Cybersecurity analysts are warning people and businesses to be on high alert after criminals began impersonating Microsoft using a subtle but highly effective trick — replacing the letter “m” with the combination “rn” in website addresses and email domains.
At a glance, micrnsoft.com looks almost identical to microsoft.com, particularly on smartphones, where most South Africans read their emails.
Scammers are exploiting that split-second visual confusion to launch targeted phishing attacks against individuals and businesses.

Local cybersecurity firms report a rise in phishing emails appearing to come from Microsoft services such as Outlook, Office 365, Teams and SharePoint. These emails often claim:
- your password is expiring
- unusual login activity was detected
- a document is waiting for approval
- account security requires immediate action
Victims are then instructed to click a link, sign in, or change their password, unknowingly handing over full account access to cybercriminals.
Once inside, attackers can monitor emails, reset passwords, intercept invoices, alter banking details, or continue phishing from within the compromised account.
Furthermore, South Africa remains a prime global target for phishing, largely due to heavy reliance on email for banking, business communication and document exchange. The success of this Microsoft impersonation campaign comes down to five factors:
- The domain looks legitimate at a glance
- Most users don’t double-check URLs before clicking
- The emails mimic real Microsoft formatting and tone
- Mobile screens hide subtle differences
- Microsoft is widely trusted across SA businesses
And because the fake domains often have valid SSL certificates (the padlock icon), many victims assume they’re safe.
But, as noted, businesses face the biggest risk
Once criminals gain access to a company’s Microsoft account, they can:
- hijack email conversations
- change payment details on invoices
- request urgent EFTs from finance teams
- access internal documents, contracts and personal information
- launch further phishing attacks from a legitimate inbox
This not only threatens financial loss, but also POPIA compliance, reputational damage and operational disruption.
So, what should South Africans do such an email is received?
Cybersecurity specialists recommend:
✅ Never click links in unsolicited password-reset or security emails
✅ Verify the sender’s domain letter by letter — especially “m”
✅ Access Microsoft accounts by typing the address manually
✅ Enable multi-factor authentication across all devices
✅ Report suspicious emails to your IT or cybersecurity provider
✅ Educate staff — phishing awareness is now business-critical
For businesses, advanced email filtering, domain-spoofing protection and strict access controls are strongly advised.
Scammers deliberately create pressure: “Your account will be locked in 24 minutes”, “Security breach detected”, “Immediate action required.”
If something feels rushed, emotional, or out of character — stop and verify.
South Africans are increasingly cybersecurity aware, but criminals continue evolving faster than most organisations can respond. This latest Microsoft impersonation campaign proves that online fraud doesn’t always rely on sophisticated hacking — sometimes, it only takes two letters.

If you receive a Microsoft-related email asking you to log in, update details or reset a password, slow down, check the domain and verify first. One click could hand criminals the keys to your digital life.
Have you been affect by this? Let us know below.
Do not forget to read, Authorities Close Bogus Ladysmith College Offering Fake PhDs, if you missed it.
FAQs:
It’s a cyberattack where criminals replace the letter “m” in “Microsoft” with the letters “rn” in emails or website addresses. At a quick glance, the fake domain looks legitimate, tricking people into clicking links or entering login details.
Because the letters sit closely together and form a similar shape, especially on mobile screens or when skim-reading email text.
Victims receive emails claiming to come from Microsoft about password resets, account breaches, document approvals or security alerts — urging them to click a link.
Criminals immediately gain access to your Microsoft account, including email, OneDrive, Teams and linked business platforms.
They can intercept invoices, request payments, alter banking details, read confidential emails, steal personal data or continue phishing from your address book.
Yes. Companies using Microsoft 365 are prime targets because attackers can access financial workflows, supplier communication and internal systems.
Read the sender’s domain letter by letter, avoid clicking links, hover over URLs, and verify by logging in manually through microsoft.com.
No. Criminals can also obtain SSL certificates, meaning fake sites may still show the security padlock.
Change your password immediately, enable multi-factor authentication, log out of all devices and report it to your IT or cybersecurity provider.
Implement phishing awareness training, enforce MFA, enable advanced email filtering, block lookalike domains and create clear reporting procedures.
No, it’s global — but South Africans are targeted heavily due to high email usage for banking, invoicing and corporate communication.
Yes. Forward suspicious emails to your IT team or cybersecurity provider so they can block domains and warn others.












One Response
This has happened to me I keep getting notifications that my account is going to be closed if I don’t pay an amount in I was to not open them and just delete it it’s scary