Hackers Are Stealing Microsoft Account Passwords With This Trick

How closely do you examine the URL of websites or the address of emails that get sent your way? A scam involving making these addresses look legitimate targets victims who believe they are interacting with Microsoft when they actually are not. It's called typosquatting, and it can be extremely difficult to detect.

Typosquatting is when cybercriminals will register website domains or email addresses under misspellings meant to mimic Microsoft or any other company they want to impersonate. For example, they could register a domain as "rnicrosoft.com," replacing the letter m with the letters r and n together so you don't automatically notice something is wrong. This targets people who accidentally misspell the word Microsoft in their search engine, or who click on the wrong website by mistake, not realizing anything is misspelled. What could come up is a site deceptively similar to Microsoft's actual website or other services. Victims then are at risk of entering usernames, passwords and other sensitive information into the site for cybercriminals to steal.

Unfortunately, it's an easy trick to fall victim to. The good news is that there are some things you can do to protect yourself. Microsoft itself urges users to delete passwords and opt for its more secure passkey option instead. If that doesn't appeal to you, though, there are other ways to stay safe when browsing the internet.

It's important to always take security measures and precautions when using your computer, even if you think you are interacting with something trusted. Microsoft has even warned Windows 11 users about its own AI feature that has the potential to install viruses. However, scams aren't so easy to spot, and the Microsoft typosquatting scam has been around for a while.

The typosquatting scams "rnicrosoft.com" and "noreply@rnicrosoft.com" have persisted to be a problem online for multiple years. The domain was originally registered out of South Korea in 2012, with a purpose to get Microsoft account users to enter their passwords and other sensitive information.

This Microsoft scam preys on victims in a few different ways. First, it counts on victims clicking on the wrong website without double-checking how it is spelled. Second, it relies on emailing out urgent messages, such as saying your account has been hacked and that you need to reset your password. These aim to instill a sense of panic and force victims to respond without due diligence. Finally, it also relies on the trusted appearance and reputation of Microsoft by mimicking its logo, brand colors, and even website layout to make you think you have visited something legitimate.

One primary way to protect yourself is to save commonly used websites, especially ones that have you log in or contain otherwise sensitive information. Your Microsoft account, your bank, or websites you shop at should be saved under your bookmarks. That way you never run the risk of clicking the wrong website through a search engine.

Don't automatically trust emails that ask you to verify or change personal information. It's worth taking the time to reach out to Microsoft either through its website or by talking to a customer service agent on the phone to verify the information emailed to you. Don't respond to emails that seem suspicious, and always read the address closely to check for typos.

Keep yourself secure by choosing strong passwords — avoiding our list of the worst passwords of 2025 — to further protect your Microsoft account. Don't click on suspicious attachments or respond to unusual messages, even through social media or text. If you think you've been the victim of a typosquatting scam, contact Microsoft to let it know about the security risk. If you think your banking information has also been put at risk, contact your bank so they can take precautions on your behalf. With some preparedness and careful evaluation of where you go online, you can keep your Microsoft password safe.