"If the bad actor does his job well, a significant number of users mistype the intended domain in the expected way, and those unfortunate enough to hit “Enter” will unintentionally head down a dark road on the web," Endgame explains. "In some cases, effects can be relatively mild, such as: the user is redirected to objectionable material; the user is presented items for purchase from storefronts of questionable repute; or the user sees content that unfavorably portrays the intended brand or site. Effects can also be much worse. The malicious actor can spoof a real site to harvest login credentials, place backdoors on a system, install ransomware, or really anything else of his choosing."
Basically, the attackers bet on unsuspecting users landing on the pages they're redirected to and falling for the trap, like agreeing to download software from phony "Flash Updater" pop-ups that turns out to actually be malware. The malicious practice, which security experts refer to as "typosquatting," is nothing new, having previously been seen with other top-level domains like .co and techniques involving other common typos like "googgle.com," "googlw.com," and "googel.com," according to Endgame. Sounds like something out of a "Mr. Robot" episode, but unfortunately, it's real life.