Cybersecurity experts are warning that the latest grift from online scam artists is about as unsophisticated as they can get. Scammers are using a subtle typo to fool people in emails.

Even worse, the scam is targeting customers of two enormous, global companies, Marriott and Microsoft, the latter of which is tied to so many aspects of our lives that getting hold of people’s login credentials to its systems is like striking gold.

Scammers are using a typo to fool people in emails.

The scam is deceptively simple: Crooks are simply swapping the letter “m” for “rn,” which appears shockingly similar to a regular old “m,” especially on our phones.

Design: YourTango

They’re not using the “rn” typo for the actual names of Marriott and Microsoft. That would be way too obvious since the typo only works in lowercase letters. Rather, they’re placing “rn” in the URLs being placed in emails sent to customers to create website links that are incredibly easy to miss, especially on cellphones, where type is smaller and closer together. 

: Not All Of The Scammers We Hate So Much Are Harming Us Out Of Their Own Free Will

The scam is called ‘typosquatting’ or a ‘homoglyph attack,’ and they’re shockingly effective.

Online security blog Cybersecurity News identified a handful of different scams using this method to trick people into clicking on fake links to websites for Marriott Hotels, Marriott International, Microsoft, Microsoft Support, and Microsoft 365.

The websites in the scam use the “rn” typo in place of the “m” in all those products, and, in some cases, replace the “o” in “Microsoft” with a zero or add hyphens to the web address (like “rnarriott-hotels dot com,” for example). All leading to fake websites that spoof things like password resets, security alerts, or send fake invoices.

Dragos Condrea | Getty Images | Canva Pro

It might seem like an easy thing to spot, but in the small print on mobile, it’s all too easy to miss, as our brains tend to bypass this kind of error and perform a sort of mental autocorrect function that assumes the “rn” is actually an “m.”

It’s similar to how most people can identify a word in their own language even if the first and final letters are missing. Our brains draw on context and prior experience to fill in missing information and perform a similar function here.

: A French Woman Scammed Out Of $800,000 By Crooks Claiming To Be Brad Pitt Is Now Being Bullied For Her Gullibility

Experts recommend taking four simple steps to avoid falling for this typo scam:

Especially if you’re viewing emails on your phone, where it is much harder to spot a typo like this, experts suggest taking a few precautions to ensure you don’t get duped into handing your Microsoft 365 credentials and handing your entire life to a scammer.

1. Always expand sender email addresses

When you receive an email that contains your login credentials or anything else that seems suspicious, don’t reply without first checking the sender’s full address. Mobile phone email systems truncate these addresses, but viewing them in full often makes it obvious that they’re fake.

2. On a desktop, hover over the links before clicking

Stock-Asso | Shutterstock

When viewing emails on a desktop, always hover over a URL or email address before clicking it or replying. This will show you, in a little pop-up window, what the actual URL you’ll be routed to is. If it’s different from what the email says, it’s probably a scam.

3. Enter URLs and email addresses manually

A good rule of thumb is to just never click on anything in an email ever, if you can help it. Instead, type these URLs or addresses manually to make absolutely sure you’re going to the right address.

4. Use a password manager

Password managers will not fall for something like the “rn” typo scam because it will register that the URL you’re attempting to enter your password into is not the correct one. So the app will act as a barrier that stops your brain’s “autocorrect” of the error. Be careful out there!

: Career Expert Shares 4 Subtle Signs A Remote Job Opportunity Is A Scam

John Sundholm is a writer, editor, and video personality with 20 years of experience in media and entertainment. He covers culture, mental health, and human interest topics.