Cybercriminals Exploit Typo-Squatting to Mimic Microsoft and Steal Credentials
Hackers are using deceptive domains like 'rnicrosoft.com' to impersonate Microsoft, tricking users into revealing login credentials.
Cybercriminals are employing a technique known as typo-squatting to deceive users into divulging their Microsoft login credentials. By substituting the letter 'm' with the combination of 'r' and 'n' in domain names, they create addresses like 'rnicrosoft.com' that closely resemble the legitimate 'microsoft.com'. This method exploits the visual similarity between 'm' and 'rn', especially in certain fonts and on smaller screens, making it challenging for users to detect the difference.
These phishing campaigns often involve emails that mimic Microsoft's official communications, complete with authentic-looking logos and layouts. Recipients are prompted to click on links leading to the fraudulent 'rnicrosoft.com' site, where they are asked to enter their login credentials. Once entered, these credentials are harvested by attackers, potentially granting them unauthorized access to sensitive information.
To combat such threats, password management service 1Password has introduced a new phishing protection feature. This tool compares the URL of a website being accessed with the saved URL in the user's credential vault. If the URLs don't match, 1Password will withhold autofilling credentials and display a warning if a user attempts to paste them manually. This measure is designed to counter phishing techniques like typo-squatting, where hackers use deceptive URLs that resemble legitimate ones to steal login credentials.
Users are advised to remain vigilant by carefully inspecting URLs before entering login information, especially on mobile devices where such deceptive tactics are harder to spot. Enabling two-factor authentication and using reputable password managers can provide additional layers of security against these sophisticated phishing attempts.
Source
ForbesFact-checking
Fact-check the facts of the article using external sources and databases.