‘rn’ replaced by Hackers to ‘m’ in Microsoft(.)com to Steal Users’ Login Data
‘rn’ replaced by Hackers to m in Microsoft (.)com to Steal Users’ Login Data
“Hackers come up with a new idea to steal confidential login data of users online.”
Currently, a clever phishing attempt is tricking victims into divulging crucial login information by using a tiny typographical technique to get beyond user caution. Attackers pose as the tech giant using the domain “rnmicrosoft.com.”
Fraudsters construct a visual doppleganger that is almost identical to the authentic domain at a glance by substituting the letter “m” with the combination of “r” and “n.”
This method, called typosquatting, mostly depends on how fonts are rendered in contemporary online browsers and email applications.
The kerning between “r” and “n” frequently resembles the structure of the letter “m” when positioned near together, tricking the brain into automatically rectifying the mistake.
Anagram CEO Harley Sugarman recently brought attention to this particular vector, pointing out that the emails frequently resemble the official Microsoft logo, layout, and tone of authentic correspondence.
Using Visual Deception to Steal Logins
This attack vector’s subtlety is what makes it so successful. A close observer may be able to see the difference on high-resolution desktop monitors, but the brain’s propensity to predict text frequently obscures the abnormality.
On mobile devices, where screen real estate is constrained, and the address bar frequently truncates the entire URL, the threat is considerably more severe. In order to enable credential phishing, vendor invoice scams, and internal HR impersonation campaigns, attackers create these look-alike sites.
The user is more likely to click on dangerous links or download weaponized attachments once they believe the email is from a reliable source.
Attackers employ several variations, including the “rn” switch. Other popular strategies include substituting a zero for the letter “o” or adding hyphens to valid brand names to give them a more authentic feel.
Instead of depending only on automated filtering, defending against these homoglyph and typosquatting attacks necessitates a change in user behavior. Before responding to any unsolicited email, users are advised by security experts to expand the sender’s address.
The trick can be discovered before a connection is established by long-pressing the link on mobile devices or hovering over hyperlinks to see the real destination URL.
Additionally, examining email headers more especially, the “Reply-To” field can show whether a con artist is sending replies to an uncontrolled, external mailbox.
The safest course of action in situations involving unexpected password reset requests is to completely disregard the email link and open a new browser tab to go straight to the legitimate service.
To prevent teams from automatically clicking on familiar-looking notifications, organizations are advised to practice certain identification techniques.
Common Typosquatting Variations
| Technique | Visual Example | Deception Method |
| Letter Combination | rnicrosoft(.)com | mimics “m” by using “r” and “n.” |
| Number Swapping | micros0ft(.)com | substitutes the number “0” for the letter “o.” |
| Hyphenation | microsoft-support(.)com | Adds prefixes or subdomains that sound legitimate. |
| TLD Switching | microsoft(.)co | Eliminates the “m” and uses a new Top Level Domain. |
About The Author
Suraj Koli is a content specialist in technical writing about cybersecurity & information security. He has written many amazing articles related to cybersecurity concepts, with the latest trends in cyber awareness and ethical hacking. Find out more about “Him.”
Read More:
Screen-Sharing Trojan Leaked Private Chats on WhatsApp, Telegram, and Signal
About Author
English