Bitcoin Forum

Those who don't have good eyes can become a victim of this type of phising scam. I saw this of someone complaining that he receive a phising scam email of password reset from Microsoft.

https://talkimg.com/images/2025/11/01/U6unHj.jpeg

If you look at this image, you can tell that this person received an email and it's looking so real, it came from noreply@rnicrosoft.com when the real mail is supposed to be noreply@microsoft.com

The difference between the two domain is rn and m, the letter r and n letter are arranged together to look like letter m, if you don't pay attention to this kind of scam, you can be their victim.

It's a very old scam method which can easily scam people who are careless and have their hands on computer or mobile devices faster than their brain working speed.

It's essential to learn about scam, not only this punny code attack type, as by learning, you can prevent falling to many scam traps.

Punycode Phishing attacks - how to stay safe - Spoofed URLs and fake websites! (https://bitcointalk.org/index.php?topic=5184169.0)
Punny code attacks. (https://www.jamf.com/blog/punycode-attacks/)
IDN Homograph attacks. (https://en.wikipedia.org/wiki/IDN_homograph_attack)

One key way to prevent this is to not have your email exposed. You should ideally have a throwaway email which you use for random online activities which should not be on a device where you have your wallets and should not be connected to any 'important' account like your exchange or Microsoft account in this case.

You should also never click on unsolicited emails. If you did not initiate a password reset, ignore the email.

Hah, I haven't see this trick before, substituting "m" with "rn". And with my shitty eyes, I probably wouldn't even see the difference. Then again, I am very careful and suspicous of all links and tend not to press anything.


You don't necessarily have to be careless to fall for a scam. All it takes is a second of not being fully focused or your attention being someplace else (like a crying child or nagging wife) and your money is gone.

It is a popular scam type but still catches people unaware. Not long ago, many phishing links and domains were reported impersonating an exchange, scam move like this will not end, everyone has to become acquainted on how they operates and ways to avoid.

A simple step to overhead this phishing attack, is to avoid opening links received through Gmail, after reading, return to the actual website from your main browser, either from where it is bookmarked or using the appropriate domain search, the similarity between rn and m may not be too obvious to detect and in similar case.

I Saw Microsoft :'( . I only noticed it was rn when I saw you added text.
The only saving grace for me would be the fact I don't click links in mails.
But it's a really smart strategy and would work well if they individual isn't well focused.
Phishing still remains one of the most known scam and still very much effective. 

I know but mostly it's because of carelessness or lack of knowledge.

About mistake made by accident, it's possible, but it raises reason of never put all eggs in one bag. With Bitcoin and cryptocurrency, it's never put all your cryptocurrencies into one wallet, and don't store all wallets in one device.

There are warnings about risk, there are recommendations on principles to follow, and if people can do it, they can minimize risk.

They are just not giving up on scammers, and sending phishing links to their victims is on the rise. Personally, unless I request something, anytime I see such mail, I just treat it as a scam.


If the phishing mail comes at the same time as when I'm trying to reset my password to the said site with just that difference, I'm certain that I'm going to fall for it before I realize it will be too late because it's very identical; it will only take someone who is already suspicious of something to figure it out. These scammers are getting smarter in preparing phishing links.

By wondering and holding on for a minute to ask why there are two links after you requested is the only way the person might not fall for them because you will definitely see some differences in them but it will actually be too easy to fall because you will just conclude that everything that comes at that time is from the main sites, perhaps the timing of when somebody is trying to reset there password is what those scammers will not be aware of if not there would have been much victim, this conversation has even upgraded my mindset on this in case it happens to me so that I wouldn't be too rush to open any of the links till I'm sure.

Trust me when I say I had to check the image at least five times before noticing the “rn”..this is new to me  ;D . I’m very sure many people will fall for this trick and it can be hard to detect that it is not really from an official site unless the template gives it away.
Personally,I don’t click on buttons with embedded URLs in my emails if I am required to. What I normally do is copy the embedded URL directly to check if nothing is wrong with it and that it is  actually from the right source. When confirm , then i paste it into my browser directly..

Genius!!!  8) Damn it's really true that scammers are one of the smartest people on earth but chose the wrong career. I couldn't differentiate 'm' from 'rn' that shit is too smooth to be noticed real quick but, living by the rule of being skeptical about everything, that only saves you from things like this, some thread which I can't remember says treat everything suspiciously untill it's verified not to be harmful.
I've never seen one like this even though I know about punnycode attacks.

This kind of scam is usually very tricky because if you are not very focused or carefully reading every word one after another, it will be difficult to spot such error. I first saw the awareness video of this kind of scam on YouTube and they gave an example of some set of individuals that scam the government a huge amount because the scammer used this pattern to rearrange the name of the email address to bear the name of the original government official's email and he convinced the accounts to send money to the account he wanted. If I receive this kind of sensitive mails, I take my time to carefully read it before I engage.

Recently I have seen somewhere about this scamming method. I have to say the scammer is very talented; otherwise, how would this idea come to his mind? To be honest, this email could even confuse me; I'm really afraid. Through this, even scammers would take control of your device, and if you are a crypto user, then it's very harmful for you. The characters combination is quite tricky, and it's hard to understand whether it's real or phishing.

For me, first I will think, 'Have I requested a password reset or not?' Though not from Microsoft, I had received such mail but never clicked because I hadn't requested a password reset. You could receive such mails from the original website, you need to make sure you have requested this. For example, if someone knows your email, he could try to hack it through password reset. But definitely you would get a notification; if you didn't attempt a reset, then you have to ignore it. It doesn't matter if the sender is legit if you haven't attempted it.

This and the Turkish 'i' are the scariest phishing attempts.  Even I who is extremely paranoid in general sometimes forget to check if I am on the exact website I need to be on.  Because who in the world thinks about checking whether there is a space in the letter 'm' because some body bought a domain that looks almost IDENTICAL.

One of the ways you can avoid this is by typing the Web address by your self.  A lot of people rely on Google search results and that can end up in a really bad and significant loss.  Or add your legitimate favorite Addresses to the Favorites and every time you enter the legitimate website, one of the confirmations will be that the star will be colored or filled.

And last but not least.  Always think and check at least twice before doing any thing.  And use your common sense because I am sure you have it.

If you noticed an email especially the ones that you didn't do like the one you provided is to not take mind of it or ignore it before deleting the email especially like this one a password reset. Even when I am accessing a website is I type it myself rather than selecting on the address bar or clicking on search results which could also made you choose the clone of the original. As you have pointed out that they really did find ways to make it look like the original.

I am just seeing this type of trick for the first time. Even after I looked up to the picture I didn’t know it was a wrong email address not until I read through your explanation after the post. This needs you to be very watchful and more vigilant when looking at such mails. The two words “r and n” when combined and written together looks like “m”. If you’re the type that your font size is very small, you won’t get to notice it at all.

I've never seen a scam like this. Scammers are indeed creative bastards. As a result of the eye-opener, I had to look at other letters that can be exploited, and I just discovered the "w" can be replaced with a double "vv" to deceive someone. Though it's not as convincing as the one OP posted, but I believe some persons might fall for it too.

Its not just the font size.  Some characters look so similar, you cant tell them apart.  Like, a capital "I" and a lowercase "l" can look the same in many fonts, especially when you are just glancing at them.

That trick where "r" and "n" get squished together to look like an "m" is a common typographical attack.  They use tiny visual tricks to make you auto-correct the address in your head.  Another trick is swapping a normal letter for a letter from another alphabet that looks exactly the same - like using Cyrillic instead of regular Latin.  You cant even see the difference unless you look at the source code.

This is an old trick, but created by smart ass and conning online bad actors. Besides, anyone can acknowledge that email as a genuine one from Microsoft, and only those who understand the model of operation of the organization won't fall victim to this phishing scam

Agreed, but the best thing is to also familiarize ourselves with how the phishing attackers operate and also familiarize ourselves with the model of operation of the platform we use because there's no reputable platform that should be trusted not to sell their users emails for promotional purposes, and if these emails get into the hands of some bad actors, they will always use it for their shady activities.

This image has been flying online for long time now but it's good you brought it here to create more awareness. This trick is an old one but I won't be surprised if people still fall for scam like this due to carelessness. Scammers have been impersonating genuine websites, organisations and even individuals using a very similar domain, username and other means of identification but I don't think they'll succeed when people are being vigilant and pay attention to every details. First thing to consider here, did you request for password reset in the first place? How many emails do you receive regarding this? I know the original site will definitely send you a mail too if you request for password reset. Compare the two emails (from original source and from the scammers) difference should be noticeable unless you don't observe thoroughly.

What I do to avoid this kind of email tricks is if not this is a targeted email trying to look it's coming from official company, my Microsoft email account, I have never use it online before and not just the Microsoft. Any email that is very important to sensitive things, such as bank account, exchange accounts. I don't repeat such email to create accounts on random website. I have also disable market mails from these exchanges. In fact I don't want email from anyone unless I request for something.

It's better to be safe than sorry for things that are not worth it. Emails that are not known can't be spam and hence there is little chance if it been phish by scammers.

https://i.ibb.co.com/SwTc3hgC/scammersss.png (https://ibb.co.com/7tcQ1wDm)

I also received a similar scam email. The scammer pretended to be from OpenSea, and told me about an offer on my NFT, but it was all a lie. Scammers always have a way to trick their potential victims, and they often exploit various loopholes, including the case as you shared, they tried to exploit someone carelessness. Therefore, we should always be skeptical of the information we receive, do verify the truth, especially information that catches our attention, because most of it is a scam. We should avoid them, and never click on the links they provide in these emails.

By the way, I often receive scam emails to my everyday email address, but my rarely used emails, or those I use only for work, usually don't have any suspicious messages in my inbox. So, I think we need to differentiate between everyday emails and important emails. It will be beneficial for us to avoid risks. Cmiiw.

I have double check to know the difference, this is something someone can easily take serious without noticing the difference in the domain because of how similar the two domains are. Scammers are very smart, they do everything to get you if you are being careless and the main cause of all these phishing links is exposing our mails publicly.

I have made it in my mind that any email I revived apart from my workplace or this forum or maybe something I registered with and expecting their feedback through emails; I take any email as a phishing email and a scam mail, and I have been fine with it and I am always careful and will be more careful because privacy is very important.

Some of these platforms are not even selling off their user data but rather it is sometimes gotten through this same phishing scams, they usually get to the developers or cybersecurity guys of this platforms to get their information, I think you will most definitely have seen many of this platforms actually warning against such messages and that it shouldn’t be responded to. For me I usually just go to verified social media handles of this platforms to see updates there but even this is never enough because the social media accounts can easily be also hacked.

My take has Always been to never relay on hot storage means for one’s wallet because no matter how careful one can be it is usually very risky as phishing scams are always evolving and you can never be too careful about it. I can still remember top individuals with sufficient knowledge falling for this scams.

Well, disabled or not ,multiple  emails or single ,the damage is same, just that using multiple emails for different use-cases might actually save you from leaking those emails to attackers and it’s generally a good idea..
You can disable  subscriptions to newsletter and other updates but still, the company can still send an email to your account any time they want for some important updates/announcements that might affect your account somehow , logins(attempts / password reset) and general communications to all users so far they have the email you  used for registration.
From your post the attempt was a tricky one..let’s say a leakage that gave your address out somehow,then attackers could use that to send a template that could be so convincing and then the whole process of phishing begins..
So always verify, even when you follow such procedures.

Actually, it's not a new trick at all, they're just keep getting more and more "advanced" and "sophisticated" as time passes by. I've actually received a handful of similar emails in the past, using different letters to appear that they're the legitimate platform/provider. People may not notice it in the first place, a large number of them also appear legitimate in terms of landing page, the content of the email etc.. It's honestly no surprise. The "rn" in this case is extremely realistic and clever actually.

True this might be an old scam but it still takes people unawares and sincerely speaking, this is my first time hearing about this type of scam. And it only takes a slight mistake to fall for it. I have read here members talking about it to be an old tricks but the truth is that there are still people out there like myself who haven't heard about it and seeing it here have enlightened them about it just like me and I will appreciate OP for putting this up because of I didn't have seen it, I would not have been aware of it. May who knows if I might likely fall victim of it tomorrow making me to learn the hard way. Thanks to OP for taking his time in putting up this thread for us to see. It is worth it.

That's genius and witty but outside that fun, there could be people that might be victimized by that scam. I remember that I've seen it here from the forum when some newbie account tried to made the same name as 'theyrnos'. Correct me if I am wrong if that's the name but it's not that relevant at all. These scammers are getting wittier from time to time just to take people's money out of their pockets.

Nowadays, scammers are using every way that they can think or come up just to lure these ignorant and newbies.

TBH, if I have a poor eyesight, I will not see it as well. Luckily, I learned to double check or triple check everything whenever I look at something from emails, to official websites, to any links that I'm going. Unfortunately though, not all are like me. There are some who have poor eyesight hence, they will fall easily to these types of scams. There are some who are rushing things and will just click whatever link that they see without any hesitation.

Scammers are evolving, and I know that this way of scamming people has been used by them for a long time already, but they're using it still because it's effective. Scammers are upgrading every single day, so the best thing that we can do as investors is to equip ourselves with much knowledge that we need in order to not fall to them. :) Thanks OP.

I must confess, the only way I will fall for this is because I did not request a password reset. If I requested a password reset, I doubt I would have noticed that it's an "rm" instead of an "m", and I am pretty careful to an extent. I know and am careful about identical domain names, like the ones that use things like "netfilx.com" instead of "netflix.com". I know how to spot these immediately because I look at the domain name well, but something like rm instead of m is not something I saw coming.
A new fear has been unlocked; now I have to look at the mails I receive more carefully.


What I do is, if it's a website I'm not sure of, I just search the company name on Google and look for the official website. Tips for this are to avoid the "sponsored results" because that's where a lot of the scam sites and lookalike domains are

How can you be sure that some of the platforms are not selling their users data?
When we both know that among every good egg there will always be a bad egg. Aside from that, every centralized platform shouldn't be trusted unless we're talking about something decentralized and secure with blockchain.

Yes, they always do, but that doesn't mean they are totally innocent about the cause of the issue.

This is why I said we need to familiarize ourselves with how the phishing attacker operates and the model used by the platform we are using to pass information across their users, because no matter the knowledge we acquire, no one is totally safe when it comes to online activities, but understanding how the platform operates could help.

This is very obsolete and funny, I've seen many of these emails in the past and still sometimes some codes pop up on my SMS notification requesting I use them when I never requested them. It is obvious that getting a service prompt which you never requested is a scam and for me I do not even bother opening them, I just clear it from my notification window and do nothing, you can only get hacked when you act on them and it is pure ignorance or stupidity to act on prompts you never requested.

This is an old famous scamming technique also known as homograph attack. Man, to be honest, things like punycode should totally be illegal (through it is not). I almost fell for it, with it my degrading eyesight. Not everyone checks the links they visit thoroughly. Though I have no idea how these things are regulated, I wanna know, does browsers comes with build in protection for this? And what about the domain registrars? Does they block similar looking or lookalike domain?

These scammer guys are becoming more crooked and clever but simple with their formats.  Simple in the sense they try to only swap similar looking letters like rn for m or vv for w to make a fake link look very real to you so if you are someone who rush into accessing links without doing a proper check of the link especially when you notice it is carrying an information which sounds too sweet rather than normal then I will recommend you to always check the URL slowly before taking any further steps if possible before you even go ahead to visit the website in the first place. Also if your email asks for a password reset you did not request try and always ignore it and go straight to the official site by typing the address or using a saved bookmark. Some of the things I have done recently is to enable two factor authentication and to also use a password manager. Then I have also been trying to register important accounts with emails I do not reuse everywhere

If you use Hotmail or Out look you will notice that if you get a legit email from Microsoft it will have a verification stamp and you will know if its from the right source or not. I think this should be done more often and would prevent scams like this.

Yes looking at the image, if you glance at it at first you can easily be fooled. Its only until you take a closer look you can see that its not the real microsoft domain. If someone opens 100 emails a day or they are tired they can easily be fooled. So far I don't believe I ever received any of these fake emails but its good that it was brought up.

I have heard of scams like this where scammers create a site that looks similar to a legit site in the eyes but the letters are interchanged but this is my first time of seeing it. It will be difficult to spot a lot of people and many can easily fall the scam if they are not being careful.

On the internet we have to be careful with the kind of links we click on and the people we interact with, any link sent or email received should be verified before acting on it. We just have to be vigilant always and we will be able to safeguard ourselves from such scams.

The best thing to do when we encounter such scam is to never click on them and report such sites, report the emails and delete them immediately.

This is why its so important we know to check, the email header, some people will do ready the name but not the header, they did not know its very important, it might be correct like you will see, google, Microsoft, but once you check the header, its a misspelled email account, and its sometimes a different domain, then some will be shocked and sometimes blame the legit, we have to learn things so that we will not be a victim of this kind of scams, in the internet.

No doubt, a lot of people may likely fall victim to this very scam trick without them identifying this particular site as a fake site they're trying to access. These scammers are  relentless in advancing their scamming tricks in such a way that people will hardly know or be able to differentiate between the real site and the fake one in such a situation like this one, and thanks to bringing this to people's awareness, because those that are usually in haste will definitely not get to notice this when such phishing mails are sent to them.

If you have poor eyesight, you should wear prescription glasses to improve your vision. As you know, one mistake could cost you a lot; you might lose your account or even the assets in your wallet.

The most common tactic used by scammers is phishing emails and fake websites. As OP pointed out, these emails might appear as official messages with letters that look very similar to the real address.. Therefore, careful verification and clear vision can help us avoid them.

Modern browsers have built-in protection against these many attacks and may display a warning to the user. However, the responsibility for verifying websites still lies with the visitor. Domain registrars can also shut down these domains if you send them a report with evidence proving that the site is impersonating or copying the domain of a legitimate company.

I do wear prescribed glasses, but since I'm new and not used to wearing it, I often forget about using them. And I also can't keep them on for long as they start hurting. But I'm trying…

Are you aware of any way I can verify whether an email is legitimate or not?

Recently I have been been getting messages from a CEX about something related to "identity verification process". I guess, it's about KYC verification. But they kept pushing me, stating I have 7 days or something. But what's weird is that I already done my KYC many months or years ago, then why ask again now? And FYI, I rarely or don;t even use that account anymore. Just registered and basically forgot about it. So there is no ground for suspicious that they would want a 2nd verification! Have you ever come across a situation where u were asked for KYC twice (gambling site aside)?

Yeah I just realised it. I copied one of those punycoded 'rn' type link and tried visiting the site and it took me elsewhere and the link also got replaced on its own (it's visible).

woah,, it’s shocking i did not even notice anything at first
it’s easy to fall for this especially if you are on the rush
even if you look closely it’s hard to find something if you don’t know what you are looking for