this post was submitted on 25 Nov 2025

192 points (99.5% liked)

cybersecurity

5183 readers

13 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks

tweedge

192

Hackers Replace 'm' with 'rn' in Microsoft(.)com to Steal Users' Login Credentials (cybersecuritynews.com)

submitted 3 days ago by cm0002@suppo.fi to c/cybersecurity

33 comments fedilink hide all child comments

A sophisticated phishing campaign is currently leveraging a subtle typographical trick to bypass user vigilance, deceiving victims into handing over sensitive login credentials. Attackers utilize the domain “rnicrosoft.com” to impersonate the tech giant.

By replacing the letter ‘m’ with the combination of ‘r’ and ‘n’, fraudsters create a visual doppleganger that is nearly indistinguishable from the legitimate domain at a casual glance.

This technique, known as typosquatting, relies heavily on the font rendering used in modern email clients and web browsers.

all 34 comments

sorted by: hot top controversial new old

[–] 0ops@piefed.zip 73 points 3 days ago (1 children)

Shitty keming strikes again

[–] TomMasz@piefed.social 7 points 2 days ago

Good typography saves lives.

[–] msfroh@lemmy.ca 61 points 3 days ago* (last edited 3 days ago)

I can't wait for the .corn TLD.

[–] hemko@lemmy.dbzer0.com 49 points 3 days ago (4 children)

I'm kinda surprised Microsoft hasn't bought that domain long time ago... That trick is like decades old

[–] Railcar8095@lemmy.world 38 points 3 days ago

On the one hand, it can help mitigate phishing attacks that could cost millions. On the other hand, rnicrosoft would have to spend 20 pounds in something not AI related.

Surely you can see why it's not an easy solution.

Devils advocate: it's not their responsibly to prevent third parties impersonating them. But it would be pretty damm nice if they did.

[–] tankplanker@lemmy.world 9 points 2 days ago

You would think it would be an easy up-sell by the domain registrars to offer sound and look a like domains when you registering and renewing your domain

[–] lauha@lemmy.world 7 points 3 days ago

That would assume they care about their users

[–] gndagreborn@lemmy.world 2 points 2 days ago

@GROK WHAT IS KERNING???

[–] Kissaki@programming.dev 24 points 3 days ago (1 children)

rnicrosoft.corn 🌽

[–] IndustryStandard@lemmy.world 5 points 2 days ago (1 children)

pom.corn

[–] Kissaki@programming.dev 2 points 2 days ago

I expect some hot Java code on that website 😏

[–] Zachariah@lemmy.world 39 points 3 days ago (1 children)

!keming@lemmy.world

[–] Cyber@feddit.uk 9 points 3 days ago (1 children)

Kerning or Keming?

But thanks for the link had a good "lol" from those (few) posts.

[–] frongt@lemmy.zip 6 points 3 days ago

Kerning when it's good, keming when it's bad.

[–] samus12345@sh.itjust.works 8 points 2 days ago

"Hackers?" Has the meaning really degraded so much that this is considered hacking?

[–] eestileib@lemmy.blahaj.zone 27 points 3 days ago (3 children)

Ye olde homograph attack.

[–] chris@programming.dev 30 points 3 days ago (1 children)

Ye olde hornograph attack, you mean…

[–] i_dont_want_to@lemmy.blahaj.zone 12 points 3 days ago (1 children)

We're cooked

[–] eestileib@lemmy.blahaj.zone 8 points 3 days ago

These hœs ain't loya1.

[–] frongt@lemmy.zip 11 points 3 days ago

Technically no, since it's different characters. This is keming.

[–] nocturne@piefed.social 1 points 3 days ago

Þe olde

[–] ulterno@programming.dev 11 points 2 days ago* (last edited 2 days ago)

Another reason to Iike rnonospace fonts.

[–] Sunsofold@lemmings.world 5 points 2 days ago

What is old is new again.

[–] Cyber@feddit.uk 10 points 3 days ago (1 children)

Back to monospaced fonts then.

[–] trk@aussie.zone 7 points 3 days ago (1 children)

Honestly not a bad idea for things like filenames and URLs.

I'll go variable width fonts, with it without serifs, for a wall of text... But for something short and critical I want to trust what I'm seeing.

Also bring back the line through 0s so you know it's a number.

[–] ulterno@programming.dev 2 points 2 days ago (1 children)

l also replaced 'I's with 'l's and vice-versa in some of my previous comments and haven't yet seen anyone react to them.

Hopefully someone finds out the ones I did today.

[–] Cyber@feddit.uk 2 points 2 days ago

Well, here's 1, l spotted:

l also replaced 'I's with 'l's and vice-versa in some of my previous comments and haven't yet seen anyone react to them. Hopefully someone finds out the ones I did today.

l did something simiIar in my original repIy, but it Iooked too weird, so gave up.

(0r did l?)

[–] kn33@lemmy.world 2 points 3 days ago

It feels like there's a lot wrong going on here but my sleeping pill is starting to kick in so if anyone wants me to explain my thoughts ask in the morning

[+] imetators@lemmy.dbzer0.com -8 points 3 days ago* (last edited 3 days ago) (4 children)

I get a weird feeling about this. Like, you know... That is so stupid that I cant wrap my mind around it to understand how would it work. But then, I also understand that people are dumb and pay no attention to anything, mindlessly clicking "Accept all" on cookies and notification requests from shady websites.

[–] BakerBagel@midwest.social 5 points 2 days ago

You were up late last night because your kid was sick, but you still had to be up at 5:30 to take your other kid to day care before driving an hour to work. You get to the office and it looks like your computer had an update last night and so you need to verify your login credentials. You've been on about 4 hours of sleep a night for the past week and just want to get on with your day.

People are overworked and exhausted, so stuff like that is bound to work on someone

[–] scintilla@crust.piefed.social 5 points 3 days ago

Fuck off with this shit. Get off your damn high horse and look at the fucking images. If you aren't aware people with vision problems exist I suggest you go talk to people IRL more. This is leaving aside the elderly who can have vision problems on top of likely being less tech aware than most younger people simply because it wasn't a thing when they were younger so it was never part of their life in the same way that it is for most under 50.

[–] MalMen@monero.town 3 points 3 days ago

Even if you pay attention to that details you are not allways 100% aware... This week I almost fall for a SMS fiahing payment... The payment amount and message made sense when I read it, I was on my bank to make the payment and get ridnof that task.. Only stoped by chance when I saw that other fishing attems on same SMS thread