192

Hackers Replace 'm' with 'rn' in Microsoft(.)com to Steal Users' Login Credentials (cybersecuritynews.com)

submitted 1 week ago by cm0002@suppo.fi to c/cybersecurity@infosec.pub

33 comments fedilink hide all child comments

A sophisticated phishing campaign is currently leveraging a subtle typographical trick to bypass user vigilance, deceiving victims into handing over sensitive login credentials. Attackers utilize the domain “rnicrosoft.com” to impersonate the tech giant.

By replacing the letter ‘m’ with the combination of ‘r’ and ‘n’, fraudsters create a visual doppleganger that is nearly indistinguishable from the legitimate domain at a casual glance.

This technique, known as typosquatting, relies heavily on the font rendering used in modern email clients and web browsers.

all 34 comments

sorted by: hot top controversial new old

[-] 0ops@piefed.zip 73 points 1 week ago

Shitty keming strikes again

[-] TomMasz@piefed.social 7 points 1 week ago

Good typography saves lives.

[-] msfroh@lemmy.ca 61 points 1 week ago* (last edited 1 week ago)

I can't wait for the .corn TLD.

[-] hemko@lemmy.dbzer0.com 49 points 1 week ago

I'm kinda surprised Microsoft hasn't bought that domain long time ago... That trick is like decades old

[-] Railcar8095@lemmy.world 38 points 1 week ago

On the one hand, it can help mitigate phishing attacks that could cost millions. On the other hand, rnicrosoft would have to spend 20 pounds in something not AI related.

Surely you can see why it's not an easy solution.

Devils advocate: it's not their responsibly to prevent third parties impersonating them. But it would be pretty damm nice if they did.

[-] tankplanker@lemmy.world 9 points 1 week ago

You would think it would be an easy up-sell by the domain registrars to offer sound and look a like domains when you registering and renewing your domain

[-] lauha@lemmy.world 7 points 1 week ago

That would assume they care about their users

[-] gndagreborn@lemmy.world 2 points 1 week ago

@GROK WHAT IS KERNING???

[-] Zachariah@lemmy.world 39 points 1 week ago

!keming@lemmy.world

[-] Cyber@feddit.uk 9 points 1 week ago

Kerning or Keming?

But thanks for the link had a good "lol" from those (few) posts.

[-] frongt@lemmy.zip 6 points 1 week ago

Kerning when it's good, keming when it's bad.

[-] eestileib@lemmy.blahaj.zone 26 points 1 week ago

Ye olde homograph attack.

[-] chris@programming.dev 30 points 1 week ago

Ye olde hornograph attack, you mean…

[-] i_dont_want_to@lemmy.blahaj.zone 12 points 1 week ago

We're cooked

[-] eestileib@lemmy.blahaj.zone 8 points 1 week ago

These hœs ain't loya1.

[-] frongt@lemmy.zip 11 points 1 week ago

Technically no, since it's different characters. This is keming.

[-] nocturne@piefed.social 1 points 1 week ago

Þe olde

[-] Kissaki@programming.dev 24 points 1 week ago

rnicrosoft.corn 🌽

[-] IndustryStandard@lemmy.world 6 points 1 week ago

pom.corn

[-] Kissaki@programming.dev 2 points 1 week ago

I expect some hot Java code on that website 😏

[-] ulterno@programming.dev 11 points 1 week ago* (last edited 1 week ago)

Another reason to Iike rnonospace fonts.

[-] Cyber@feddit.uk 10 points 1 week ago

Back to monospaced fonts then.

[-] trk@aussie.zone 7 points 1 week ago

Honestly not a bad idea for things like filenames and URLs.

I'll go variable width fonts, with it without serifs, for a wall of text... But for something short and critical I want to trust what I'm seeing.

Also bring back the line through 0s so you know it's a number.

[-] ulterno@programming.dev 2 points 1 week ago

l also replaced 'I's with 'l's and vice-versa in some of my previous comments and haven't yet seen anyone react to them.

Hopefully someone finds out the ones I did today.

[-] Cyber@feddit.uk 2 points 1 week ago

Well, here's 1, l spotted:

l also replaced 'I's with 'l's and vice-versa in some of my previous comments and haven't yet seen anyone react to them. Hopefully someone finds out the ones I did today.

l did something simiIar in my original repIy, but it Iooked too weird, so gave up.

(0r did l?)

[-] samus12345@sh.itjust.works 8 points 1 week ago

"Hackers?" Has the meaning really degraded so much that this is considered hacking?

[-] Sunsofold@lemmings.world 5 points 1 week ago

What is old is new again.

[-] kn33@lemmy.world 2 points 1 week ago

It feels like there's a lot wrong going on here but my sleeping pill is starting to kick in so if anyone wants me to explain my thoughts ask in the morning

[+] imetators@lemmy.dbzer0.com -8 points 1 week ago* (last edited 1 week ago)

I get a weird feeling about this. Like, you know... That is so stupid that I cant wrap my mind around it to understand how would it work. But then, I also understand that people are dumb and pay no attention to anything, mindlessly clicking "Accept all" on cookies and notification requests from shady websites.

[-] BakerBagel@midwest.social 5 points 1 week ago

You were up late last night because your kid was sick, but you still had to be up at 5:30 to take your other kid to day care before driving an hour to work. You get to the office and it looks like your computer had an update last night and so you need to verify your login credentials. You've been on about 4 hours of sleep a night for the past week and just want to get on with your day.

People are overworked and exhausted, so stuff like that is bound to work on someone

[-] scintilla@crust.piefed.social 5 points 1 week ago

Fuck off with this shit. Get off your damn high horse and look at the fucking images. If you aren't aware people with vision problems exist I suggest you go talk to people IRL more. This is leaving aside the elderly who can have vision problems on top of likely being less tech aware than most younger people simply because it wasn't a thing when they were younger so it was never part of their life in the same way that it is for most under 50.

[-] MalMen@monero.town 3 points 1 week ago

Even if you pay attention to that details you are not allways 100% aware... This week I almost fall for a SMS fiahing payment... The payment amount and message made sense when I read it, I was on my bank to make the payment and get ridnof that task.. Only stoped by chance when I saw that other fishing attems on same SMS thread

this post was submitted on 25 Nov 2025

192 points (99.5% liked)

cybersecurity

5026 readers

15 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub