Fast Facts

• Cybercriminals registered “rnicrosoft.com” to mimic “microsoft.com” using a visual illusion.
• Phishing emails copy Microsoft’s branding, making fake sites nearly indistinguishable from the real thing.
• Mobile devices increase risk, as small screens hide suspicious URLs and make quick checks harder.
• Typosquatting and homoglyph attacks are on the rise, targeting users’ instincts and trust in familiar brands.
• Simple precautions - like hovering over links and checking sender addresses - can foil these scams.

The Anatomy of a Visual Scam

Picture this: you glance at an email from Microsoft, the logo shining reassuringly. The sender’s address looks right at first glance - yet a closer look hides a clever deception. Instead of the familiar “m” in “microsoft.com,” attackers have swapped in an “r” next to an “n,” creating “rnicrosoft.com.” To the hurried eye, especially on mobile, the difference is almost invisible.

This technique is known as “homoglyph” or “typosquatting,” where attackers exploit the way our brains fill in gaps and autocorrect errors. Fonts in browsers and email clients often render “rn” so tightly that it blends into something nearly indistinguishable from “m.” The result? Users unwittingly hand over credentials, thinking they’re logging into the real Microsoft site.

A Growing Threat: From Typos to Takeovers

This isn’t the first time cybercriminals have weaponized human perception. Over the years, attackers have swapped “o” for “0” (“micros0ft.com”), added hyphens (“microsoft-support.com”), or used similar-looking domains like “microsoft.co” to trick users. The infamous 2017 Equifax breach, for example, saw attackers use typo domains to lure victims into giving up sensitive information.

CrowdStrike and Proofpoint have both reported surges in typosquatting campaigns, especially as remote work and cloud services grow. Attackers target not only individuals, but also businesses - sending fake invoices, HR documents, or password reset requests that seem completely legitimate.

Mobile devices compound the danger. Limited screen space hides full URLs, and a tap is all it takes to open a trap. On desktops, eagle-eyed users might spot the subtle difference, but most people are scanning quickly, trusting familiar logos and layouts.

Simple Defenses Against Sophisticated Tricks

While the tactics grow ever more nuanced, defending yourself isn’t rocket science. Experts urge users to always check the full sender address and hover over links before clicking. On mobile, a long-press will reveal the real destination. If you get a password reset email you didn’t expect, don’t click - go directly to the official site in a new browser tab.

For organizations, regular phishing drills and security awareness training are essential. Simulating these kinds of attacks helps employees spot the fakes and resist the urge to click. Ultimately, the best defense is a skeptical eye and a pause before reacting to urgent requests.

WIKICROOK

• Phishing: Phishing is a cybercrime where attackers send fake messages to trick users into revealing sensitive data or clicking malicious links.
• Typosquatting: Typosquatting is when attackers use lookalike names of trusted sites or software to trick users into visiting fake sites or downloading malware.
• Homoglyph Attack: A homoglyph attack uses lookalike characters in URLs or usernames to trick users into visiting fake or malicious websites.
• Credential Theft: Credential theft occurs when hackers steal usernames and passwords, often via phishing or data breaches, to illegally access online accounts.
• Social Engineering: Social engineering is the use of deception by hackers to trick people into revealing confidential information or providing unauthorized system access.