If you find yourself on one of these malicious websites and do not detect the threat quickly enough, you risk losing accounts, credentials and data. This is worse when it comes to Chrome or Safari on your phone, where spotting threats is harder.
That’s the case with a new warning reported by Cybersecurity News: “Hackers are using the ‘rn’ typo trick to impersonate Microsoft and Marriott in a new phishing attack.” That tactic to use an ‘r’ and an ‘n’ to replace a “m’ in a URL on a small screen ”creates fake websites that look nearly identical to the real ones.”
Homoglyph attacks, where “attackers exploit visually similar characters to deceive users or systems, (are) used in phishing, domain impersonation, and software supply chain intrusions—often with high success rates. They’re dangerous because the fake often looks exactly like the real thing.”
Cybersecurity News says two recent attacks leveraging the “r+n” technique have targeted Microsoft and Marriott. Of the two, the Microsoft attack is clearly the more dangerous. Stealing those credentials or hijacking those accounts is invaluable.
“The security firm Anagram, highlighted a similar campaign targeting Microsoft users. Phishing emails in this campaign use the domain rnicrosoft.com to send fake security alerts or invoice notifications.”
While you can hover to check URLs before clicking through, most users don’t, The most critical advice is never to log into any accounts — Microsoft, Marriott or any other — via a link from any kind of message or email. Instead use your app or usual website.
You should also ensure passkeys and two-factor authentication are enabled on all key accounts, which certainly includes Microsoft.
Given this new warning, you should also be mindful of URLs with domains that start with or include the letter ‘m.’ It’s worth taking care given how hard this ‘r+n’ is to detect.
