Most phishing scams rely on panic. This one relies on eyesight. Hackers have discovered a simple trick: replace the letter “m” with “rn”, knowing your brain will read it the way it expects, not the way it is.
And that’s how people are getting fooled into handing over their Microsoft passwords without realising anything was wrong. Let’s break down how the scam works, why it works, and how you can spot it instantly.
What exactly is happening?
Users are receiving emails that look like genuine Microsoft password reset alerts. The catch is that the email comes from noreply@rnicrosoft.com, with “rn” instead of “m”.
At first glance, it looks identical to the official one, especially on smaller screens like mobile phones. This subtle change creates a fake domain that visually passes as the real one. Harley Sugarman, Founder CEO of Anagram, raised the red flag after spotting this pattern in a phishing attempt. If you looked at this email fast, you’d swear it came from Microsoft… The sender’s domain was rnicrosoft(.)com instead of microsoft(.)com. Once you click the link, you’re taken to a fake login page designed to steal your credentials. Also read: Don’t open the ‘Wedding Invitation’ card on WhatsApp
Why ‘rn’ looks exactly like ‘m’ This trick works because of something called a ‘kerning illusion,’ how specific letters visually blend when placed next to each other. So even if you glance at it twice, many people won’t catch the subtle difference. Sheetal R Bhardwaj, Executive Member of ACFCS, calls this a mix of technology and psychology. This email mimics a legitimate receipt with uncanny accuracy… I see this as more than a cybersecurity issue; it’s behavioral engineering. Also read: How AI is being used to fake jobs and recruiters
How hackers change domains to fool you This trick is part of a wider technique known as ‘typosquatting,’ where attackers create domain names that are almost identical to trusted ones.
These small tweaks are enough to mislead the eye and trick users into trusting fake sites. Why is this scam so effective Several factors make this attack harder to detect:
1. Mobile screens hide full information Email apps often shorten sender addresses, making “rnicrosoft.com” look correct at a glance. 2. High-resolution fonts blur tiny differences Modern fonts render “rn” and “m” extremely similarly. 3. People skim emails rather than read them Attackers rely on fast scrolling and reflexive clicking.
4. The email design matches Microsoft’s real layout The logo, tone, color scheme, everything feels familiar. Once users feel they’re interacting with a trusted brand, they drop their guard. What hackers do after you click
If you fall for the email and open the link: Also read: Indian users will now have stronger safety against scam calls
How to protect yourself
Harley Sugarman shares steps that can dramatically reduce your risk: Sugarman says: Small habit change, big payoff. Teams that rehearse these scenarios stop reflexively clicking. Your eyes can be tricked This scam isn’t about complicated hacking techniques. It’s about exploiting how human eyes read and how brains fill gaps. But once you learn to pause, inspect, and verify, even a tiny “rn” trick can’t fool you. A few seconds of checking the sender’s address or hovering over the link can save you from a major security breach.
The post appeared first on .
The post appeared first on .
