According to Forbes, cybersecurity researchers are warning about a new, highly deceptive phishing attack targeting users of Microsoft and Marriott. The attack exploits a visual trick, using the characters “r” and “n” side-by-side to impersonate the letter “m” in website domain names, like using “rnicrosoft.com” to mimic “microsoft.com”. On small phone screens, especially in browsers like Chrome and Safari, these fake URLs are virtually indistinguishable from the real ones. The phishing emails, posing as security alerts or invoice notifications, direct users to these malicious sites designed to steal login credentials and hijack accounts. Cybersecurity News reported the campaign, noting that while both companies are targeted, a successful attack on Microsoft accounts would be particularly damaging due to their central role for many users.
Why This Homoglyph Attack Works
Here’s the thing: our brains are wired for speed, not meticulous inspection. We see a familiar logo, a standard-looking login box, and our pattern recognition kicks in. We don’t scrutinize every pixel in the address bar, especially on a cramped mobile screen. That’s the entire point of a homoglyph attack. It exploits that trust in visual similarity. The “rn” for “m” trick is just one example; attackers can use Cyrillic letters, special characters, or other lookalikes. The fake site often looks exactly like the real one because, well, it’s often a cloned copy. So you think you’re on the Marriott Bonvoy page entering your points info, but you’re actually handing it all directly to a hacker.
How To Protect Yourself Right Now
The advice here is simple, but it requires breaking a very common habit. Never, ever log into a critical account by clicking a link in an email or text message. Full stop. Got a “security alert” from Microsoft? Don’t click it. Open your Microsoft Authenticator app or manually type “microsoft.com” into your browser yourself. The same goes for your bank, your email provider, Marriott, you name it. This one action neuters the vast majority of phishing attempts, no matter how clever the URL looks. And while you’re at it, enable two-factor authentication (2FA) everywhere, and move to passkeys where available. 2FA is your safety net if you do slip up.
The Broader Threat Landscape
This specific “rn” campaign is just a symptom. It highlights a trend where attacks are becoming less about technical exploits and more about sophisticated human manipulation. The entry point isn’t a software bug; it’s our own psychology. And as we do more on our phones, the problem gets worse. The small screen is a phisher’s best friend. So what’s next? We’ll probably see more of these homoglyph attacks targeting any service with an “m” in its name. But also look for similar tricks with other letter pairs. It’s a cheap, effective tactic with a high success rate. Basically, if a company is big enough to be trusted, it’s big enough to be impersonated. The burden is increasingly on us to be paranoid, double-check everything, and build our own digital moats with strong, unique passwords and multi-factor auth. It’s annoying, but it’s the reality.
