Author: Esobit - 11/10/2025 - Article

A regular morning, one click too many

Luca checks his inbox as usual. Among the messages, there’s one marked as urgent:
Subject: Your Microsoft account will be suspended unless you confirm your access.

The sender looks trustworthy — [email protected] — and at first glance, everything seems legitimate. But Luca notices a tiny detail: the domain isn’t microsoft.com but rnicrosoft.com. Those two letters, “r” and “n,” placed side by side, perfectly imitate an “m,” creating a convincing fake designed to steal credentials through a login page identical to the original. This scam, known as typosquatting or more simply a fake domain email, is one of the most deceptive and widespread forms of modern phishing.

What is typosquatting and why is it dangerous

Typosquatting is a form of visual phishing: attackers register web domains that look identical to legitimate ones but contain small variations.

Here are a few examples:

• paypaI.com instead of paypal.com (capital “I” instead of lowercase “l”)
• g00gle.com instead of google.com (zero instead of letter “o”)

• microsoft-support-login.com instead of microsoft.com (added words to appear more “official”)

   

After registering the deceptive domain, cybercriminals send emails that replicate the logo, design, and tone of the real sender almost perfectly; the goal is to trick the victim into clicking and entering their password or card details on a fake login page that appears legitimate but is built solely to steal information.

How to recognize a fake email (before it’s too late)

Learning how to identify a phishing email is the first line of defense against scams and identity theft. These are four must-do checks before trusting a sender:

1. The sender’s address

Always check what comes after the @: if you see mistakes or strange domains (@rnicrosoft.com, @secure-microsoft.co), it’s almost certainly fake.

2. The link in the message

Hover over the link without clicking: if the real address doesn’t match the one displayed, don’t open it.

3. The tone of the email

Be suspicious of messages that create urgency or fear: legitimate companies never ask for sensitive data via email.

4. The HTTPS certificate

The padlock only means the connection is secure, not that the site is authentic: many fake sites also use HTTPS.

What to do if you clicked a suspicious email

If you’ve already entered your credentials or clicked a suspicious link, act immediately: change your password right away and log out of all active sessions from your account panel (Microsoft, Google, or your company portal). Then, check for unauthorized forwarding rules or access and inform your IT administrator or security team for further analysis. Finally, enable two-factor authentication (2FA or MFA) — even if someone has your password, they won’t be able to log in without the second verification step.

How to protect yourself from email scams

Phishing emails with fake domains are increasingly convincing, but good digital habits are enough to protect yourself.

For users:

Always use a password manager that automatically fills in credentials only on legitimate domains, preventing mistakes on fake websites. Access services by typing the address manually in your browser or using saved bookmarks, and avoid clicking on links from emails. Enable two-factor authentication (2FA) on all your accounts to add an extra layer of protection, and never open attachments or links from unexpected messages, even if they look like official company communications.

For companies:

Properly configure DMARC, SPF, and DKIM to prevent fake senders from emailing on your company’s behalf. Enable advanced filters that detect impersonation attempts and block suspicious messages before they reach employees’ inboxes. Continuously monitor your network to identify similar or fraudulent domains registered by third parties and respond promptly. Finally, regularly train employees with short cyber awareness sessions — awareness remains the most effective defense against phishing.

Why it’s so easy to fall for the trap

The most effective phishing attacks don’t rely on technology but on psychology. They exploit habits, brand trust, and fatigue. That’s why even experienced users or entire departments can make mistakes. But the solution isn’t fear — it’s awareness. One extra or missing letter can make all the difference.

Conclusion: a small action that makes a big difference

Luca, the main character of our story, didn’t click. He noticed the suspicious “rn” and reported it to the IT department. The domain was flagged, blocked, and shared with the rest of the team. From one simple visual check came a valuable security lesson for the entire company.

Cybersecurity doesn’t start with firewalls but with the eyes of those who read an email.