Uses rn=m, 0=o character substitution to mimic microsoft.com. Targets Office 365 login credentials. Report suspicious activity to OziShield for free forensic analysis.
Latest variant: micr0soft.com (detected 3 weeks ago)
Distribution of deception techniques used in this campaign:
Detection distribution by location:
Example domains detected in this campaign:
Latest variants detected by OziShield:
Look for "rn" instead of "m", zero "0" instead of letter "o". Always check the address bar carefully.
Do not enter credentials. Navigate directly to microsoft.com or office.com. Report to your IT team.
If you've encountered this threat, report it to:
Found a suspicious link? Check if it's part of this or another threat campaign.
Scan Link Free ?