Safe Browsing Check.
SAFE BROWSING CHECK · PHISHING rnybank.com Looks fine. It is one letter from a trap. Some phishing is built to beat a careful eye on purpose. A blocking layer checks the address before the page loads. rnybank.com is an illustrative address, not a real site.

The Phishing You Can’t Spot (and What Catches It Anyway)

By Marta Lane · Updated April 1, 2026 · 5 min read

You have learned the tells. The misspelled greeting. The stranger who insists on gift cards. Regular readers of this site could pick a clumsy scam email out of a lineup, and most of you would.

There is another kind. Some phishing is engineered to give a careful eye nothing to find. The misspelling is gone, the page is a pixel-for-pixel copy of the real one, and in one version you can type the correct address yourself and still land on the fake.

The scale is hard to ignore. In 2025, Americans filed 191,561 complaints about phishing and spoofing with the FBI’s Internet Crime Complaint Center, more than for any other internet crime, and the FTC’s imposter-scam tally for the year passed 1 million reports and $3.5 billion in reported losses. Many of those people knew the warning signs. Four tricks explain much of why knowing wasn’t enough.

1. The fake that outranks the real thing

Search for your bank’s name and the top of the page often shows ads before results. Criminals buy those slots. The FBI warned that these ads appear with “minimum distinction between an advertisement and an actual search result,” and that they lead to pages built to look identical to the real company’s site. All you did was search, and the lie was placed above the truth.

2. The letter your eye corrects for you

Read these two quickly: rn and m. At a glance they are the same shape, and a web address with “rn” where an “m” should be sails past most people. A capital I and a lowercase l are even closer twins, and a 1 can stand in for either. Your brain reads whole words and tidies up the details, which is useful for books and a problem in an address bar. The FBI’s own description of these domains: similar to the real address “but with typos or a misplaced letter.” Built well, a lookalike beats a glance, and a glance is what an address bar usually gets.

Anatomy of a lookalike address One letter pair is doing all the work. Look closely. rnybank.com rn vs m two letters one letter Illustration — not a real browser. 1 · Reads as mybank.com Your brain reads whole words and tidies up the details. 4 · The FBI's description "Typos or a misplaced letter" — its search-ad scam warning. 2 · Really r + n Two letters posing as one, built to beat a glance. 3 · I, l and 1 swap too A capital I, a lowercase l and a 1 can stand in for each. THE MOVE — let a blocking layer read it. Your eye reads words. A blocking layer reads the exact address before the page loads.
rnybank.com and mybank.com are illustrative addresses, not real sites. The FBI’s description of lookalike domains is linked above.

3. The fake you reach by typing the right address

This one is called pharming, and it deserves to be better known. The National Institute of Standards and Technology describes it as using technical means to redirect you to a fake site posing as a real one, by tampering with either the internet’s address-lookup service (DNS) or your own device. In plain words: you type your bank’s address correctly, and the system that is supposed to take you there delivers you to a copy instead.

There is no message to study and no link to hover over. The scam skips the part you were trained to inspect.

4. Too new for anyone’s memory

The Anti-Phishing Working Group, the industry body that tracks this, counted 365,381 unique phishing sites in June 2025 alone, out of 1,130,393 attacks that quarter. A fake site goes up, runs briefly, and is abandoned, often within hours. No one’s memory holds a list that long, and no warning article can keep up with it.

The layer your attention can’t be

Every trick above beats the eye the same way: the page you reach looks right. What gives the fake away is the destination itself: an address one letter off, or a site only hours old that already sits on a known-bad list somewhere.

Checking that is a job for software, and the software is an ordinary, everyday category:

Each of these checks the destination against lists that update constantly — the check a human cannot run at reading speed. The fix for this kind of phishing isn’t sharper eyes. It’s a layer that inspects the address so you don’t have to.

CISA, the federal cybersecurity agency, gives the same advice in one line: take advantage of the anti-phishing features your browser and email already offer.

What to do this week

  1. Open your browser’s security settings and confirm the safe-browsing or fraudulent-site warning is turned on.
  2. Add one reputable blocking layer at the browser level, from a company you can name and look up.
  3. Keep the habits for what eyes can catch: reach your bank by typed address or bookmark, treat sponsored results as ads, and slow down on anything that arrived uninvited.
  4. If a fake page already took a password, change it now, then report at ReportFraud.ftc.gov and ic3.gov. Reports are how bad sites get onto the block lists faster.

The habits this site teaches still earn their keep. Plenty of scams are clumsy, and your eye will keep catching those. The tricks in this piece are the reason your eye should not work alone. I would rather trust a list that updates every few minutes than my own attention at the end of a long day, and I read these pages for a living.

You might also like

Sources: FBI Internet Crime Complaint Center, 2025 Internet Crime Report; FBI, PSA I-122122-PSA on search engine advertisement fraud; FTC, “New trends in reports of imposter scams” (May 2026); NIST, glossary: pharming; APWG, Phishing Activity Trends Report, Q2 2025; Google, Safe Browsing; CISA, Avoiding Social Engineering and Phishing Attacks.