“`html
A complex “homoglyph” phishing scheme aimed at patrons of Marriott International and Microsoft. Cybercriminals are registering domains that substitute the letter “m” with the pairing “rn” (r + n), generating counterfeit websites that appear remarkably similar to the legitimate ones.
This method, referred to as typosquatting or a homoglyph assault, takes advantage of how contemporary fonts render text. In numerous fonts, the characters “r” and “n” positioned adjacent (rn) look visually indistinguishable from the letter “m” (m).
Malefactors depend on this visual deception to evade your mind’s capacity to identify mistakes. When you quickly scan a URL like rnarriottinternational.com, your brain often “autocorrects” its interpretation, presuming it says “Marriott”.
Recent Campaigns Detected
Marriott International Targeted
The cybersecurity organization Netcraft recently detected a set of nefarious domains attempting to mimic the hotel behemoth. These domains are probably employed to capture loyalty account credentials or personal guest information.
- The main domain noted is
rnarriottinternational.com. - Criminals have also registered variations such as
rnarriotthotels.comto target specific hotel labels.
Microsoft Users Under Siege
Harley Sugarman, CEO of the cybersecurity firm Anagram, drew attention to a comparable campaign aimed at Microsoft users. Phishing emails in this operation utilize the domain rnicrosoft.com to dispatch fraudulent security alerts or billing notifications.
- These communications replicate the authentic Microsoft emblem, tone, and design.
- The assault is particularly hazardous on mobile devices, where compact screens render the “rn” versus “m” distinction nearly impossible to detect.
Indicators of Compromise (IOCs)
The domains listed below have been marked as malicious. Security teams should block these immediately, and users should be cautious of any links directing to them.
| Phishing Domain | Impersonated Service | Typosquatting Technique | Detection Difficulty |
|---|---|---|---|
rnarriottinternational.com |
Marriott International | ‘m’ substituted with ‘rn’ | Critical |
rnarriotthotels.com |
Marriott Hotels | ‘m’ substituted with ‘rn’ | Critical |
rnicrosoft.com |
Microsoft 365 / Login | ‘m’ substituted with ‘rn’ | High (Mobile) |
micros0ft.com |
Microsoft | ‘o’ substituted with ‘0’ | Medium |
microsoft-support.com |
Microsoft Support | Hyphenation / Suffix | Low |
How to Remain Secure
- Expand the Sender Address: On mobile email applications, tap the sender’s name to display the complete email address. Inspect closely for the “rn” deception.
- Hover Before You Click: On a computer, position your mouse pointer over links without clicking to view the actual destination URL.
- Manual Entry: If you receive an urgent email regarding a hotel reservation or account reset, avoid clicking the link. Open a browser and enter
marriott.comormicrosoft.comyourself. - Utilize Password Managers: A password manager will not auto-fill your credentials on a false site like
rnicrosoft.comas it recognizes that the domain differs from the authentic one.
“`