A sophisticated
“homoglyph” phishing campaign targeting customers of Marriott International and Microsoft.
Attackers are registering
domains that replace the letter “m” with the combination “rn” (r + n), creating fake websites that look nearly identical to the real ones.
This technique, known as
typosquatting or a homoglyph attack, exploits the way modern fonts display text.
In many fonts, the letters “r” and “n” are placed next to each other (rn) look visually indistinguishable from the letter “m” (m).
Hackers rely on this visual trick to bypass your brain’s ability to spot errors.
When you glance quickly at a URL like rnarriottinternational.com,
your brain often “autocorrects” what it sees, assuming it says “Marriott”.
How to Stay Safe
- Expand the Sender Address: On mobile email apps, tap the sender’s name to reveal the full email address. Look closely for the “rn” trick.
- Hover Before You Click: On a computer, hover your mouse cursor over links without clicking to see the actual destination URL.
- Manual Entry: If you receive an urgent email about a hotel booking or account reset, do not click the link. Open a browser and type marriott.com or microsoft.com yourself.
- Use Password Managers: A password manager will not auto-fill your credentials on a fake site like rnicrosoft.com because it recognizes that the domain is different from the real one.
A sophisticated "homoglyph" phishing campaign targeting customers of Marriott International and Microsoft. Attackers are registering domains that replace the letter "m" with the combination "rn" (r + n), creating fake websites that look nearly identical to the real ones.
cybersecuritynews.com
