So Many People Are Falling For ‘Domain Spoofing.’ Here’s What It Is — And How To Protect Yourself.

As technology improves and AI becomes less robotic and more “human-like,” it’s becoming harder to spot online scams that aim to steal your data or your money. And a recent viral post on X highlighted a common email scam that experts told HuffPost many people fall for, whether they’re tech savvy or not.

In the post, a user shared a photo of an email they received from a seemingly legitimate source: Microsoft. But when you look closely at the email address, you’ll notice that the “m” in Microsoft is actually “rn,” which looks a lot like an “m” on smaller screens and to those not paying close attention.

This type of scam is known as domain spoofing and is “one of the oldest tricks in the book,” said Alex Hamerstone, the advisory solutions director at TrustedSec, an ethical hacking company.

There are two basic ways that bad actors conduct this kind of scam. “One is creating the fake websites that have a similar-looking name, and then the other is using [the fake website] to send emails,” Hamerstone said.

“What these threat actors are preying on is the fact that you will just do a quick glimpse of this and not necessarily look into it any deeper,” said Jacob Aurand, the counterintelligence manager at Binary Defense, a cybersecurity company. Think about it: Most of us don’t dissect the email address when we get a message from a big company like Microsoft.