Hackers Use \u2018rn\u2019 Typo Trick to Impersonate Microsoft and Marriott in New Phishing Attack
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
A sophisticated \u201chomoglyph\u201d phishing campaign targeting customers of Marriott International and Microsoft. Attackers are registering domains that replace the letter \u201cm\u201d with the combination \u201crn\u201d (r + n), creating fake websites that look nearly identical to the real ones.<\/p>\n
This technique, known as typosquatting<\/a> or a homoglyph attack, exploits the way modern fonts display text. In many fonts, the letters \u201cr\u201d and \u201cn\u201d are placed next to each other ( Hackers rely on this visual trick to bypass your brain\u2019s ability to spot errors. When you glance quickly at a URL like Security firm Netcraft recently identified a cluster of malicious domains attempting to impersonate the hotel giant. These domains are likely used to steal loyalty account credentials or personal guest data.<\/p>\n Harley Sugarman, CEO of the security firm Anagram, highlighted a similar campaign<\/a> targeting Microsoft users. Phishing emails in this campaign use the domain The following domains have been flagged as malicious. Security teams should block these immediately, and users should be wary of any links directing to them.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Hackers Use \u2018rn\u2019 Typo Trick to Impersonate Microsoft and Marriott in New Phishing Attack<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nrn<\/code>) look visually indistinguishable from the letter \u201cm\u201d (m<\/code>).<\/p>\nrnarriottinternational.com<\/code>, your brain often \u201cautocorrects\u201d what it sees, assuming it says \u201cMarriott\u201d.<\/p>\nRecent Campaigns Identified<\/strong><\/h2>\n
Marriott International Targeted<\/strong><\/h3>\n
\n
rnarriottinternational.com<\/code>.<\/li>\nrnarriotthotels.com<\/code> to target specific hotel brands.<\/li>\n<\/ul>\nMicrosoft Users Under Fire<\/strong><\/h3>\n
rnicrosoft.com<\/code> to send fake security alerts or invoice notifications.<\/p>\n\n
Indicators of Compromise (IOCs)<\/strong><\/h2>\n
\n\n
\n \nPhishing Domain<\/th>\n Impersonated Service<\/th>\n Typosquatting Technique<\/th>\n Detection Difficulty<\/th>\n<\/tr>\n<\/thead>\n \n rnarriottinternational.com<\/code><\/td>\nMarriott International<\/td>\n \u2018m\u2019 replaced with \u2018rn\u2019<\/td>\n Critical <\/td>\n<\/tr>\n \n rnarriotthotels.com<\/code><\/td>\nMarriott Hotels<\/td>\n \u2018m\u2019 replaced with \u2018rn\u2019<\/td>\n Critical<\/td>\n<\/tr>\n \n rnicrosoft.com<\/code><\/td>\nMicrosoft 365 \/ Login<\/td>\n \u2018m\u2019 replaced with \u2018rn\u2019<\/td>\n High (Mobile)<\/td>\n<\/tr>\n \n micros0ft.com<\/code><\/td>\nMicrosoft<\/td>\n \u2018o\u2019 replaced with \u20180\u2019<\/td>\n Medium<\/td>\n<\/tr>\n \n microsoft-support.com<\/code><\/td>\nMicrosoft Support<\/td>\n Hyphenation \/ Suffix<\/td>\n Low<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n How to Stay Safe<\/strong><\/h2>\n
\n
marriott.com<\/code> or microsoft.com<\/code> yourself.<\/li>\nrnicrosoft.com<\/code> because it recognizes that the domain is different from the real one.<\/li>\n<\/ol>\n