy. This false sense of legitimacy is often enough to get a quick click before you realize something is wrong.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive offers straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM bulletin.
THE MOST PARKING DOMAINS NOW PUSH SCAMS AND MALWARE
Cybersecurity experts are warning of a new phishing scam that uses the fake domain rnicrosoft.com to impersonate Microsoft and steal login credentials. (Photo by Oliver Berg/photo alliance via Getty Images)
Why your brain falls into the trap
This attack relies on how people read. Your brain predicts words instead of scanning each letter. When something looks familiar, you automatically fill in the gaps. On a large desktop monitor, an attentive reader might spot the flaw. On a phone, the risk jumps. The address bar often shortens URLs and the screen leaves little room for close inspection. This is exactly where attackers want you. Once trust is established, you are more likely to enter passwords, approve fake invoices, or download harmful attachments.
Common typosquatting variations to watch out for
Attackers rarely rely on a single trick. They mix several visual deceptions to increase their chances.
Letter combinations
rnicrosoft.com
Use r and n together to imitate m
Exchange of numbers
micros0ft.com
Replace the letter o with the number 0
Hypliation
microsoft-support.com
Adds official-sounding words to appear legitimate
Change of TLD
Microsoft.co
Uses a different domain extension to appear real
What attackers do after you click
Typosquatted domains like rnicrosoft.com are rarely used for just one purpose. Criminals reuse them in several scams. Common follow-ups include credential phishingfake HR reviews and payment requests from suppliers. In all cases, the attacker benefits from speed. The faster you act, the less likely you are to notice the error.
Why these fake domains continue to work
Most people don’t slow down to read URLs character by character. Familiar logos and language build confidence, especially on a busy work day. Mobile usage makes the situation worse. Smaller screens, shortened links and constant notifications create perfect conditions for mistakes. This is not a Microsoft-specific problem. Banks, retailers, health portals and government services all face the same risk.
How to protect yourself from typosquatting attacks
Typosquatting scams work because they trick you into trusting what seems familiar. These steps slow down this moment and help you spot fake domains before the damage is done.
1) Expand the full sender address every time
Before clicking anything, open the full sender address in the email header. Display names and logos are easy to fake, but domains tell the real story. Look carefully for interchanged letters like rn instead of m, added hyphens, or strange domain endings. If the address seems slightly wrong, treat the message as hostile.
Netflix suspension scam targets your inbox
Scammers replace the letter “m” with “rn” in web addresses, a subtle trick that can fool users with just a glance. (Photo by Paul Chinn/The San Francisco Chronicle via Getty Images)
2) Preview links before clicking
On a desktop computer, hover your mouse over the links to reveal the true destination. On a phone, long-press the link to preview the URL. This simple break often exposes similar domains designed to steal connections. If the link is not exactly the site you are expecting, do not continue.
3) Avoid email links for password or security alerts
When an email claims your account requires urgent action, don’t use its links. Instead, open a new browser tab and navigate to the official site manually using a saved bookmark. Legitimate companies don’t force you to take action via surprise links, and this habit instantly cuts off most typosquatting attempts.
4) Use powerful antivirus software for extra protection
Strong antivirus software can block known phishing domains, report malicious downloads, and warn you before entering your credentials on risky sites. Although it can’t detect every new typo, it adds an important safety net when human attention wanders.
The best way to protect yourself from malicious links that install malware, potentially accessing your private information, is to install powerful antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware scams, protecting your personal information and digital assets.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android, and iOS devices at Cyberguy.com.
5) Check the Reply To field for hidden alarm signals
Even if the sender’s address appears correct, inspect the Reply To field. Many phishing campaigns route responses to external inboxes that have nothing to do with the real company. A mismatch here is a strong signal that the message is a scam.
HOLIDAY DELIVERIES AND FAKE TRACKING TEXTS: HOW SCAMMERS FOLLOW YOU
A typosquatting campaign targeting Microsoft users highlights how small visual changes in URLs can lead to major security risks. (Photo by THOMAS SAMSON / AFP) (Photo by THOMAS SAMSON/AFP via Getty Images)
6) Consider a Data Removal Service to Reduce Targeting
Typosquatting attacks often start with leaked or scraped contact details. A data removal service can help you remove your personal information from data broker sites, reducing the number of fraudulent emails and targeted phishing attempts that reach your inbox.
Although no service can guarantee the complete removal of your data from the Internet, a data deletion service is definitely a wise choice. They’re not cheap, nor are they your private life. These services do all the work for you by actively monitoring and systematically deleting your personal information across hundreds of websites. This is what gives me peace of mind and has proven to be the most effective way to erase your personal data from the Internet. By limiting the information available, you reduce the risk of fraudsters cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data deletion services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com.
Get a free analysis to find out if your personal information is already available on the web: Cyberguy.com.
7) Rely on Saved Favorites for Critical Accounts
For email, banking and business portals, use favorites you created yourself. This eliminates the risk of typos or misrepresentations of links in messages. This is one of the simplest and most effective defenses against lookalike domain attacks.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Kurt’s Key Takeaways
Typosquatting works because it targets human behavior, not software flaws. A single swapped character can bypass filters and fool smart people in seconds. Knowing these tricks slows down attackers and puts you back in control. Awareness turns a sophisticated scam into an obvious fake.
If a single letter can decide whether you’re hacked, how much do you actually read the links you trust every day? Let us know by writing to us at Cyberguy.com.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive offers straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM bulletin.
Copyright 2025 CyberGuy.com. All rights reserved.
