Smoogy
nixCraft 🐧Someone is going to fall for crap like this
Freevolt@nixCraft If somebody opens a business with a name "rnicrosoft," would it be the copyright infringement?
Evelyn Estelle@freevolt24 @nixCraft No, it would be trademark infringement.
fabiosantoscode
DNA schedule@fabiosantoscode @dragonfi @freevolt24 @nixCraft thank you I desperately needed to see this in the thread
Norbi📷🚴♀️💻@dragonfi @freevolt24 @nixCraft what about mircosoft.com?
I once was surprised by a shirt in the (then) official green colour with "Pozilei" instead of the correct spelling "Polizei" (german for Police).
I once was surprised by a shirt in the (then) official green colour with "Pozilei" instead of the correct spelling "Polizei" (german for Police).
Luna / Miika ☭ 
(need more cuddles)@nixCraft @freevolt24 With that logo on the screenshot, pretty much yes xD
Osvaldo@freevolt24 @nixCraft Probably trademark infrigement. Copyright, no. Copyright protects artistic expressions and a word is not copyrightable.
schuelermine@freevolt24 @nixCraft No. The writer of email cannot be liable for copyright infringement, because the text "microsoft" and probably the text "rnicrosoft" cannot be protected by copyright. You might be thinking of trademark infringement? I don't know if it would be trademark infringement, but I imagine it probably would be.
France Jor☝️
@nixCraft Everybody hates the RN.
FL | エフル
C-rich
yetzt@nixCraft one day they will introduce .corn as a new tld and then we’re doomed.
Gregly
root42@nixCraft keming
Andy H
Tim Chasesawy keming involves rnoving letters cbser together or increasing the vvhitespace between them. 😉
Sir Anders@nixCraft i did once, but as always I'm letting curl decide if links are legit or not
U.Lancier@nixCraft unter anderem deswegen stelle ich, wo immer möglich, als erstes die Systemschrift auf #AtkinsonHyperlegible um.
https://www.brailleinstitute.org/freefont/
Nervt mich barbarisch, dass Android das nicht erlaubt.
https://www.brailleinstitute.org/freefont/
Nervt mich barbarisch, dass Android das nicht erlaubt.
Stefan 'lerothas' D. 
@Ulan_KA
Interessant. Die Schrift muss ich mir mal anschauen.
Bisher habe ich auf ABeeZee gesetzt. Ist etwas runder, aber auch gut identifizierbare Zeichen. V.a. l und I sind unterscheidbar.
proedie
@Ulan_KA @nixCraft No, it’s the webdesign. The ® symbol is in the font and it’s on the base line. (As it should be.) Whoever designed the page deliberetly moved it up a notch. This works well in the text, but not in the headings. They even seem to have noticed that, because they don’t raise it in the title heading.
@nixCraft Why didn’t I think of that?! Not for scam, but that would have been a cool email address!
Dr. David McBride (dwm)@nixCraft I want to dub this a "Keming" homoglyph attack.
Royaldemon98@nixCraft its clever
Okerampa@nixCraft rnicrosoft winclows
ꙮ 𝄃𝄁𝄂𝄀𝄀𝄁𝄃🇫🇯🇱🇨🇱🇧
James Henstridge@nixCraft I know they won't let you register corn.au in Australia. I would hope ICANN would reject an attempt to create a corn toplevel domain.
Kévin ⏚You’d hope but the amount of money they can get from a new gTLD is enough to make them not care.
The .zip gTLD being a great example
synlogic4242@nixCraft when fonts matter a ton
Walrus 🏴These things should only ever display in a monospaced font, then at least we'd have a chance.
Fossveil 🇷🇺@nixCraft Wow, this looks pretty real
@nixCraft rnicrosoft.corn
@nixCraft Think of old people or just general people that have not perfect sight and does not know much of tech.
If a fake call gets it this will do too.
If a fake call gets it this will do too.
Pascal Leinert@nixCraft Domain registrars should have a blacklist of similar sounding domain names.
Craig Shepherd@nixCraft Insufficient kerning strikes again.
IceQbe 
@nixCraft Everyone here is thinking about 'complex' ways to fool users with similar looking domains, when I see users open mails and click links without paying any attention to the domain.
How do I know? I create and run (on a small scale) phishing trainings and I see the results.
About half of regular people don't care enough about security or privacy to pay attention. And if it's their work account some even pay less attention.
And those who care are distracted by life in general or by the huge workloads they try to manage.
Part of the solution is the use of password vaults with autofill based on domain names. If the password doesn't autofill, it's a sign to wake up.
@iceqbe I believe if you turn on high security/enhanced protection option in Chrome (yeah, I know), Chrome warns about such domain names and in some cases block those domains with a big red background warning with no way to bypass it. https://support.google.com/chrome/answer/9890866?hl=en&co=GENIE.Platform%3DDesktop&oco=0
Sparky@nixCraft I once did an "attack simulation" for my previous employer, where I did exactly that, just with the .com part (resulting in companyname.corn).
60% fell for it IIRC.
Pablo Majster 
vlakicas@nixCraft It has been always for a long time.
Marcy@nixCraft obvious since michelsoft already has your data. they dont need to ask you for it :3c /j
Rodrigo DiasAlways check the sender's address carefully. That's the first giveaway.
Philippa Cowderoy@nixCraft there's a solution for keming-based attacks too: use a monospace font
Natsura 
@nixCraft yeah... i have always hated how much r and n when put close together look like a m xD Always something that bothers me when I read from time-to-time.
Resuna
zetabeta@nixCraft
something need to be done for fonts in case of "rn".
monospace helps though.
FennixI know people who habitually open up an LLM on their phone, snap a pic of email info, and ask it if it's legit.
Fubaroque
sparseMatrix@nixCraft I fell for it just looking at the thumbnail
sdbbp
Ɩƚ@nixCraft Ugh. I had to explain to an older doctor friend about not trusting emails that look legit. They are getting a little too sneaky with this stuff. 🤦
crispy branzino ☭ (sold out forever)@nixCraft someone with bifocals.
Anja@nixCraft Damn, that is cleverly evil.