Can you spot the deception?
At first glance, it looks like a genuine Microsoft password reset email. The sender’s name even says “Microsoft noreply@microsoft.com.” But a closer look exposes the fraud: the domain is not microsoft.com; it’s rnicrosoft.com, where the attackers replaced the letter “m” with “r” + “n.” When typed together (“rn”), it visually mimics “m.”
This is called a homograph phishing attack, a social engineering trick designed to exploit how the human eye reads text quickly. In cybersecurity, we call this visual spoofing, and it’s one of the most effective tactics in email-based fraud.
What’s really happening
The attacker registers a fake domain like rnicrosoft.com (or sometimes micr0soft.com using a zero). They then send out password reset requests or “account security alerts,” hoping victims click a malicious link that:
Leads to a fake Microsoft login page to steal passwords or installs malware or spyware when the user “confirms” their identity. It’s a psychological hack: urgency + familiarity. You see “Microsoft” and act before thinking.
How to protect yourself
Don’t trust display names. Always hover over or click to expand the sender’s email address. Attackers can set the display name to anything they want; what matters is the domain after the “@”.
Look for small spelling errors. rnicrosoft.com ≠ microsoft.com. Likewise, pay attention to:
· rn vs m
· o vs 0
· .co vs .com
· foreign characters (like mícrosoft.com)
Never click links directly in suspicious emails. Instead, type the official website manually in your browser; e.g., go to https://lnkd.in/dwR7C4Mq. If you need to reset your password.
· Enable Multi-Factor Authentication (MFA).
· Even if an attacker steals your password, MFA adds a second lock that they can’t easily bypass.
Report it.
If you receive a suspicious Microsoft email, forward it to phish@office365.microsoft.com or report it within Outlook using “Report phishing.”
This image is proof that phishing is not about bad grammar anymore. It’s about precision design and psychological manipulation. As AI and domain obfuscation tools evolve, these scams will only get harder to spot.
Your best defence is awareness; slow down, verify the sender, and think before you click. In cybersecurity, the difference between “rn” and “m” could be the difference between secure and compromised.
I remain, Mr Strategy.
