(Credit: Gabby Jones/Bloomberg via Getty Images)
Hackers are using a new typo trick to mimic legitimate websites and potentially steal your information and money.
As Cyber Security News reports, malicious actors are using the letters “r” and “n” in lower case and creating fake URLs that look real. When they're next to each other, “rn” looks like the letter “m,” and cybersecurity firms have identified two major brands that hackers have been exploiting using this "rn" trick: Microsoft and Marriott.
Potential victims have been receiving emails from rnarriottinternational.com, rnicrosoft.com, and other similar addresses that claim to be alerting recipients to security alerts, password resets, or invoice notifications. The fake Marriott addresses also reference loyalty accounts or other customer relationship info.
Emails from the fake Microsoft account are a bit more difficult to distinguish, according to the report, since they replicate the company’s logo, tone, and layout rather accurately.
So how do you avoid falling for this trap? If you receive an unsolicited password reset request from Microsoft or a lucrative hotel deal from Marriott, type the website's address manually to log in to your account and verify the communication. Do not click links provided in these emails.
The hacking technique used here is called “typosquatting.” It has been around for quite some time. Last year, some hackers were using it to send fake Instagram login alerts.