NEW YORK, Jan 27: Cybersecurity experts are warning of a new wave of phishing attacks that use subtle visual tricks in website addresses to impersonate trusted brands, making scams harder to detect, especially on smartphones and small screens.

The attacks employ a homoglyph technique, in which letters are placed together to mimic the appearance of another character. For example, combining ‘r’ and ‘n’ to resemble an ‘m’ allows malicious domains to look almost identical to legitimate websites. Researchers have identified fake sites such as rnicrosoft.com posing as Microsoft and Marriott login pages.

These deceptive sites are used to send fraudulent security alerts, invoice notifications, and other messages aimed at stealing users’ login credentials. Compromised accounts can then be exploited for financial fraud, data theft, or unauthorized access to corporate networks.

Experts note that mobile browsing increases the risk, as smaller screens make it difficult for users to detect subtle differences in URLs. They advise directly accessing official apps or manually entering website addresses rather than clicking on links in emails or messages.

Security specialists also recommend using passkeys, strong and unique passwords, multi-factor authentication, and remaining vigilant for domains that visually resemble familiar brands through character substitution.