What is phishing?

Phishing is a type of cyberattack where scammers pose as trusted companies or individuals to steal sensitive information - such as passwords, credit card numbers, or login credentials. These attacks often come through emails, text messages, or fake websites that look legitimate.

The “rnicrosoft” trick

The “rnicrosoft” scam is a perfect example of typosquatting, where attackers register a domain name that looks almost identical to a real one. In this case, scammers used “rnicrosoft.com” (with an “r” and “n” next to each other) instead of “microsoft.com.”

At a quick glance, “rn” can look like “m”, especially in certain fonts - making it easy for victims to fall for the fake site.

Once users click the link - often sent via a convincing email about account security or software updates - they’re taken to a fake Microsoft login page. Entering your details there sends your credentials straight to the scammers.

How to protect yourself

• Double-check URLs before clicking or entering login details. Look carefully for small letter swaps or misspellings
• Enable multi-factor authentication (MFA) to protect your accounts even if passwords are stolen.
• Hover over links in emails to see where they actually lead.
• Report suspicious messages to your IT department or directly to the company being impersonated.

Final thoughts

Phishing scams like the “rnicrosoft” and “grnail.com” domain show how attackers exploit simple human mistakes. A few seconds of caution - especially when opening emails or typing in credentials - can save you from serious trouble.

Stay alert, and always think before you click. Speak to your HBC account manager today to learn how cybersecurity awareness training can make a real difference.