this post was submitted on 25 Nov 2025

192 points (99.5% liked)

cybersecurity

5876 readers

38 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

192

Hackers Replace 'm' with 'rn' in Microsoft(.)com to Steal Users' Login Credentials (cybersecuritynews.com)

submitted 2 months ago by cm0002@suppo.fi to c/cybersecurity@infosec.pub

34 comments fedilink hide all child comments

A sophisticated phishing campaign is currently leveraging a subtle typographical trick to bypass user vigilance, deceiving victims into handing over sensitive login credentials. Attackers utilize the domain “rnicrosoft.com” to impersonate the tech giant.

By replacing the letter ‘m’ with the combination of ‘r’ and ‘n’, fraudsters create a visual doppleganger that is nearly indistinguishable from the legitimate domain at a casual glance.

This technique, known as typosquatting, relies heavily on the font rendering used in modern email clients and web browsers.

all 35 comments

sorted by: hot top controversial new old

[–] 0ops@piefed.zip 73 points 2 months ago (1 children)

Shitty keming strikes again

[–] TomMasz@piefed.social 7 points 2 months ago

Good typography saves lives.

[–] msfroh@lemmy.ca 61 points 2 months ago* (last edited 2 months ago)

I can't wait for the .corn TLD.

[–] hemko@lemmy.dbzer0.com 49 points 2 months ago (4 children)

I'm kinda surprised Microsoft hasn't bought that domain long time ago... That trick is like decades old

[–] Railcar8095@lemmy.world 38 points 2 months ago

On the one hand, it can help mitigate phishing attacks that could cost millions. On the other hand, rnicrosoft would have to spend 20 pounds in something not AI related.

Surely you can see why it's not an easy solution.

Devils advocate: it's not their responsibly to prevent third parties impersonating them. But it would be pretty damm nice if they did.

[–] tankplanker@lemmy.world 9 points 2 months ago

You would think it would be an easy up-sell by the domain registrars to offer sound and look a like domains when you registering and renewing your domain

[–] lauha@lemmy.world 7 points 2 months ago

That would assume they care about their users

[–] gndagreborn@lemmy.world 2 points 2 months ago

@GROK WHAT IS KERNING???

[–] Zachariah@lemmy.world 39 points 2 months ago (1 children)

!keming@lemmy.world

[–] Cyber@feddit.uk 9 points 2 months ago (1 children)

Kerning or Keming?

But thanks for the link had a good "lol" from those (few) posts.

[–] frongt@lemmy.zip 6 points 2 months ago

Kerning when it's good, keming when it's bad.

[–] eestileib@lemmy.blahaj.zone 27 points 2 months ago (3 children)

Ye olde homograph attack.

[–] chris@programming.dev 30 points 2 months ago (1 children)

Ye olde hornograph attack, you mean…

[–] i_dont_want_to@lemmy.blahaj.zone 12 points 2 months ago (1 children)

We're cooked

[–] eestileib@lemmy.blahaj.zone 8 points 2 months ago

These hœs ain't loya1.

[–] frongt@lemmy.zip 11 points 2 months ago

Technically no, since it's different characters. This is keming.

[–] nocturne@piefed.social 1 points 2 months ago

Þe olde

[–] Kissaki@programming.dev 24 points 2 months ago (1 children)

rnicrosoft.corn 🌽

[–] IndustryStandard@lemmy.world 6 points 2 months ago (1 children)

pom.corn

[–] Kissaki@programming.dev 2 points 2 months ago

I expect some hot Java code on that website 😏

[–] ulterno@programming.dev 11 points 2 months ago* (last edited 2 months ago)

Another reason to Iike rnonospace fonts.

[–] Cyber@feddit.uk 10 points 2 months ago (1 children)

Back to monospaced fonts then.

[–] trk@aussie.zone 7 points 2 months ago (1 children)

Honestly not a bad idea for things like filenames and URLs.

I'll go variable width fonts, with it without serifs, for a wall of text... But for something short and critical I want to trust what I'm seeing.

Also bring back the line through 0s so you know it's a number.

[–] ulterno@programming.dev 2 points 2 months ago (1 children)

l also replaced 'I's with 'l's and vice-versa in some of my previous comments and haven't yet seen anyone react to them.

Hopefully someone finds out the ones I did today.

[–] Cyber@feddit.uk 2 points 2 months ago

Well, here's 1, l spotted:

l also replaced 'I's with 'l's and vice-versa in some of my previous comments and haven't yet seen anyone react to them. Hopefully someone finds out the ones I did today.

l did something simiIar in my original repIy, but it Iooked too weird, so gave up.

(0r did l?)

[–] samus12345@sh.itjust.works 8 points 2 months ago

"Hackers?" Has the meaning really degraded so much that this is considered hacking?

[–] Sunsofold@lemmings.world 5 points 2 months ago

What is old is new again.

[–] kn33@lemmy.world 2 points 2 months ago

It feels like there's a lot wrong going on here but my sleeping pill is starting to kick in so if anyone wants me to explain my thoughts ask in the morning

[–] Lilo@infosec.pub 1 points 1 month ago

I fell for this sort of scam last year, I lost all my life savings… thanks to my friend who linked me up with someone who helped me recover the money back

[+] imetators@lemmy.dbzer0.com -8 points 2 months ago* (last edited 2 months ago) (4 children)

I get a weird feeling about this. Like, you know... That is so stupid that I cant wrap my mind around it to understand how would it work. But then, I also understand that people are dumb and pay no attention to anything, mindlessly clicking "Accept all" on cookies and notification requests from shady websites.

[–] scintilla@crust.piefed.social 5 points 2 months ago

Fuck off with this shit. Get off your damn high horse and look at the fucking images. If you aren't aware people with vision problems exist I suggest you go talk to people IRL more. This is leaving aside the elderly who can have vision problems on top of likely being less tech aware than most younger people simply because it wasn't a thing when they were younger so it was never part of their life in the same way that it is for most under 50.

[–] BakerBagel@midwest.social 5 points 2 months ago

You were up late last night because your kid was sick, but you still had to be up at 5:30 to take your other kid to day care before driving an hour to work. You get to the office and it looks like your computer had an update last night and so you need to verify your login credentials. You've been on about 4 hours of sleep a night for the past week and just want to get on with your day.

People are overworked and exhausted, so stuff like that is bound to work on someone

[–] MalMen@monero.town 3 points 2 months ago

Even if you pay attention to that details you are not allways 100% aware... This week I almost fall for a SMS fiahing payment... The payment amount and message made sense when I read it, I was on my bank to make the payment and get ridnof that task.. Only stoped by chance when I saw that other fishing attems on same SMS thread